The supply chain around the Internet of things (IoT) has become the weak link in cybersecurity, potentially leaving organizations open to cyberattacks via vulnerabilities they are not aware of. But a newly released set of guidelines aims to ensure that security forms part of the entire lifespan of IoT product development.
The Guidelines for Securing the IoT—Secure Supply Chain for IoT report from the European Union Agency for Cybersecurity (ENISA) sets out recommendations throughout the entire IoT supply chain to help keep organizations protected from vulnerabilities which can arise when building connected things.
One of the key recommendations is that cybersecurity expertise should be further integrated into all layers of organizations, including engineering, management, marketing, and others so anyone involved in any part of the supply chain has the ability to identify potential risks—hopefully spotting and addressing them at an early stage of the product development cycle and preventing them from becoming a major issue.
It is also recommended that "security by design" is adopted at every stage of the IoT development process, focusing on careful planning and risk management to ensure that any potential security issues with devices are caught early.
"Early decisions made during the design phase usually have impactful implications on later stages, especially during maintenance," said the report.
Another recommendation is that organizations throughout the product development and deployment cycle should forge better relationships in order to address security loopholes that may arise when no communication exists between those involved.