At TROOPERS16, Dr. Cédric LÉVY-BENCHETON an expert in cyber security at ENISA, the European Union Agency for Network and Information Security. Dr. Cédric LÉVY-BENCHETON holds a presentation about cyber security of IoT (Internet of Things) and smart cars he presents the current threats in IoT and Smart cars. ENISA is an agency of the European Union. ENISA assists the Commission, the Member States and, the business community in meeting the requirements of network and information security.
Emerging Threat Environment
- Many products reliable on unsecure components
- complex networks and services
- low quality of software and hardware
- asymmetric threats allowing remote attacks
- increasing organized cybercrime and
- industrial espionage
- lack of international agreements and regimes,
- lack of well-functioning, international operational mechanism
IoT face several challenges: traditional manufacturers develop connected objects with innovative functionalities but there is only a limited investment to ensure their security. The rapid development of IoT devices reuses several third-party components (hardware, software and services) while the security implications of these building-blocks remain a difficult aspect.
Cyber threats to Smart Cars and Intelligent Road Systems go beyond traditional IT security. There cyber threats have real consequences on the safety of citizens. Hence it is important to understand what needs to be secured and develop specific security measures to protect Smart Cars and Intelligent Road Systems from cyber threats.
In Smart Home environments, the security can be difficult to implement within an ecosystem which integrates several types of devices and services, which usually have limited security due to their weak capacities. Moreover the service provide usually remote access to the devices.
Solutions
When Securing Smart Homes both manufacturers and operators for the safety responsibility
Vendors:
- the security architecture of a solution must be defined and documented early
- clarify interfaces between the “secure” and “non-secure” functions
- Consider third-party review by security specialists
- Use standard, secure frameworks or stacks whenever possible
- Test the compliance of security functions
- Protect all communication against disclosure, modification and replay
Operators:
- Use a trust infrastructure
- Use secure pairing for devices
- Introduce a gateway to mitigate the propagation of attacks
Conclusion
If you are interested and experience in the area of IoT, Smart Homes or smart cars
You can apply at https://resilience.enisa.europa.eu/intelligent-public-transport-security-and-resilience/transsec-security-group-application-form to help develop best practice guides for companies on how to secure of IoT, Smart Homes or smart cars.
Slides from Dr.LÉVY-BENCHETON can be found here
Kind regards,
David Neyer