In a recent study titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, the European Union Agency For Network And Information Security (ENISA) sets the scene for IoT security in Europe. The study provides a valuable reference point in this field and a foundation for forthcoming initiatives and developments.

Executive Summary

The Internet of Things (IoT) is a growing paradigm with significant technical, social, and economic impact. IoT poses very important safety and security challenges that need to be addressed for IoT to reach its full potential. Many security considerations regarding IoT are not necessarily new; they are inherited from the use of networking technologies. However, the characteristics of some IoT implementations present new security challenges, threats and risks that are manifold and evolve rapidly. Addressing these challenges and ensuring security in IoT products and services is a fundamental priority.

Baseline Recommendations

To help the community meet these challenges ENISA is working to define a set of Baseline Security Recommendations for IoT.  As a result of the work undertaken to date, and after taking into consideration all the background research carried out, the views expressed by the experts interviewed, and the good practices and security measures identified, the following recommendations have been developed:

  • Promote harmonization of IoT security initiatives and regulations
    • Intended for IoT industry, providers, manufacturers, associations
  • Raise awareness for the need for IoT cybersecurity
    • Intended for IoT industry, providers, manufacturers, associations, academia, consumer groups and regulators
  • Define secure software/hardware development lifecycle guidelines for IoT
    • Intended for IoT developers, platform operators, industry, manufacturers
  • Achieve consensus for interoperability across the IoT ecosystem
    • Intended for IoT industry, providers, manufacturers, associations, regulators
  • Foster economic and administrative incentives for IoT security
    • Intended for IoT industry, associations, academia, consumer groups, regulators
  • Establishment of secure IoT product/service lifecycle management
    • Intended for IoT developers, platform operators, industry, manufacturers
  • Clarify liability among IoT stakeholders
    • Intended for IoT industry, regulators

T&VS Security Solutions

T&VS have created a comprehensive suite of security testing services to help companies ensure that their IT infrastructure, applications and devices are secure and provide robust defences to security attacks, including a suite of services specifically targeting IoT Security Testing.


The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe’s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at

Contributors to the report included experts from: Digital Worx GmbH, ARM Ltd, HOP Ubiquitous S.L. (HOPU), Geomantis Corporation Limited, Bticino S.p.A., Kaspersky Lab, Symantec Corporation, STMicroelectronics N.V., Landis+Gyr AG, Cloudflare, Inc., University of Kent, NXP Semiconductors N.V., GSM Association (GSMA), Robert Bosch GmbH, Huawei Technologies Co., Ltd., Siemens AG, Internet Society (ISOC), EC DG Joint Research Centre (JRC), Cable Television Laboratories, Inc. (CableLabs), Microsoft Corporation, International Business Machines, Avast Software s.r.o. and Legrand.