On May 30, 2022, Europe and Japan continued their exchanges of views and good practices to define effective IoT Security frameworks, spreading from baseline requirements to specific requirements for vertical use cases.

The Internet of Things (IoT) is poised to fundamentally transform many aspects of industry and wider society.  The combination of a huge variety of connected devices with automated systems that collect and analyse information, and then can action that information, is set to transform our daily lives and the way so many industry sectors operate - from transport to manufacturing, to healthcare and agriculture.  

It is already well recognized that cyber security is a global challenge that requires global cooperation. When it comes to IoT, security is vital not just because of the risk of financial damage but also because it can impact the safety of citizens.

This second EU-Japan workshop on IoT Security Standards was co-chaired by the European Commission DG CONNECT, the Japan Ministry of Internal Affairs and Communications (MIC), with the participation of Japan Ministry of Economy, Trade, and Industry (METI), cybersecurity standardization experts and industry stakeholders from Europe and Japan.

It was the first technical event held after the signature of the EU Japan Digital Partnership on May 12, 2022 focusing on the domain of IoT Security where EU and Japan can mutually benefit from tighter cooperation and harmonization.

This workshop progressed on the operational ​conclusions drawn at the end of the first EU-Japan cooperation webinar on IoT Security held on June 1, 2021, with the objectives:​

  • to provide an update on the development and implementation of IoT security standards in Europe and Japan over the last year, including certification schemes and self-evaluation guidelines
  • to share approaches to the definition of IoT Security requirements for vertical use cases, specifically Smart Homes and Industrial IoT

This webinar brought together technology and security leaders from Europe and Japan who discussed how to create a common vision of IoT devices and systems security vulnerabilities and to share best practices in terms of regulation, standardization and certification and guidelines.

InDiCo wishes to thank the distinguished panel of speakers at this workshop:

  • Tonnie de KOSTER, adviser for International Aspects of Digital Transformation, EC DG CONNECT
  • Yutaka KITAGAMI, Deputy Director-General for International Economic Affairs, Global Strategy Bureau of MIC
  • Kostantinos KAPSOUROPOULOS, International Relations Officer, Policy & Outreach, EC DG CONNECT
  • Emilio DAVILA – GONZALEZ, Head of Sector ICT Standardization, EC DG CONNECT
  • Daisuke HOSHI, Director for International Affairs, Cybersecurity Division, METI
  • Koichi SUGIMOTO, Assistant Director, Office of the Director-General for Cybersecurity, MIC
  • Koji NAKAO, Distinguished Researcher, Cybersecurity Research Institute, NICT
  • Sonia COMPANS, Technical Officer of ETSI Technical Committee CYBER
  • Gisela MEISTER, Senior Cybersecurity Consultant, EUROSMART
  • Scott CADZOW, Secretary of ETSI Technical Committee CYBER
  • Andreas MUELLER, General Chair of the 5G - Alliance for Connected Industry and Automation (5G - ACIA)
  • Omar DHAHER, Senior Technology Manager, European Digital SME Alliance
  • Stefan KRAMER, First Counsellor at the Delegation of the EU to Japan

The outcome of the workshop highlighted that one key aspect of ensuring broader security is a system of standards-based certifications. Security certification schemes need to build on standards that come out of multi-stakeholder cooperation.

One key point made was also that the link needs to be maintained between policy, regulation, and standardization to ensure consistency and effectiveness of IoT Security frameworks generally and specifically in vertical domains like Smart Homes and Industrial IoT.

As a conclusion to the meeting, it was proposed to create a joint working group to pursue the exchanges of information (such as the standards templates and methodology for vertical use cases security requirements recently published by ETSI) and possibly the definition of common requirements.