Ann LaFrance has published an article in this month’s Cyber Security Practitioner on a recent report by the European Union Agency for Network and Information Security on cybersecurity issues in relation to emerging technologies, including:
- The Internet of Things (IoT)
- Autonomous systems (e.g., vehicles)
- Next-generation virtualized infrastructures (e.g., software-defined networks and 5G)
- Upcoming societal challenges related to end-user behaviors
- Virtual and augmented reality
- The Internet of Bio-Nano Things
- AI and Robotics
In January 2018, the ENISA issued a report entitled ‘Looking into the Crystal Ball’. The report aims to develop proposals, channel knowledge and set work priorities in relation to these technology developments.
ENISA currently acts as a “center of expertise”, promoting best practice, and inputting into capacity building projects throughout the European Union under Regulation EC 460/2004. In September 2017, however, the European Commission proposed to expand its powers and budget and rebrand it as the “EU Cybersecurity Agency.” The scope of ENISA’s future role is therefore highly relevant to companies that are considering what steps they should take to address the cybersecurity issues related to the emergence of these new technologies.
Countries around the world are trying to face these challenges through improved engagement with a range of stakeholders. Security-by-design is seen by ENISA as a fundamental step in the development of these emerging technologies.
The ENISA report’s focus on cybersecurity complements other regulatory initiatives in the area of privacy and data protection of emerging technologies. In the UK, the Department for Digital, Culture, Media & Sports along with the UK’s National Cyber Security Centre recently released a report on cybersecurity and connected devices entitled Secure by Design. In the US, the Federal Trade Commission (FTC) published its first report on the Internet of Things in February 2015, examining the privacy and data protection implications with specific recommendations for improving data security.