Skip to main content

Kaspersky Lab ICS Experts Join Forces with ENISA to Improve IoT Security Recommendations

December 15, 2017

Kaspersky Lab experts are working with the European Union Agency for Network and Information Security (ENISA) and other first-rate panelists from some of the leading market players, to prepare expert advice for the protection of critical infrastructure.

Woburn, MA – December 15, 2017 – To respond to today's growing prevalence of IoT threats and consolidate industry cybersecurity expertise, Kaspersky Lab experts are working with the European Union Agency for Network and Information Security (ENISA) and other first-rate panelists from some of the leading market players, to prepare expert advice for the protection of critical infrastructure.

In November 2017, ENISA published a report "Baseline Security Recommendations for the Internet of Things in the context of critical information infrastructures," with the goal of offering IoT security advice for organizations in Europe by taking into consideration factors such as the complexity of critical assets, and existing cyberthreats and solutions for the protection of systems such as IoT.

Kaspersky Lab, as a member of the ENISA IoT Security Experts Group (IoTSEC), was involved in the creation of the report by providing expert recommendations. Within the report, the agency has issued policy measures for EU institutions, IoT hardware manufactures and software developers.

"Kaspersky Lab has vast expertise in the field of critical infrastructure security," said Andrey Doukhvalov, head of future technologies, chief strategy architect, Kaspersky Lab. "We believe that our contribution to ENISA's IoT security recommendations will help organizations develop more efficient cybersecurity strategies and help policymakers establish highly relevant regulations to face modern cyberthreats."

Kaspersky Lab IoTSEC experts shared their recommendations on two fronts – for EU policymakers and IoT hardware and software developers. In terms of the key security considerations for EU policymakers, Kaspersky Lab experts recommend the following:

  • Focus on sector-specific recommendations, guidelines and certification requirements rather than on holistic approaches.
  • Standardize across the EU and deliver EU-wide IoT terminology and taxonomy for international cybersecurity standards.
  • Cooperate actively with the industry and involve the private sector in policymaking by using existing industrial associations and groups such as AIOTI.
  • Establish a layered defense system against cybersecurity threats as this is very important for IoT devices.

For those who work directly with IoT systems, Kaspersky Lab experts advise that the following steps be taken to improve security:

  • Ensure that all employees have up to date knowledge and skills in cybersecurity and that they are constantly tested.
  • Ensure data interoperability with a reliable and automatic patching system. IoT hardware manufacturers and software developers need to adopt cyber supply chain risk management policies and communicate cybersecurity requirements to their suppliers and partners.
  • Conduct a code review during the implementation process to reduce the number of bugs in the final version of a product, while also identifying any malware input or authentication bypass attempts.

The full list of advice for the protection of IoT critical infrastructures can be found in the ENISA report here. To learn more about Kaspersky Lab's Industrial Cybersecurity expertise, please visit: https://ics.kaspersky.com/.

About ENISA

The European Union Agency for Network and Information Security (ENISA) is a center of expertise for cybersecurity in Europe. The Agency is located in Greece with its seat in Heraklion Crete and an operational office in Athens. The Agency works closely together with Members States and private sector to deliver advice and solutions. This includes, the pan-European Cyber Security Exercises, the development of National Cyber Security Strategies, CSIRTs cooperation and capacity building, but also studies on secure Cloud adoption, addressing data protection issues, privacy enhancing technologies and privacy on emerging technologies, eIDs and trust services, and identifying the cyberthreat landscape, and others. ENISA also supports the development and implementation of the European Union's policy and law on matters relating to NIS.

Learn more at https://www.enisa.europa.eu/about-enisa.

About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company celebrating its 20 year anniversary in 2017. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

For the latest in-depth information on security threat issues and trends, please visit:
Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact:
Denise Berard
508.274.0704
Denise.Berard@kaspersky.com

Kaspersky Lab ICS Experts Join Forces with ENISA to Improve IoT Security Recommendations

Kaspersky Lab experts are working with the European Union Agency for Network and Information Security (ENISA) and other first-rate panelists from some of the leading market players, to prepare expert advice for the protection of critical infrastructure.
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases