IGF 2023 WS #41 Internet of Things Security: concerns and trends


Cybersecurity, Cybercrime & Online Safety
Cyberattacks, Cyberconflicts and International Security
New Technologies and Risks to Online Security

Organizer 1: Anna Felkner, 🔒NASK-PIB
Organizer 2: Kadobayashi Youki, Nara Institute of Science and Technology

Speaker 1: Anna Felkner, Technical Community, Eastern European Group
Speaker 2: Kadobayashi Youki, Technical Community, Asia-Pacific Group
Speaker 3: Bernhards Blumbergs , Government, Eastern European Group
Speaker 4: Dalton Valadares, Government, Latin American and Caribbean Group (GRULAC)
Speaker 5: Hikohiro Lin, Private Sector, Asia-Pacific Group


Anna Felkner, Technical Community, Eastern European Group

Online Moderator

Kadobayashi Youki, Technical Community, Asia-Pacific Group


Kadobayashi Youki, Technical Community, Asia-Pacific Group


Round Table - 90 Min

Policy Question(s)

How do we influence the security of IoT devices to increase the overall security of people around the world?
What are the efforts worldwide to improve IoT cybersecurity - what are the regulatory challenges and impacts?
What kind of artifacts can help providers and manufacturers to comply with the security requirements?

What will participants gain from attending this session? Participants can include consumers (IoT devices and applications users), IT professionals, and regulatory agencies' representatives as the workshop approaches technical and regulatory content. Consumers can get insights related to the concerns and recommendations for a secure operation of their devices; IT professionals can get an overview of threats and vulnerabilities; and agencies' representatives can get directions to propose regulations in their countries, considering that security should be considered as a global concern.
Participants will learn about where to look for information about vulnerabilities in IoT.
They will also be informed about the various initiatives being undertaken at European level, as well as at national level based on the different experiences of the workshop organisers.
Since the speakers include representatives of Poland, Lithuania, Japan and Brazil, the perspective of different countries, different approaches and different solutions will be presented.


The workshop will address two issues related to the security of the Internet of Things. The first part will show the technical aspects related to this topic - threats, vulnerabilities, ways to ensure the security of devices, while the regulatory part will address the efforts of institutions from around the world to establish and improve security in IoT applications and devices.
One of the many issues faced by users, manufacturers or network owners and those who deal with cybersecurity on a daily basis, such as CSIRT team members, is the issue of vulnerabilities in Internet of Things devices. Although the most popular vulnerabilities are often presented to a large audience, still the vast majority of them are only known to cybersecurity professionals and not to the users who have the vulnerable device. Therefore, it is the users who are most likely to be at risk. It is therefore advisable to increase user awareness of the dangers of owning and using unsecured devices, as well as providing access to information about vulnerabilities. This is why a database of information on vulnerabilities and exploits in IoT has been created, in which this information has been collected, aggregated and correlated. The database is publicly available:https://www.variotdbs.pl/
While academia and industry advance the technical aspects, proposing solutions to identify and mitigate security issues, governments, regulatory agencies, and technical communities (e.g., ITU and ETSI) propose recommendations and regulations to minimize the possibility of security problems. Once regulations are established, these institutions can gather efforts to generate guidelines for solution providers and device manufacturers, specifying the minimum security requirements they must adopt and how to validate them.
The presence of speakers from industry, CERT and academia is intended to encourage discussion on how manufacturers should approach cyber security solutions.

Expected Outcomes

The session will result in an exchange of information between users, manufacturers, management institutions on how to support users and network owners of IoT devices, but also OT or IT in general. The information presented at the session will be of great importance to users of IoT devices, as well as their manufacturers, network owners, CSIRT teams or regulators. The exchange will aim to increase cooperation between different regions of the world to ensure the safety of people and devices.
The presentations and discussions aim to motivate the participants' collaboration, who will be invited to ask questions and give suggestions and ideas. After the session, the organizers can prepare a list with the main doubts and suggestions discussed, which can guide the organization of related events in the future.

Hybrid Format: Speakers will present an introduction to cybersecurity aspects in the Internet of Things scenarios, considering common vulnerabilities and threats/attacks, besides motivating the discussion on regulatory aspects around the world to enhance IoT security. After these presentations, the moderator will invite participants to interact with questions and comments. In the end, the moderator will also invite the participants to fill in a form with their thoughts/ideas regarding the discussed topics, mainly relating their answers to what has been done in their countries/regions.