11 December 2018

IoT Security in the ‘Smart Manufacturing’ world: a new study by ENISA

The European Union Agency for Network and Information Security (ENISA) has published a study reviewing best practices for securing IoT devices within the scope of Smart Manufacturing and Industry 4.0. Kaspersky Lab experts were among the contributors.

This study is another important step towards standardizing security efforts aimed at protecting the industrial internet of things (IIoT). The target audience includes various institutions and agencies responsible for security policies within the EU, as well as vendors and users of IIoT devices. Kaspersky Lab experts participated in the interviews and research seminars which served as the basis for the study.

“The study was organized in a very unusual format,” explains Yekaterina Rudina, senior security analyst at Kaspersky Lab ICS CERT, “first of all, we filled out a questionnaire with multiple questions about the security of the IoT. For instance, we were asked what factors are most important for the security of the IoT, what standards and requirements we consider and utilize when evaluating and auditing security.”

“After we filled out the questionnaire”, continues Yekaterina, “ENISA experts evaluated the responses and conducted a phone interview with respondents from Kaspersky Lab. Together we discussed the role of monitoring technology, how best to organize security assessments in the ‘Smart Manufacturing’ world, and which techniques for threat modelling and secure component development could be and should be used.”

“Finally, we described what we felt was important for the concept of Security by Design: technologies maximally adapted for specific uses, and a secure platform based on a secure OS. These should be used for all components that are most critical from the point of view of potential breaches. I am very pleased that many of these points are reflected in the published report”.

This ENISA study provides definitions for the basic vocabulary of ‘Smart Manufacturing’ and consolidates industry expertise on industrial cybersecurity. The study includes taxonomies for both Industry 4.0 assets and potential security threats for IoT devices. Core protective measures aimed at neutralizing these threats both on the technical and organizational levels are also examined in detail.

The full text of the ENISA Good practices for Security of IoT in the context of Smart Manufacturing report is available on the ENISA website.

“We are happy to participate in a joint effort on preparing solutions for security issues arising from the rapid development of industrial systems. ENISA is an excellent platform for researching solutions for these issues, and so we are sure that this study is an important practical guideline for developers and vendors of industrial IoT devices. The study not only presents security measures against known threats, but is also a significant step towards further investigations,” notes Anastasiya Kazakova, government relations specialist at Kaspersky Lab.

Source: ENISA