The UK official National Cyber Security Centre (NCSC) and the equivalent cyber security agencies in Australia, Canada, New Zealand, and the United States have released guidance aimed at manufacturers of edge devices. The aim; to make such products more secure; and easier to investigate, if a compromise occurs. The authorities point to more, sophisticated malicious actors targeting vulnerabilities in edge devices.
Edge devices defined
They’re internet-connected devices that sit at the ‘edge’ of a network, acting as entry points for data between local networks and the wider internet. Examples include routers, smart appliances, IoT devices, sensors and cameras, which can be particularly vulnerable to hackers as they can handle important data and connect to external networks.
NCSC Technical Director Ollie Whitehouse said: “In the face of a relentless wave of intrusions involving network devices globally our new guidance sets what we collectively see as the standard required to meet the contemporary threat. In doing so we are giving manufacturers and their customers the tools to ensure products not only defend against cyber attacks but also provide investigative capabilities require post intrusion.
“Alongside our international partners, we are focused on nurturing a tech culture that bakes security and accountability into every device, while enabling manufacturers and their customers to detect and investigate sophisticated intrusions.”
Among the suggestions to device manufacturers are standard logging and forensic features that are secure by default.
Visit Guidance on digital forensics and protective monitoring… – NCSC.GOV.UK.
