EU’s answer to IoT security fears? Sticky labels

The EU is starting to take IoT security much more seriously, as devices are being hacked and personal data is being put at risk.

The European Union has suggested that Internet of Things (IoT) manufacturers stick labels on their products to indicate how resistant they are to hacking.

A similar idea is already used to inform buyers of product energy efficiency ratings and the EU Commission is hoping that a similar system will be able to reassure people of IoT security.

A string of recent hacks has shaken confidence in IoT, as thousands of devices, including smart lights, have been hacked and hijacked for use in Distributed Denial-of-Service (DDoS) attacks.

The comments were made at a weekend press conference given by EU deputy commissioner for digital economy and society Thibault Kleiner, who expressed some of the organisation’s fears about the growing IoT revolution.

‘The problem with IoT is it is not enough to look at just one component, you need to look at the network, the cloud. You need a governance framework to get certification,’ Kleiner commented.

The EU is also concerned about the amount of personal information IoT devices collect, which is then placed at risk when hacks take place.

‘It’s not about data as something you monetise, it’s about dignity, something that is personal to an individual,’ Kleiner continued.

‘It’s not about data as something you monetise, it’s about dignity, something that is personal to an individual.’ 

Thibault Kleiner - EU deputy commissioner for digital economy and society 

Despite their being nearly 5.5 million IoT devices currently, a number that is expected to rocket upwards in the next few years, demand for a security standard is only just starting to emerge.

The IoT powered onslaughts are only likely to worsen after the release of the Mirai botnet source code into the public domain. The code contains the necessary information needed to hack into IoT devices and ultilise them for use in Denial-of-Service (DDoS) attacks.

The European Commission believes that labels that guarantee a basic security standard, would encourage manufacturers to work together to ensure an equality of security for the sake of the integrity of the industry.

The EU’s upcoming General Data Protection Regulation will force IoT companies to ensure the data of their users is protected, however an industry wide security standard will be much more difficult due to the wide variety of product types that comprise the IoT.

The EU though is keen to get the ball rolling and is planning to invest €192 million in IoT research to help improve IoT security.

  • Hacking will be dicussed in the IoT Arena at this year's Lux Live. In a unique live demonstration, Ken Munroe of Penetration testing and  security services, the UK’s leading ethical hackers, will conduct live penetration testing to explore the robustness of the systems produced by the industry. You can find out more here. The LuxLive 2016 exhibition will be held in London on Wednesday 23 November and Thursday 24 November 2016. Ken Munroe's talk will take place at 11:00am on Thursday 24th of Novemeber in the IoT Arena.