This ENISA study defines guidelines for securing the supply chain for IoT. Establishing secure supply chain across the IoT ecosystem is a fundamental building block for IoT security. Supply chain lays the foundation of IoT devices security, because the majority of these devices are comprised from a multitude of components from different suppliers (both hardware and
software). At the same time, supply chains present a weak link for cybersecurity because organisations cannot always control the security measures taken by supply chain partners.
Taking a step back and looking into the entire supply chain of IoT products and services, ENISA with the input of IoT experts created security guidelines for the whole lifespan: from requirements and design, to end use delivery and maintenance, as well as disposal. The motivation is clear: security is not only about the end product, but also about the processes to
be followed to develop the product. ENISA has long argued for security by design and by default to be weaved into digital products . Setting specific security guidelines for IoT supply chain security is of paramount importance to holistically approach the issue of IoT security. IoT security needs to be considered at all stages of the supply chain, from the early conceptual design to the end user delivery and maintenance.
It is therefore important to analyse the relevant supply chain security threats and accordingly to set forward security measures and guidelines that help avoiding the risks that affect trustworthiness of the IoT supply chain….