Besides computers, tablets and mobile phones, many other objects connect to the internet. Bike locks, storage cupboards, security cameras and lights are examples of ‘connected’ or ‘smart’ devices, which are collectively known as the ‘Internet of Things’ (IoT). They enable the user to control their functions remotely, usually using a mobile phone app.
If a smart device can be accessed by the user online, there is also the possibility that other people may be able to access it, which raises both security and privacy concerns. Insecure devices can provide an access point for criminals on the internet to steal personal data, access microphones or cameras or hijack a device for ulterior motives. It is therefore important to ensure that all IoT products have the right security in place to protect consumers from becoming victims of cyber crime.
Secured by Design (SBD) operates an accreditation scheme on behalf of the UK Police Service to show that products or services have met recognised security standards. These products or services – which must be capable of deterring or preventing crime – are described as having achieved ‘Police Preferred Specification’.
There are currently many hundreds of companies who produce thousands of individual attack resistant crime prevention products that have met the exacting Police Preferred Specification. This includes doors, windows, external storage, bicycle and motorcycle security, locks and hardware, asset marking, alarms, CCTV, safes, perimeter security products and many others. SBD is the only way for companies to obtain police recognition for security-related products in the UK.
This year, SBD launched a Secure Connected Device accreditation for companies providing internet connected products. Working closely with certifying bodies, who assess IoT products and services against the worldwide standard, ETSI EN 303 645, SBD’s IoT Device assessment framework identifies the level of risk associated with an IoT device and its ecosystem. They are then able to provide recommendations on the appropriate certification routes.
Once third party testing and independent certification for a product has been achieved, the company can apply to become SBD members. The product will receive the SBD Secure Connected Device accreditation, a unique and recognisable accreditation that will highlight products as having achieved the relevant IoT standards and certifications.
IASME are delighted to work in partnership with SBD to contribute to the Secure Connected Device accreditation. IASME’s IoT Cyber Assurance level 2 scheme certifies internet connected devices against the most important cyber security controls and makes up an essential part of the framework for the accreditation.
The IASME IoT Cyber Assurance scheme aligns with all 13 provisions of the worldwide standard in IoT cyber security, ETSI EN 303 645 and with the imminent UK IoT security legislation and guidance. It is also mapped to the IoTSF Security Compliance Framework.
The Level 2 scheme includes a hands-on audit of the device and provides the assurance of third party testing and independent certification. The audit is managed by an Assessor, skilled in IoT cyber security, from one of IASME’s network of Certification Bodies. The scope of the certification includes the IoT device and any associated hub, app and cloud service the device relies upon to operate, the scheme is accessible to micro and small manufacturers, as well as to larger organisations.
Michelle Kradolfer, SBD’s IoT Technical Officer, said: “I am delighted to announce that we have included IASME’s IoT Cyber Assurance Level 2 into our Secure Connected Device framework. With the rise in IoT and smart devices being sold in the UK market, it’s important for companies to ensure that their IoT products are built as securely as possible and an integral part of doing so is getting their IoT products appropriately assessed and accredited.
By obtaining our Secure Connected Device accreditation and undergoing a testing and certification process, companies are sending a clear message on the importance of IoT security for their products, which will make them stand out from the crowd and inspire confidence from their consumers.”
Dr Emma Philpott MBE, CEO of IASME, welcomes the partnership with SBD and the integration of the scheme as part of widespread and comprehensive accreditation. She says “IASME has developed the IoT Cyber Assurance scheme to provide an opportunity for manufacturers to improve the security of their internet-connected devices and to show they are compliant with best-practice security. The technical controls required for certification guard against the exploitation of common IoT cyber security vulnerabilities. Certification is a vital tool in enabling organisations to verify the security of connected devices in their own supply chain.”
If you would like more information regarding the IASME IoT Cyber Assurance certification, please contact [email protected].