The Internet of Things (IoT) has seamlessly integrated into our daily lives, with connected devices now ubiquitous in homes, workplaces, and public spaces. However, as the IoT ecosystem continues to expand, so does the potential for cyber threats. This is where the crime prevention principles of Secured by Design (SBD) play a critical role in safeguarding our increasingly connected world.
What is Secured by Design?
Secured by Design (SBD) is an official police security initiative that recognises both physical and connected products that have met robust third-party testing, helping to reduce crime. It’s Secure Connected Device accreditation ensures manufacturers have taken clear steps to reduce vulnerability to cyber attacks and protect users and their data.
From the initial concept and design to development, testing and ongoing maintenance security is treated as a fundamental requirement rather than an afterthought. By addressing potential vulnerabilities early, SBD reduces risks and avoids the need for costly fixes later.
This approach is not just a best practice; it is increasingly becoming a legal requirement. For example, the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act mandates that IoT devices meet specific security standards to protect consumers.
Key Principles of SBD
At its core, Secured by Design is about collaboration and foresight. Developers, security experts, and stakeholders work together to identify and mitigate risks from the outset. Some of the key principles include:
Minimising attack surfaces: Reducing the number of potential entry points for attackers.
Decentralising security infrastructure: Ensuring that security is not reliant on a single point of failure.
Continuous improvement: Treating security as an ongoing process rather than a one-time compliance exercise.
This methodology is not limited to IoT devices. It is widely applied across software development, cloud services, and even physical security initiatives. For example, SBD also focuses on designing out crime in buildings and neighbourhoods by embedding security into their design.
IASME IoT Cyber scheme
IASME IoT Cyber scheme certifies internet connected devices against the most important cyber security controls. The annually renewable scheme allows manufacturers to certify connected devices at two different grades of certification. IoT Cyber Baseline covers the top three requirements of the leading global standard in IoT security, ETSI EN 303 645 and aligns with The Product Security and Telecommunications Infrastructure Act 2022.
IoT Cyber Assurance is aligned with UK legislation and all of the 13 provisions in the ETSI EN 303 645 standard, extending beyond just the top three required for UK law.
The scheme is accessible and affordable for manufacturers of all sizes, offering practical advice on improving product security. For those seeking a higher level of assurance, the Level Two scheme includes a hands-on audit of the device. This involves third-party testing and independent certification, carried out by skilled Assessors from IASME’s network of Certification Bodies.
The scope of the certification is comprehensive, covering not just the IoT device itself but also any associated hubs, apps, or cloud services that the device relies on.
IASME and SBD: A Partnership for Secure Connected Devices
IASME partners with Secured by Design (SBD) to support their Secure Connected Device accreditation. Through IASME’s IoT Cyber Assurance Level Two scheme, internet-connected devices are certified against a comprehensive range of cyber security controls. This certification offers manufacturers a recognised pathway to demonstrate that their devices meet the rigorous requirements of the Secure Connected Device accreditation framework.
A Manufacturer’s Perspective
For manufacturers, Secured by Design is not just about compliance—it’s about creating products that customers can trust. This commitment to security demonstrates how manufacturers can lead the way in building safer, more reliable connected devices.
“Security is fundamental to how CERES TAG designs technology for the livestock industry. As connected devices become more widely used in agriculture, it’s essential that security is considered and incorporated from the very beginning. Secured by Design accreditation is important for CERES TAG because it independently validates that our devices meet rigorous standards, helping protect the data, livestock and operations producers and supply chains rely on every day.”
Greg Campbell, Chief Innovation and Development Officer, CERES TAG