Baseline Security Recommendations for IoT

In a recent study titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, the European Union Agency For Network And Information Security (ENISA) sets the scene for IoT security in Europe. The study provides a valuable reference point in this field and a foundation for forthcoming initiatives and developments.

Executive Summary

The Internet of Things (IoT) is a growing paradigm with significant technical, social, and economic impact. IoT poses very important safety and security challenges that need to be addressed for IoT to reach its full potential. Many security considerations regarding IoT are not necessarily new; they are inherited from the use of networking technologies. However, the characteristics of some IoT implementations present new security challenges, threats and risks that are manifold and evolve rapidly. Addressing these challenges and ensuring security in IoT products and services is a fundamental priority.

Baseline Recommendations

To help the community meet these challenges ENISA is working to define a set of Baseline Security Recommendations for IoT.  As a result of the work undertaken to date, and after taking into consideration all the background research carried out, the views expressed by the experts interviewed, and the good practices and security measures identified, the following recommendations have been developed:

  • Promote harmonization of IoT security initiatives and regulations
    • Intended for IoT industry, providers, manufacturers, associations
  • Raise awareness for the need for IoT cybersecurity
    • Intended for IoT industry, providers, manufacturers, associations, academia, consumer groups and regulators
  • Define secure software/hardware development lifecycle guidelines for IoT
    • Intended for IoT developers, platform operators, industry, manufacturers
  • Achieve consensus for interoperability across the IoT ecosystem
    • Intended for IoT industry, providers, manufacturers, associations, regulators
  • Foster economic and administrative incentives for IoT security
    • Intended for IoT industry, associations, academia, consumer groups, regulators
  • Establishment of secure IoT product/service lifecycle management
    • Intended for IoT developers, platform operators, industry, manufacturers
  • Clarify liability among IoT stakeholders
    • Intended for IoT industry, regulators

T&VS Security Solutions

T&VS have created a comprehensive suite of security testing services to help companies ensure that their IT infrastructure, applications and devices are secure and provide robust defences to security attacks, including a suite of services specifically targeting IoT Security Testing.


The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe’s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at

Contributors to the report included experts from: Digital Worx GmbH, ARM Ltd, HOP Ubiquitous S.L. (HOPU), Geomantis Corporation Limited, Bticino S.p.A., Kaspersky Lab, Symantec Corporation, STMicroelectronics N.V., Landis+Gyr AG, Cloudflare, Inc., University of Kent, NXP Semiconductors N.V., GSM Association (GSMA), Robert Bosch GmbH, Huawei Technologies Co., Ltd., Siemens AG, Internet Society (ISOC), EC DG Joint Research Centre (JRC), Cable Television Laboratories, Inc. (CableLabs), Microsoft Corporation, International Business Machines, Avast Software s.r.o. and Legrand.

2018-01-23T12:12:49+00:00 23rd January, 2018|Security, Thought Leadership|
The T&VS newsletters inform you about industry news, events and information from T&VS. No spam, we promise and it is always easy to unsubscribe.
We never share your information. Read our Privacy Statement
Interested in Formal Verification?
Then why not attend the TVS Formal
Verification Bootcamp training?
The 2-day Formal Verification Bootcamp is for design and verification engineers looking to enhance their knowledge of formal verification and to learn how to write effective assertions to find and fix bugs. The course is a mix of presentations and hands-on development exercises.
Bootcamp Enquiry Form
If you are interested in receiving additional information on the course then simply email Mike Bartley (TVS CEO and Course Leader) by entering your details below.
Interested in SystemC?
FREE SystemC UVM Library Now Available
The TVS SystemC UVM library closely mimics UVM but gives users a license free UVM-based verification environment.
Have your product requirements been successfully tested and implemented?
Find out how asureSIGN can help you implement a successful Requirements Driven Verification and Test Strategy by visiting asureSIGN or enter your details and we will be in touch.
Course Dates and Pricing
To receive additional information, including course dates and pricing, please contact our training team who will be happy to help.
Download Request
Please complete the following form then click 'submit' to access the download.
Presentation Request
Please complete the following form then click 'submit' to gain access to the presentations.
Please complete the following form and then click 'submit' to gain access to the download.
Did you get what you were looking?

Let the testing experts help. We will run a FREE QA assessment which will include our top 5 recommendations to help maximise your testing.