The Internet of Things (IoTs) ecosystem is evolving very fast due to the wide adoption of IoT devices in different domains, driving the need to progress towards a more secure IoT landscape. In the wake of this IoT adoption trend, several challenges arise that need to be properly addressed to guarantee that all the potential behind IoT becomes a reality. The efforts are not only linked to the technical development, but many other dimensions should be addressed by involving multiple actors.
The lack of trust in IoT appears as one of the most important roadblocks preventing a massive IoT take-up by consumers in the EU, industries and critical infrastructure managers. In parallel, European regulators are also concerned about the pervasiveness of IoT in the future. Cybersecurity attacks are indeed expected to have large impacts on all sectors, from home appliances, smart cities (mobility, pollution, waste and, sustainability), connected or autonomous cars, planes, smart farming or smart water.
The scope of this technical paper is to identify current and foreseen challenges related to IoT cybersecurity at technical level (both from the IoT supply point of view and the IoT adopters’ point of view), at regulatory level, and in relation to certification. This document analyses several IoT technical challenges and the vertical domains cyber-security challenges. This document also reviews the current state of the concept and approaches towards cybersecurity certification and analyses the current implications of legislations and regulations. Finally, a set of recommendations are proposed as a basis for further discussions.