On June 01, Europe and Japan continued their cooperation and technological leadership through an online workshop focusing on IoT Security.

The Internet of Things (IoT) is poised to fundamentally transform many aspects of industry and wider society.  The combination of a huge variety of connected devices with automated systems that collect and analyse information, and then can action that information, is set to transform the way so many industry sectors operate - from transport to manufacturing, to healthcare and agriculture.  

Security stands as a large priority in all these systems, as it will be central to its success and widespread adoption. This webinar brought together technology and security leaders from Europe and Japan who discussed how to create a common vision of IoT devices and systems security vulnerabilities and to share best practices in terms of regulation, standardization and certification.

It was made clear by all of the participants that cyber security is a global challenge that requires global cooperation. When it comes to IoT, security is vital not just because of the risk of financial damage but also because it can impact the safety of citizens.

The approaches adopted for IoT Security in Europe and Japan were presented.

A system is only strong as its weakest link. Even if security is robust at an infrastructure level, consumer devices can be used as an entry point - thus it’s critical that security is embedded across all levels of the ecosystem. In Europe, the Cybersecurity Act of 2019 aims to harmonise security approaches across the EU and the EN 303 645 and its related standards were presented in some detail by the ETSI TC Cyber community of experts.

A framework used in Japan for defining IoT Security was outlined, with a first layer involving connections between organisations, a second layer featuring the connections between physical objects and cyberspace and a third layer which is defined as connections purely within cyberspace. There will be different types of IoT devices that will either interact with purely IT based systems/processes and those that will interact with the physical world.

A key aspect of ensuring broader security is a system of standards-based certifications. Security certification schemes need to build on standards that come out of multi-stakeholder cooperation.

One key point made was that the further we want to develop security requirements, the better we need to define the use cases, which requires adding another level of specialisation on top of the standards. And the definition of ‘use cases’ opens up new areas for fruitful collaboration between Europe and Japan.

Another key point made is that it will be important to broaden the scope of security implementation.

While it’s important to raise awareness of security in the general public, it’s also important to raise awareness and educate device and service providers, as many of them may not have a strong background or experience in cyber-security matters. The proliferation of connected devices means the scope of security efforts have to be broadened to also more effectively target IoT service and solution providers.

In summary, there was broad agreement that there exists many concrete opportunities and ways of deepening cooperation, in establishing a more harmonised global approach to cyber security and to further the technological leadership of Japan and Europe in this regard.