ENISA advisory group points to lack of security in consumer IoT

BEUC NEWS - 29.10.2019

The advisory group of the EU’s Agency for Cybersecurity, composed of stakeholders from industry and academia and including BEUC,  published an opinion on “Consumers and IoT security”. It identifies the big lack of cybersecurity in consumer IoT as a significant issue to be addressed by an EU law setting minimum standards for security by default and by design.

 

Consumer IoT products – smart washing machines, connected fridges and door-locks linked with the Internet – are already widespread and their use will only increase. Yet, consumers are concerned about the security of their products, their privacy and their safety. According to the latest Eurobarometer from the European Commission, 86% of consumers believe that the risk of becoming a victim of a cybercrime is increasing.

The opinion highlights what many of our member organisations have found: connected products can too often be hacked too easily and thus put consumers’ privacy and even physical security at risk. (Think about a smart door-lock being hacked by an intruder.) But there can even be systemic problems i.e. when many connected products are used to facilitate large-scale cyber-attacks (as was the case with the 2016 Mirai attack).

As a result, the advisory group says that the next European Commission should prioritise a mandatory “security by default and by design” rule. It would – among other things – require the manufacturers of connected products to incorporate cybersecurity functionalities appropriate for consumer IoT products from an early stage of and throughout their design process and before putting the products on the market.

Because the opinion is addressed to ENISA, is provides concrete recommendations on how ENISA should contribute to systematically taking into account and mainstreaming consumers’ needs into the EU’s cybersecurity policy. The opinion highlights that ENISA’s mandate and activities are key in achieving this objective.

BEUC, who’s deputy director general Ursula Pachl was the rapporteur of the opinion, is calling on the European Commission and on ENISA to head the advisory group’s calls and recommendations.