General Atomics

Cyber agencies unveil new guidelines to secure edge devices

Cyber security chiefs in the UK and their international allies have issued a new set of guidelines to help manufacturers of edge devices make their products more secure and easier to investigate if a compromise occurs.



Image by Doucefleur / copyright Shutterstock

Published by GCHQ’s National Cyber Security Centre (NCSC) and cyber security agencies in Australia, Canada, New Zealand and the US, the new guidance highlights an increasing number of sophisticated malicious actors targeting vulnerabilities in edge devices.

Edge devices are internet-connected devices that sit at the ‘edge’ of a network, acting as entry points for data between local networks and the wider internet. Examples include routers, smart appliances, IoT devices, sensors and cameras, which can be particularly vulnerable to hackers as they often handle important data and connect directly to external networks.

The new guidelines encourage device manufacturers to include and enable standard logging and forensic features that are robust and secure by default, so that network defenders can more easily detect malicious activity and investigate following an intrusion.

They also set out the minimum standards for forensic visibility to help network defenders in securing organisational networks, both proactively and in response to a compromise.

NCSC Technical Director Ollie Whitehouse said: “In the face of a relentless wave of intrusions involving network devices globally our new guidance sets what we collectively see as the standard required to meet the contemporary threat.
    
“In doing so we are giving manufacturers and their customers the tools to ensure products not only defend against cyber attacks but also provide investigative capabilities require post intrusion.
    
“Alongside our international partners, we are focused on nurturing a tech culture that bakes security and accountability into every device, while enabling manufacturers and their customers to detect and investigate sophisticated intrusions.”

The guidance is part of a coordinated series of complementary publications on edge device security, released today in collaboration with agencies in Australia, New Zealand, Canada and the US, with input from the NCSC.

Earlier this year, the NCSC highlighted an Ivanti advisory about a critical security vulnerability in their remote access product, which enables employees to work from home and acts as an edge device to protect against external threats.

Related

Bristow Group acquires Berry Aviation as it shifts further into government services
Bristow Group helicopter in flight
Bristow Group acquires Berry Aviation as it shifts further into government services
Bristow Group’s $105 million acquisition of Berry Aviation will add defence, ISR, mission support and unmanned systems capabilities to its Government Services business.
Airbus Belfast delivers 500th A220-300 wingset after becoming fully integrated
Belfast 500th A220300 wings
Airbus Belfast delivers 500th A220-300 wingset after becoming fully integrated
Airbus Belfast has completed its 500th A220-300 wingset, just months after the former Spirit AeroSystems facility came under Airbus ownership.
Aerospace

3 Jul 2026

Skybus managing director leaves with immediate effect
Jonathan Hinkles, a highly experienced airline executive with over 30 years in the industry, who has stepped down from Skybus
Skybus managing director leaves with immediate effect
The unexpected departure comes just months after the airline was at the centre of the high-profile collapse of Cornwall's subsidised London Gatwick air service.
Aerospace

2 Jul 2026

Royal Navy begins sea trials for giant submarine drone XV Excalibur
XC Excalibur uncrewed submarine for the Royal Navy
Royal Navy begins sea trials for giant submarine drone XV Excalibur
The 12 metre uncrewed submarine will begin trials in Plymouth and surrounding waters, focussed on integration of payloads and trials of the platform.
Defence

3 Jul 2026

Rolls-Royce Submarines breaks ground on major Derby expansion to support AUKUS
AUKUS submarine
Rolls-Royce Submarines breaks ground on major Derby expansion to support AUKUS
Rolls-Royce Submarines has broken ground on a major expansion of its Raynesway site in Derby, doubling manufacturing capacity.
Defence

3 Jul 2026

Bristow Group acquires Berry Aviation as it shifts further into government services
Bristow Group helicopter in flight
Bristow Group acquires Berry Aviation as it shifts further into government services
Bristow Group’s $105 million acquisition of Berry Aviation will add defence, ISR, mission support and unmanned systems capabilities to its Government Services business.
BAE Systems’ Endura demos radiation-hardened capability for space missions
BAE Systems’ Endura demos radiation-hardened capability for space missions
BAE Systems has successfully demonstrated the ability of its Endura system-on-chip (Soc) space processor…
Space

29 Jun 2026

BAE Systems to build high-res imagery satellites for Vantor
BAE Systems to build high-res imagery satellites for Vantor
BAE Systems has entered into an agreement to build high-resolution imaging satellite buses for Vantor, a provider of unified spatial intelligence from space to ground.
Space

25 Jun 2026

ADS appoints Matthew Reynolds as CIO
ADS appoints Matthew Reynolds as CIO
ADS Group - parent organisation of trade association ADS and Farnborough International - has appointed Matthew Reynolds as its Chief Information Officer (CIO).
Aerospace Defence Events Security ...

19 Jun 2026

Smiths Detection completes transition to CVC Capital Partners
Smiths Detection completes transition to CVC Capital Partners
Smiths Detection completes transition to CVC Capital Partners
Smiths Detection has completed its transition from Smiths Group to CVC Capital Partners (CVC), a private markets investment firm.
Aerospace Security

1 Jul 2026

Serbus acquires Westica
Serbus acquires Westica
Serbus acquires Westica
Provider of secure Critical National Infrastructure (CNI) networking and communication solutions, Serbus, has acquired Westica Communications Limited (Westica), for an undisclosed sum.
Defence Security

30 Jun 2026

CAA warns of risks posed by incorrectly packed batteries
Pack right. Safe Flight. CAA
CAA warns of risks posed by incorrectly packed batteries
Ahead of the big summer getaway where over 60 million people are expected to…
Aerospace Security

26 Jun 2026