The EU Agency for Cybersecurity (ENISA) has released guidance on securing the IoT supply chain. Connected devices have long been recognised as both a boon and a liability: the ENISA guidance is squarely aimed at securing supply chain integrity and mitigating the risks of exposure to third parties with a weak(er) security posture.
What is particularly interesting is the focus on the risks associated with the manufacture of the physical product. Cyber has historically had a fractious relationship with physical risk (is data tangible property? is physical damage from a cyber attack a material consideration?). The ENISA guidance is very clear that IoT devices are subject to a blend of physical threats as well as all the traditional code-based risks. It flags the exposures generated by assembly line sabotage, tamper-proof casing limitations and magnetic attacks. They sit alongside the traditional threats of IP theft, network compromise and patching vulnerabilities.
It's refreshing to see a risk assessment that fuses both the tangible with the intangible. The physical exposure to the digital should properly remain a consideration.
/Passle/59994aefb00e801a0c1447be/SearchServiceImages/2026-04-17-13-21-04-932-69e233c07c52c60ac8ec8e33.jpg)
/Passle/59994aefb00e801a0c1447be/MediaLibrary/Images/2026-04-07-08-00-15-424-69d4b98fdf20114810cf62f5.jpeg)
/Passle/59994aefb00e801a0c1447be/MediaLibrary/Images/5d95c81b8cb6230bac629b4d/2022-06-10-11-05-56-063-62a32594f636ea1acc4cd7c7.jpg)