When we consider future challenges, new national cybersecurity policies in various countries have started addressing IoT security more directly:
European Union: The EU has introduced the Cyber Resilience Act, which imposes mandatory cybersecurity requirements for digital products, including IoT devices, covering their entire lifecycle from design to disposal. This act aims to standardize IoT security across the EU and ensure that manufacturers comply with stringent cybersecurity standards. United States: The US continues to advance its IoT security framework under various initiatives, including expanding IoT security labeling programs to help consumers understand and compare the cybersecurity protections of different IoT devices. This is part of broader efforts to enhance national IoT security as part of the country's cybersecurity strategy. Global Perspective: Various countries are adopting or updating their cybersecurity frameworks to address IoT security explicitly. For example, the NIS2 Directive in the EU, which will be fully transposed into national law by October 2024, expands the scope of cybersecurity rules to cover more sectors, including those that heavily rely on IoT systems.
These developments highlight the global movement towards more robust IoT security, with new regulations and policies being implemented to address the growing risks associated with the proliferation of connected devices. The Security issues strongly relate to the data management issues related to confidentiality and privacy, and all this needs to take into account the challenges and opportunities offered by emerging technologies such as Artificial Intelligence and Quantum computing. Agenda: Introduction and Common Ground (5 mins) Speakers: Wout de Natris (DC IS3C) and Maarten Botterman (DC IoT) Panel 1: Current IoT Security developments Mini Panel (10 + 5' Open Floor) Speaker 1 – Renee Roland (FCC) on the USA initiative towards secure IoT with a focus on labelling and certification to empower users to make smarter choices. – and the need to work towards international mutual recognition of standards Speaker 2: Nicolas Fiumarelli (Chair, IS3C WG1) on the results of a global comparison of IoT Security related policies, regulations ad standards. Panel 2: IoT Data Governance and Privacy (10 + 5' Open Floor) Speaker 1: Jonathan Cave (Alan Turing Institute, Warwick University, DC IoT) addressing the data governance issues that relate to IoT – acknowledging that many live data related to persons are collected, and through analysis may be relatable to people. Speaker 2: Nicolas Fiumarelli (Chair, IS3C WG1) on the results of a global comparison on IoT data privacy related policies and regulations. Panel 3: IoT Governance and Emerging Technologies: Quantum & AI - Mini Panel (10 + 5' Open Floor) Speaker 1: Elif Kiesow Cortez (Chair, IS3C WG3) explaining the need to ensure Quantum Proof Encryption (QPC) in IoT environments forfuture-proofing against emerging threats relating to relating to IoT devices and IoT ecosystems. Speaker 2: Maarten Botterman (Chair, Global Forum of Cyber Expertise WG E on Emerging Technologies, DC IoT) highlighting the importance of awareness and capacity building with regards to ensure continued justified trust in the use of IoT environments in towards the future. Preliminary conclusions and next steps (5 mins) All participants are invited to share their input and comments via email after the session, as preparations for IGF2025 require rapid follow up to the results of this meeting.
Open Zoom
