Cyberattacks against smart devices are a growing threat, which can have serious consequences for both users and manufacturers. Cyberattacks can affect the performance, security, privacy and data protection of smart devices. Attacks can also serve as jumping points to target other devices or systems connected to the same network. For example, in 2016, a cyberattack was carried out, which used millions of smart devices, such as cameras, routers and printers, to disrupt the operation of many popular websites.
EU agreement on smart device cybersecurity
To address this issue, EU countries and lawmakers agreed on new rules that will help protect smart devices from cyberattacks. These rules are part of the EU cybersecurity act, which was adopted in 2019, and their goal is to create a common cybersecurity certification system, which would ensure that smart devices comply with certain security standards and requirements.
According to these rules, smart devices that are connected to the internet will have to be certified according to one of three levels: low, medium or high, depending on their security and risk level. The certification will be voluntary, but EU countries and manufacturers can decide to make it mandatory for certain smart devices or sectors. Certification will also be done according to a common methodology and criteria, which will be set at the EU level, and it will be recognized in all EU countries. The certification will help users to easily identify and choose safer smart devices, and encourage manufacturers to improve their products’ cybersecurity.
The relevance and challenges of smart device cybersecurity
Smart device cybersecurity is an important and relevant topic, because the number and usage of smart devices are constantly growing and developing. The smart device market exceeds a valuation of 200 billion euros, encompassing not just laptops, phones, and tablets, but also extending to smart TVs, fridges, bracelets, cars, home security systems, and various other devices. The use of smart devices also helps to improve people’s quality of life and efficiency, by providing them with more opportunities and conveniences. For example, smart devices can help people to monitor their health, learn, communicate, play, work and etc.
However, smart device cybersecurity also faces many challenges and issues, which pose a threat to their security and stability. Some of these challenges and issues are:
- The diversity and complexity of smart devices. The smart device market is very diverse and complex, and it includes many different types, manufacturers, models, operating systems, applications and protocols. Adapting and harmonizing smart device cybersecurity with all these factors can pose challenges and incur significant expenses.
- The vulnerability and openness of smart devices. Smart device cybersecurity is also weaker and more open than traditional computer or server cybersecurity. Because smart device manufacturers and users often do not follow or know the security standards and requirements. For example, smart device manufacturers may not use or provide updates, patches or certificates, which would help protect their products from cyberattacks. Also, smart device users may not use or change their passwords, use unofficial or unauthorized applications or networks, or not know how to properly configure and manage their smart devices.
- The risk of data and privacy of smart devices. Smart device cybersecurity is also related to data and privacy protection, because the use and connection of smart devices to the internet means that they can collect, send, store and share a lot of data, which can be personal, confidential or important. For example, smart device data can include users’ identity, location, health, finances, behavior, preferences and etc. If not adequately protected and managed, these data are susceptible to theft, leaks, manipulation, or unlawful and harmful use. For instance, bad actors could exploit smart device data to create or spread misinformation, conduct advertising campaigns, disseminate viruses and spyware, engage in blackmail, carry out cyber terrorism, and perform other malicious activities.
The other measures of the EU cybersecurity act
Smart device cybersecurity certification is only one of the measures of the EU cybersecurity act, which aim to strengthen the EU cybersecurity and trust. The EU cybersecurity act also includes these measures:
- The strengthening of the EU cybersecurity agency (ENISA). ENISA is the EU agency that is responsible for the coordination and promotion of the EU cybersecurity policy and activities. The EU cybersecurity act gives ENISA more powers and resources, so that it can better perform its tasks, such as cyberattack prevention and response, cybersecurity certification system management, cybersecurity training and consultation provision, cybersecurity research and innovation promotion and etc.
- The revision of the EU network and information security directive (NIS). NIS is the EU directive that sets the common requirements and principles, how the EU countries and key sectors, such as energy, transport, health, finance and etc, have to ensure their network and information security from cyberattacks. The EU cybersecurity act mandates a revision and update of the NIS directive to align with the latest cybersecurity challenges and requirements. This includes addressing the growing prevalence of smart devices, the proliferation of cyber threats, the enhancement of cybersecurity standards, and fostering increased cooperation, among other factors.
