Guidelines from Five Eyes nations encourage logging and forensic features.
Global cyber agencies have launched a series of guidelines to encourage IoT and edge device manufacturers to be more secure.
According to a statement, the device manufacturers will be encouraged to include and enable standard logging and forensic features that are robust and secure by default. With edge devices often targeted, the guidelines also call on minimum standards for forensic visibility.
Relentless Wave
Ollie Whitehouse, NCSC technical director, said: “In the face of a relentless wave of intrusions involving network devices globally, our new guidance sets what we collectively see as the standard required to meet the contemporary threat.
“Alongside our international partners, we are focused on nurturing a tech culture that bakes security and accountability into every device, while enabling manufacturers and their customers to detect and investigate sophisticated intrusions”
The guidelines are published by GCHQ’s National Cyber Security Centre (NCSC) and cyber security agencies in Australia, Canada, New Zealand, and the US.
Heightened Exposure
Commenting, Juliette Hudson, CTO of CybaVerse, said these are guidelines that shouldn't be ignored “because when edge devices are insecure, the entire networks they run within are at heightened exposure to attack.”
“Having good visibility across network assets and running proactive monitoring for threats are essential, but device manufacturers also have a key role to play, and it is essential they practice good security hygiene in the development process,” Hudson said.
“Device manufacturers must ensure their tools are manufactured with unique passwords and they should also offer users the ability to apply security patches to mitigate vulnerabilities.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
