Research on: automation technologies for IoT security certifications, and state-of-play and techniques for GDPR/certifications-compliant privacy-enabling IoT decommissioning (Proof of Concept viability stage) (IoT-SePriCe-Auto-POC)
Main funder
Funder's project number: 825618
Funds granted by main funder (€)
- 75 000,00
Funding program
Project timetable
Project start date: 01/04/2020
Project end date: 31/10/2020
Summary
Internet of Things (IoT) is an ICT phenomenon that connects over Internet and local networks
billions of various devices and sensors. It impacts one way or another billions of humans and
virtually any vertical of society and industry. Indeed, IoT has the power and the opportunity to
bring great value and innovation to the humanity. However, IoT also demonstrated through a
series of recent attacks (e.g., Mirai botnet) that only a tiny fraction of vulnerable and
compromised IoT devices (e.g., cameras, routers, printers) can take down large portions of
Internet (e.g., DDoS attacks) this in turn affecting consumers and costing businesses millions.
Therefore, the cybersecurity and privacy are the two pillars of paramount importance for the
success and complete adoption of IoT as a success story for humanity.
One way to achieve and ensure cybersecurity (including IoT) is by developing
standards/guidelines, and then enforcing and verifying their implementation. When such
standards are followed on mandatory items, this should (in theory) provide guarantees or
indicators of the cybersecurity levels of IoT devices.
Numerous certifications for IoT devices/ecosystems emerge from organizations such as
ENISA, NIST, ETSI, UL, NCSC, IoT Security Foundation, GlobalPlatform. And recently,
Finland became the first EU country to adopt a self-certification label scheme for IoT
cybersecurity [7]. All these come as a response to: a) prior lack of such certifications for IoT;
b) a strong need to be able to enforce and also compare security level of various IoT devices.
Most of the certifications are performed manually which makes them slow, expensive and
prone to human error. In the context of tens of millions of device models in the years to come,
human expertise cannot scale and therefore automation is imminently required.
This project aims to initiate research on automation of compliance checks for IoT cybersecurity
and privacy certifications/standards/regulations.
billions of various devices and sensors. It impacts one way or another billions of humans and
virtually any vertical of society and industry. Indeed, IoT has the power and the opportunity to
bring great value and innovation to the humanity. However, IoT also demonstrated through a
series of recent attacks (e.g., Mirai botnet) that only a tiny fraction of vulnerable and
compromised IoT devices (e.g., cameras, routers, printers) can take down large portions of
Internet (e.g., DDoS attacks) this in turn affecting consumers and costing businesses millions.
Therefore, the cybersecurity and privacy are the two pillars of paramount importance for the
success and complete adoption of IoT as a success story for humanity.
One way to achieve and ensure cybersecurity (including IoT) is by developing
standards/guidelines, and then enforcing and verifying their implementation. When such
standards are followed on mandatory items, this should (in theory) provide guarantees or
indicators of the cybersecurity levels of IoT devices.
Numerous certifications for IoT devices/ecosystems emerge from organizations such as
ENISA, NIST, ETSI, UL, NCSC, IoT Security Foundation, GlobalPlatform. And recently,
Finland became the first EU country to adopt a self-certification label scheme for IoT
cybersecurity [7]. All these come as a response to: a) prior lack of such certifications for IoT;
b) a strong need to be able to enforce and also compare security level of various IoT devices.
Most of the certifications are performed manually which makes them slow, expensive and
prone to human error. In the context of tens of millions of device models in the years to come,
human expertise cannot scale and therefore automation is imminently required.
This project aims to initiate research on automation of compliance checks for IoT cybersecurity
and privacy certifications/standards/regulations.
Principal Investigator
Primary responsible unit
Profiling area: Cyber security (University of Jyväskylä JYU)
