Anna Maria Mandalari (University College London), Volker Stocker (Weizenbaum Institute)

The EU’s Cyber Resilience Act (CRA) establishes mandatory cybersecurity requirements for products with digital elements, effectively acting as a security standard for the consumer Internet of Things (IoT). While standardization aims to reduce systemic vulnerabilities, security and privacy flaws in standardized requirements can be inherited at scale by widely deployed IoT products. In this paper, we analyze the CRA through the lens of standardized IoT security. We discuss implications for IoT standards and governance, stressing measurable security properties, automated evaluation, and supply-chain considerations. We argue that standardized IoT security cannot be treated as a purely procedural or compliance-driven exercise: regulatory ambiguity, limitations in conformity assessment scalability and harmonization, and gaps between formal compliance and real-world security outcomes risk turning standardization into a mechanism for scaling insecurity rather than mitigating it. Addressing these challenges requires sustained multidisciplinary research at the intersection of IoT standardization, security engineering, and governance, including systematic risk modeling approaches and the development of edge-centric threat models for local IoT environments.

View More Papers

PANDORA: Lightweight Adversarial Defense for Edge IoT using Uncertainty-Aware...

Avinash Awasthi (Department of Computer Science and Engineering, Malaviya National Institute of Technology, Jaipur, India), Pritam Vediya (Department of Computer Science and Engineering, Malaviya National Institute of Technology, Jaipur, India), Hemant Miranka (The LNM Institute of Information Technology, Jaipur, India), Ramesh Babu Battula (Department of Computer Science and Engineering, Malaviya National Institute of Technology, Jaipur,…

Read More

UAVConfigFuzzer: Detecting Incorrect Configurations in Unmanned Aerial Vehicles via...

Yingnan Zhou (Nankai University), Yuhao Liu (Nankai University), Hanfeng Zhang (Nankai University), Yan Jia (Nankai University), Sihan Xu (Nankai University), Zhiyuan Jiang (National University of Defense Technology), Zheli Liu (Nankai University)

Read More

“I found the text to be encouraging” – Evaluating...

Rozalina Doneva (Karlsruhe Institute of Technology (KIT)), Anne Hennig (Karlsruhe Institute of Technology (KIT)), Peter Mayer (University of Southern Denmark (SDU))

Read More