The exponential growth of IoT-enabled devices is steadily increasing the pressure on equipment manufacturers and distributors to adapt to the growing threats posed by the technology. Now the EU is imposing new requirements to increase safety for operators and users.
IoT: gateway for security problems
The more applications find their way into the Internet of Things (IoT), the more the potential for digital abuse increases. Outdated, poorly or unmaintained systems that have not been checked for defects make it visibly easier for criminals to find victims. Companies and private individuals alike are connecting more and more objects to networks at ever more closely timed intervals, completely ignoring the associated dangers.
Recent studies of IoT networks revealed that the interconnectedness of various sectors of society continues to increase. Just to a completely different degree than initially intended. For example, in many places there is a fluid intermingling between personally used devices and professional or even government networks.
Iot security: colorful mix as an invitation
Supervisors who allow their employees to connect private e-cars, fitness trackers and smartphones, even their smart homes or video cameras for dog bowls, to corporate networks no longer have to wonder about intrusions into their infrastructure. For savvy connoisseurs of the vulnerabilities of individual or all components of digital ecosystems, single or multiple unsecured access points to operational networks mean less effort for abuse.
Even without such careless use of the Internet of Things, IoT assets increasingly provide docking points for attacks. Analysts keep finding alarming security holes in them. Anything that transmits its data wirelessly seems to be working for attackers. Whether smart speakers, baby monitors, ip cameras or tablets, serious leaks have been found everywhere that can have serious consequences. In addition to network break-ins, which are now almost obligatory, in order to steal data, identities and business internals, the ransomware phenomenon is also visibly becoming a problem. Criminal organizations operating in a division of labor that paralyze entire sectors of the economy for extortion payments illustrate the danger situation.
EU: Savior in a time of need?
The European Union is taking the result of the investigation, according to which 80 percent of cybersecurity breaches are attributable to wirelass equipment, as an opportunity to tighten up the regulations responsible for this. With the expansion of the RED radio directive, it is attempting to counteract all disruptions to smooth Internet communication from 2024. It is intended to strengthen networks against attacks from inside and outside and to ensure that all IoT devices placed on the market meet higher security standards in the future. IoT manufacturers and distributors will then have to secure their products against fraud, cyber abuse and data breaches if they want to continue selling them in Europe. Personal data and privacy in particular will be better protected against attacks.
EU: once again not listening to the experts
However, the fact that the new directive is again insufficiently specified for many industry experts thwarts the intended goal. The mandatory but ambiguous specifications presented here make it unnecessarily difficult for producers and installers of the technology to implement them in a meaningful way. Analysts would have preferred that manufacturers, for example, had been required by the Commission to install security-relevant updates promptly. In this way, today’s common practice of operating unsecured plants for decades could have been abolished in the foreseeable future. But this again did not happen. Just like the renewed failure to install independent and influential organizations to monitor the new regulations, which are only now being considered.