When it comes to cyber security, critical infrastructure and IoT present major challenges. How can Europe strengthen its cyber resilience in these areas? Are there policy solutions to address the issues we face? Andrea Barisani, head of hardware security at F-Secure, participated in a panel discussion at the 2017 Digital Assembly, where he tackled these tough questions. Here are four takeaways from Andrea’s appearance:
1. The cyber security business is booming – both on offense and on defense.
The good news is, as a result of cyber security constantly grabbing news headlines, people are already aware of the need for security – there’s no need to convince them. The obvious negative side, however, is that cyber security concerns are increasingly affecting our lives.
2. We need to expand the definition of critical infrastructure.
Instead of just talking about water, electricity and the classical security critical targets, we should include in the definition pretty much everything that is connected. There is a tendency that policies and directives only control the traditional critical infrastructures. A telecom provider, a router in the end of a customer’s DSL line, mobile phones, even cars, which are connected should be considered as critical infrastructure.
3. Today’s certifications and standards are lacking and need improvement.
Building a secure product is not that difficult. It’s just that the certifications and standards available today do not match up with the technicalities. People defining the standards need to be in close interaction with the technical people.
Companies often consider certifications and standards a burden, given their current state. But in an ideal world, certifications and standards should be seen as an asset. Nowadays, providing a secure product is a clear competitive advantage. Certifications should be framed to support the process of developing and delivering products that are truly secure.
4. Letting a third party assess your code is not a danger to your intellectual property.
Many connected device manufacturers today don’t know anything about IoT and the security issues around it. Take, for example, a toaster manufacturer who wants to add a digital component to their product. Having the digital component tested by a third party should be a requirement.
Watch the recording of the panel discussion:
The Digital Assembly 2017 took place on 15 and 16 June in Valletta, Malta. The event is organized by the European Commission and the Maltese Presidency of the Council of the European Union. Other panelists included: Jaya Baloo, CISO, KPN, Miapetra Kumpula-Natri, a member of the European Parliament, and Sebastian Toffaletti, Secretary General, European Digital SME Alliance.
Leave a comment