• Facebook
  • Twitter
  • LinkedIn
  • Youtube
  • Github
  • Mail
  • Community Forum
  • Who We Are
      • The Global Cyber Alliance has a singular purpose: to reduce cyber risk. Learn about our goals, our impact, and meet the minds behind our mission.
      • Our Mission
      • Our Vision
      • Our Impact
      • Founding Organizations
      • Our History
      • Team
      • Partners
      • Careers
  • Programs
      • At GCA, our core programs – Internet Integrity and Capacity & Resilience – aim to tackle key challenges of interent infrastructure, privacy, and safety.
      • Internet Integrity
        • Domain Trust
        • AIDE
      • Capacity & Resilience
        • GCA Toolkits
  • Tools
      • We create free, useful tools that make a real impact on improving security for organizations and individuals. Explore our tools here.
      • GCA Cybersecurity Toolkit for Small Business
      • GCA Cybersecurity Toolkit for Journalists
      • GCA Cybersecurity Toolkit for Mission-Based Organizations
      • GCA Cybersecurity Toolkit for Individuals
      • Quad9
      • DMARC
      • GCA Cybersecurity Toolkit for Elections
      • Cyber Hygiene for Financial Institutions
  • Get Involved
      • There are many ways that you can become part of our global effort. Whether it’s using one of our tools to help improve your own cybersecurity, partnering with us on cutting edge projects, or investing resources, your involvement is what makes our success possible!
      • Use a Tool
      • Become a Partner
      • Community Forum
      • Donate
  • News & Events
      • Explore the latest news from across the GCA community, find upcoming webinars and local events, and dive deeper into resource content.
      • News
      • Events
      • Blog
      • Reports & Publications
  • Donate
  • Donate
  • Who We Are
      • The Global Cyber Alliance has a singular purpose: to reduce cyber risk. Learn about our goals, our impact, and meet the minds behind our mission.
      • Our Mission
      • Our Vision
      • Our Impact
      • Founding Organizations
      • Our History
      • Team
      • Partners
      • Careers
  • Programs
      • At GCA, our core programs – Internet Integrity and Capacity & Resilience – aim to tackle key challenges of interent infrastructure, privacy, and safety.
      • Internet Integrity
        • Domain Trust
        • AIDE
      • Capacity & Resilience
        • GCA Toolkits
  • Tools
      • We create free, useful tools that make a real impact on improving security for organizations and individuals. Explore our tools here.
      • GCA Cybersecurity Toolkit for Small Business
      • GCA Cybersecurity Toolkit for Journalists
      • GCA Cybersecurity Toolkit for Mission-Based Organizations
      • GCA Cybersecurity Toolkit for Individuals
      • Quad9
      • DMARC
      • GCA Cybersecurity Toolkit for Elections
      • Cyber Hygiene for Financial Institutions
  • Get Involved
      • There are many ways that you can become part of our global effort. Whether it’s using one of our tools to help improve your own cybersecurity, partnering with us on cutting edge projects, or investing resources, your involvement is what makes our success possible!
      • Use a Tool
      • Become a Partner
      • Community Forum
      • Donate
  • News & Events
      • Explore the latest news from across the GCA community, find upcoming webinars and local events, and dive deeper into resource content.
      • News
      • Events
      • Blog
      • Reports & Publications
  • Facebook
  • Twitter
  • LinkedIn
  • Youtube
  • Github
  • Mail
  • Community Forum
IoT Policy and Attack Report 2 Cover

IoT Policy and Attack Report II

GCA Internet Integrity Papers, Issue II

IoT Policy and Attack Report II

The second issue of the GCA Internet Integrity Papers series presents the results of the second phase of the IoT Policy and Attack research project, conducted jointly by the Global Cyber Alliance (GCA) and Microsoft.

Based on real IoT attack data obtained from GCA’s AIDE platform and ProxyPot honeypot technology, the project focuses on providing factual evidence about the applicability and effectiveness of some of the most widespread policies, recommendations, and standards on IoT security.

Whereas the first report explored some of the basic IoT security recommendations, this one has analyzed the role that the IoT devices’ software stacks —and their known vulnerabilities— play as factors to drive targeted attacks.

The key findings of the report can be summarized as follows:

  • Separately from the IoT device’s own software, the application software stack is a magnet for an incessant flow of attacks that try to exploit known vulnerabilities
  • There is a clear correlation between items published in the CVE framework, a widely accepted and constantly updated list of common vulnerabilities, and exploits used in attacks; this should be noteworthy to IoT manufacturers
  • Risk remediation practices, industry standards, policy efforts… should not forget the software-side of IoT security
  • Highly configurable honeypot technologies like ProxyPot are powerful allies in the research of this ever-changing threat landscape

Note that the report is being shared as a ‘Final Draft.’ The findings are all up to date but we are now reviewing them in the light of the Cyber Resilience Act debate in the European Union, which is closely connected with the scope of our project. An updated, final version of the report will be published as soon as that review is complete.

Download the Final Draft
Use a Tool Donate Partner with Us

New York  |  London  |  Brussels

  • Facebook
  • Twitter
  • LinkedIn
  • Youtube
  • Github
  • Mail
  • Community Forum

New York  |  London  |  Brussels

The Global Cyber Alliance is a nonprofit organization dedicated to making the Internet a safer place by reducing cyber risk. We build programs, tools, and partnerships to sustain a trustworthy Internet to enable social and economic progress for all. GCA is a 501(c)(3) in the U.S. and a nonprofit in the U.K. and Belgium.

  • Contact
  • Privacy Policy
  • Donate
  • Terms of Service
  • Intellectual Independence Policy
  • Diversity & Inclusion Statement

info@globalcyberalliance.org     |     +1.646.677.5535

Online Trust Alliance Honor Roll Certification Logo
IASME Consortium Self-Certified Logo
Cyber Essentials Full Color Logo and Mark
Amazon Smile Logo Full Color

Global Cyber Alliance is a 501(c)(3) Nonprofit Organization

Copyright 2023 Global Cyber Alliance | Sitemap

Scroll to top