The UK-based IoT Security Foundation has partnered with the IAMSE Consortium to develop a certification scheme for products ahead of potential legislation.
A set of 30 checks in total have been created to provide a minimum bar for cybersecurity which is both simple and cost-effective for manufacturers to implement.
The partners have established a national network of bodies authorising to certify the various checks. If an applicant passes the checks, they’ll be issued with a certificate along with the right to display a mark on marketing materials which indicates the product meets a minimum standard.
John Moor, Managing Director of the IoT Security Foundation, said:
“IoT security is a wicked challenge for manufacturers as there are many factors to consider beyond purely technical controls. This can be off-putting yet experts in the field know that many of the risks can be avoided with a small number of well thought out measures.
This scheme is aimed to be simple, low cost, and address the majority of common vulnerabilities we still see today. We’re proud to be working with the IASME Consortium to help us achieve our mission of ‘making it safe to connect’”
Security is the most pressing issue facing IoT devices. The combination of a desire to rush products to market ahead of competitors, along with the rapid proliferation of devices around the world, is a recipe for disaster.
Dr Emma Philpott MBE commented: “Through our work with Cyber Essentials, we have seen the power of doing the basics right. We wanted to do the same for IoT and create a scheme which provides assurances for consumers and be attractive for business.
"We have worked with the IoT Security Foundation to create a scheme which does that, taking into account the immediate needs and anticipate regulatory changes that are likely to transpire in due course.”
IoT devices are one of the biggest targets for hackers because of their often poor security and wide distribution. We’ve already seen botnets like Mirai taking advantage of IoT devices to carry out devastating DDoS attacks with record-breaking amounts of traffic.
Fortunately, the headlines from these events have made consumers more aware to check the security of their devices. A quality mark, similar to say the Red Tractor mark for UK food and farm standards, has been lacking until now.
A report from the Internet Society recently highlighted the “trust opportunity” for manufacturers, offering the chance to differentiate their products and gain an advantage over rivals by showing that steps have been taken to ensure high standards of security.
“We further hope to evolve the scheme as the threat landscape changes and create additional schemes with more stringent controls which are required beyond the consumer market,” Dr Philpott concluded.
In October 2018, the UK government published a voluntary code of practice for consumer IoT security. In May 2019, the government announced plans for legislation to enforce basic levels of cybersecurity in IoT devices.
While certification is currently voluntary, the landscape looks set to change in the near future – and not just in the UK.
Achieving the IoT Security Foundation’s security certification will help to prepare for any future legal requirements, protect customers, and have the commercial advantage of differentiating from competitors in a vital area.
More information about the IoT security certification scheme can be found here.
Interested in hearing industry leaders discuss subjects like this? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.