Companies – and if necessary – governments must establish risk-based rules that ensure adequate protection across all IoT layers with clearly defined and mandatory requirements. Ensure confidentiality, authenticity, integrity, and availability by setting baseline standards, such as
Identity and access management: Connected devices must have secure identities and safeguarding measures that only allow authorized users and devices to use them.
Encryption: Connected devices must ensure confidentiality for data storage and transmission purposes, wherever appropriate.
Continuous protection: Companies must offer updates, upgrades, and patches throughout a reasonable lifecycle for their products, systems, and services via a secure update mechanism.