General Atomics

Cyber agencies unveil new guidelines to secure edge devices

Cyber security chiefs in the UK and their international allies have issued a new set of guidelines to help manufacturers of edge devices make their products more secure and easier to investigate if a compromise occurs.



Image by Doucefleur / copyright Shutterstock

Published by GCHQ’s National Cyber Security Centre (NCSC) and cyber security agencies in Australia, Canada, New Zealand and the US, the new guidance highlights an increasing number of sophisticated malicious actors targeting vulnerabilities in edge devices.

Edge devices are internet-connected devices that sit at the ‘edge’ of a network, acting as entry points for data between local networks and the wider internet. Examples include routers, smart appliances, IoT devices, sensors and cameras, which can be particularly vulnerable to hackers as they often handle important data and connect directly to external networks.

The new guidelines encourage device manufacturers to include and enable standard logging and forensic features that are robust and secure by default, so that network defenders can more easily detect malicious activity and investigate following an intrusion.

They also set out the minimum standards for forensic visibility to help network defenders in securing organisational networks, both proactively and in response to a compromise.

NCSC Technical Director Ollie Whitehouse said: “In the face of a relentless wave of intrusions involving network devices globally our new guidance sets what we collectively see as the standard required to meet the contemporary threat.
    
“In doing so we are giving manufacturers and their customers the tools to ensure products not only defend against cyber attacks but also provide investigative capabilities require post intrusion.
    
“Alongside our international partners, we are focused on nurturing a tech culture that bakes security and accountability into every device, while enabling manufacturers and their customers to detect and investigate sophisticated intrusions.”

The guidance is part of a coordinated series of complementary publications on edge device security, released today in collaboration with agencies in Australia, New Zealand, Canada and the US, with input from the NCSC.

Earlier this year, the NCSC highlighted an Ivanti advisory about a critical security vulnerability in their remote access product, which enables employees to work from home and acts as an edge device to protect against external threats.

Related

Back on the market: Gloucestershire Airport is relisted for sale
Gloucestershire Airport
Back on the market: Gloucestershire Airport is relisted for sale
Following the collapse of a deal with Horizon Aero Group, Savills has been reappointed to find a new buyer for the Staverton Site.
Aerospace

1 Jul 2026

Rcapital completes acquisition of Adams Aviation
Rcapital completes acquisition of Adams Aviation
Rcapital has today completed the acquisition of Crawley based Adams Aviation Supply Company Limited, in a corporate carve-out from Incora.
Aerospace

1 Jul 2026

Smiths Detection completes transition to CVC Capital Partners
Smiths Detection completes transition to CVC Capital Partners
Smiths Detection has completed its transition from Smiths Group to CVC Capital Partners (CVC), a private markets investment firm.
Aerospace Security

1 Jul 2026

UK defence investment plan welcomed by industry, but MPs warn delivery details are missing
Prime Minister visits BAE
UK defence investment plan welcomed by industry, but MPs warn delivery details are missing
BAE welcomed the UK government's Defence Investment Plan as a clear signal for industry. But MPs call for more.
Defence

1 Jul 2026

ST Engineering wins UK contract to supply 40 mm grenades for British Armed Forces
Grenade launcher british army
ST Engineering wins UK contract to supply 40 mm grenades for British Armed Forces
The UK Ministry of Defence has selected ST Engineering to supply nine variants of 40 mm grenade ammunition under a five-year contract worth $87 million.
Defence

1 Jul 2026

Serbus acquires Westica
Serbus acquires Westica
Provider of secure Critical National Infrastructure (CNI) networking and communication solutions, Serbus, has acquired Westica Communications Limited (Westica), for an undisclosed sum.
Defence Security

30 Jun 2026

BAE Systems’ Endura demos radiation-hardened capability for space missions
BAE Systems’ Endura demos radiation-hardened capability for space missions
BAE Systems has successfully demonstrated the ability of its Endura system-on-chip (Soc) space processor…
Space

29 Jun 2026

BAE Systems to build high-res imagery satellites for Vantor
BAE Systems to build high-res imagery satellites for Vantor
BAE Systems has entered into an agreement to build high-resolution imaging satellite buses for Vantor, a provider of unified spatial intelligence from space to ground.
Space

25 Jun 2026

ADS appoints Matthew Reynolds as CIO
ADS appoints Matthew Reynolds as CIO
ADS Group - parent organisation of trade association ADS and Farnborough International - has appointed Matthew Reynolds as its Chief Information Officer (CIO).
Aerospace Defence Events Security ...

19 Jun 2026

Smiths Detection completes transition to CVC Capital Partners
Smiths Detection completes transition to CVC Capital Partners
Smiths Detection has completed its transition from Smiths Group to CVC Capital Partners (CVC), a private markets investment firm.
Aerospace Security

1 Jul 2026

Serbus acquires Westica
Serbus acquires Westica
Provider of secure Critical National Infrastructure (CNI) networking and communication solutions, Serbus, has acquired Westica Communications Limited (Westica), for an undisclosed sum.
Defence Security

30 Jun 2026

CAA warns of risks posed by incorrectly packed batteries
Pack right. Safe Flight. CAA
CAA warns of risks posed by incorrectly packed batteries
Ahead of the big summer getaway where over 60 million people are expected to…
Aerospace Security

26 Jun 2026