“IoT supply chain security: challenges and impacts”

IoT Day Roundtable –  8. April 2024

Online roundtable with the participation of ENISA, NIST, EUROSMART, ECSO, BEUC, TUVIT, and EY.




The Concept

The DOSS – Secure-By-Design IoT Operation With Supply Chain Control – project aims to improve the security and reliability of IoT operations by introducing an integrated monitoring and validation framework to IoT Supply Chains, including all the relevant stakeholders. DOSS elaborates on a secure-by-design methodology and implements related technology based on formalized data exchange, component testing, and architecture modeling.

Read more

USPs outline

What is this solution offering that’s different?
End-to-end communication

The DOSS “Supply Trust Chain” connects all relevant stakeholders with a formalized communication flow to facilitate monitoring of the movement of IoT devices from manufacturers all the way to decommissioning.

Multi-level security testing

DOSS establishes a comprehensive testing model covering all IoT components, including the binary testing of IoT devices, black-box analysis of 3rd party applications, vulnerability assessment on open-source applications, and internal developments the result of which will provide solid evidence of the existence or absence of vulnerabilities.

Security modeling in digital twin

DOSS will use an AI-assisted, flexibly configurable cybersecurity digital twin to simulate already in the design phase the architecture of selected IoT operations to identify potential attack scenarios, to analyze their impact, and to elaborate the necessary countermeasures. 

Security feedback from operation

The DOSS IoT “Supply Trust Chain” also comprises the highly protected IoT operation itself, which is integrated into the communication loop to provide relevant security-related information to other actors of the IoT supply chain. 

Use Cases

Proof of domain independence 


use case

Smart home

Industrial /


use case

Prosumer cell



use case

Automated car

Latest news

A mix of research updates, insights, and scientific publications

Top 10 (+2) Things You Need to Know About the EUCC Implementing Act

The European Common Criteria-based cybersecurity certification scheme (EUCC) By Roland Atoui and Ayman Khalil, Red Alert Labs   With the introduction of the European Common Criteria-based cybersecurity certification scheme (EUCC), the European Commission makes a significant advancement in a time when cybersecurity threats are more serious than ever. Supported by…

The Federal Communications Commission approves “U.S. Cyber Trust Mark” labeling program for consumer IoT products

On 14. March 2024, the US Federal Communications Commission (FCC) approved, based on criteria developed by the NIST, a voluntary program that would create a cybersecurity label for consumer IoT and smart devices, like (not limited to) home security cameras, voice-activated shopping devices, internet-connected appliances, fitness trackers, garage door openers,…

Ma Y, Gelenbe E, Liu K. 2024. Impact of IoT System Imperfections and Passenger Errors on Cruise Ship Evacuation Delay. Sensors. 2024, 24, 1850.

Journal: Sensors. 2024, 24, 1850 Authors: Ma Y, Gelenbe E, Liu K. Abstract: Cruise ships and other naval vessels include automated Internet of Things  (IoT)-based evacuation systems for the passengers and crew to assist them in case of emergencies and accidents. The technical challenges of assisting passengers and crew to…


Stay in the know and receive all the latest updates straight to your inbox.