How the Cybersecurity Act is Changing IoT Security

Twenty-six billion devices are currently connected to the internet of things, but by 2025, this is expected to skyrocket to 75 billion. Lawmakers are in a race against time to ensure that the new technology is safe for users. As more everyday objects get hooked up to the internet, there is increasing the opportunity for hackers to gain access to sensitive information or take over an object remotely. While some American states have made progress in passing internet security laws, it is the EU that is leading the way. The Cybersecurity Act, originally proposed in 2017, has two main objectives: to offer stronger levels of certification and give teeth to the European Union Agency for Network and Information Security (ENISA), so that regulations on the IoT can be enforced.

Levels of Certification

Certification is just a means by which businesses can evaluate the strength of their security. This is carried out on a voluntary basis, but it gives customers an idea of the safety level of their devices. As more and more properties have integrated tech, certification allows homebuyers to rest easy knowing that they have full protection.

When new properties are developed, they are more likely than ever to have IoT capabilities, even before new owners have moved in. The EU Cybersecurity Act will allow house hunters to know whether the tech is covered by basic, substantial, or high protection. If it is at a basic level, then this means that only the business has carried out assessments and put minimal protections in place. If the certification reads substantial or high, however, then European buyers can rest assured that rigorous government checks have been carried out.

Granting New Authority to ENISA

ENISA is an organization which checks and enforces that proper security features are in place. Their current mandate, however, ends in 2020 and they have little authority to compel tech companies to act in accordance with regulation. The new Cybersecurity bill seeks to change this.

ENISA’s mandate has now been made permanent, meaning that they will be able to enforce their own rules for many years to come. Organizations across the EU now recognize this agency as being the ultimate arbiter on whether standards of security are strong enough. It also means that extra funding is being pumped into ENISA so that they have the means to back up their mandate.

How Businesses Will Be Affected

Security professionals have welcomed the Cybersecurity Act, but US tech firms are concerned at the extra bureaucracy that could be placed upon them. It is likely that California will be the first state to introduce legislation. This also happens to be where many tech firms are located. Ultimately, time and cost for businesses will increase, but receiving a high certification is a way to ensure no future problems occur and that customers feel protected.

The Cybersecurity Act has been rushed through the EU legislative process in order to keep up with a rapidly changing world. Tech will soon be built into all new homes, but this opens up security risks. Getting a headstart on laying down regulations will keep customers safe as they enjoy the new convenience that comes with an IoT home.

Check Also


Virginia’s New Data Protection Law

The new law signals an increased need for adaptability in privacy compliance.