New Standards of Security for Smart Devices proposed in the EU and the US

After suffering the brunt of WannaCry and Petya cyberattacks this past year, the European Union has announced The Directive on Security of Network and Information Systems (NIS Directive), a proposed EU-wide legislation on cybersecurity. The European Commission (EC) has selected the European Union Agency for Network and Information Security (ENISA) to lead the efforts last week, the EC head stating that cyberattacks “can be more dangerous to the stability of democracies and economies than guns and tanks”. The new law should come into effect in May 2018, affecting digital service providers and companies in the energy, water and transport sectors, as well as operators of financial, healthcare and internet services.

The NIS Directive aims to achieve a high common level of security of network and information systems within the EU, by improving cybersecurity at a national level per state, increasing EU-level cooperation and improving risk management through a new disclosure and reporting policy regarding cyberattacks. Each member state will have to adopt a strategy on the security of network and information systems, designating national competent authorities for the directive as well as Computer Security Incident Response Teams (CSIRTs).

A similar initiative has been proposed in the US just last month, meant to establish minimum cybersecurity standards for Internet of Things (IoT) devices sold to the U.S. government. The bill, called “Internet of Things Cybersecurity Improvement Act of 2017”, demands all products be able to receive security patches and measure up to specified security controls. Like the NIS Directive, the American bill dictates a vulnerability disclosure guidance for government contractors in order to improve risk management and assessment.

Both laws are a clear indication of a trend researchers are already predicting. The cyber security market is estimated to reach $464 million by 2020, growing at a CAGR of 42.4%. The US takes up 35.28% of the market, making the new American bill an especially lucrative safety measure. With ransomware, malware and worms becoming as common as they are destructive, it’s no wonder both the EU and the US are looking to standardize their defenses, pushing the market even further.

 


Sources:

The NIS Directive
The American Bill
On the IoT Market


Safety, Privacy & Security – Next Article

Leave a Reply