- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Domain of Application >
- Trend snippet: IoT security challenge: cybersecurity and privacy by design
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
IoT security challenge: cybersecurity and privacy by design
5.1 CYBERSECURITY AND PRIVACY BY DESIGN
To build cybersecurity and privacy by design into IoT, a set of security principles should be adopted and adhered to. These principles form the basis for standards, future-proof legislation, and operational security solutions.
5.1.1 Current Landscape and Recent Developments
The United States Department of Homeland Security (DHS)98, OWASP99, the Korea Internet & Security Agency100, and the Alliance for IoT Innovation (AIOTI)101 have all defined sets of IoT security and privacy principles. Strategic Principles by DHS The U.S. DHS describes the risks associated with IoT and provides a set of principles and best practices to build security into IoT.102
IoT Security Principles from South Korea
The seven principles of common security for IoT as proposed by Korea Internet & Security Agency103 should be considered by the providers (developers) of IoT devices and services, and by users as well.
IoT Security Principles from DCMS UK
The U.K. Government’s Department for Digital, Culture, Media and Sport (DCMS) has published a report104 on IoT security in which five guiding principles are identified to inform future action. The report also describes the development of the U.K.’s Code of Practice105 on IoT Security.
IoT Security Principles by OWASP
OWASP states sixteen principles106 that cover the full spectrum of IoT from system hardening and lifecycle support to authentication and isolation.
AOITI Basic Privacy Principles
The Alliance for IoT Innovation (AIOTI) organised a workshop in 2016 in Sophia Antipolis, France, to explore and identify design principles for IoT security.107 One of the workshops was dedicated to practical privacy in IoT, and participants identified the following principles.
5.1.2 Key Findings
– There is no single set of IoT security and privacy principles that is internationally recognised and adopted. – The diversity in proposed IoT security principles between different countries and initiatives illustrates a lack of collaboration, especially between governments.
– Due to the lack of globally-adopted principles, a language towards common understanding of shared IoT challenges and issues is lacking. Such a language is required to define a global governance process.
– Consumers and companies are not uniformly aware of the cybersecurity risks and may not be equipped to respond properly.