Brian Sims
Editor
Brian Sims
Editor
FOLLOWING ON from Police Crime Prevention Initiatives’ (PCPI) Secured by Design programme launching a Secure Connected Device accreditation for those companies providing Internet-connected products, the IASME Consortium is now working in partnership to contribute towards that accreditation through its own IoT Cyber Assurance Level 2 scheme.
Besides computers, tablets and mobile phones, many other objects now connect to the Internet. Bike locks, storage cupboards, security cameras and lights are all examples of ‘connected’ or ‘smart’ devices collectively comprising the Internet of Things (IoT). They enable the user to control their functions remotely, usually by dint of employing a mobile phone app.
If a smart device can be accessed by the user online, though, there’s also the possibility that others may be able to access that same device as well, which then raises both security and privacy concerns. Insecure devices can provide an access point for criminals on the Internet to steal personal data, take control of microphones or cameras or otherwise hijack a device for ulterior motives.
On that basis, it’s important to ensure that all IoT products have the right security in place to protect consumers from becoming victims of cyber crime.
Accreditation scheme
As stated, Secured by Design operates an accreditation scheme on behalf of the police service to highlight the fact that products or services have met recognised security standards. These products or services – which themselves must be capable of deterring or preventing crime – are described as having achieved Police Preferred Specification.
There are currently many hundreds of companies who produce thousands of individual attack-resistant crime prevention products that have met the exacting Police Preferred Specification. Those products include doors, windows, external storage facilities, bicycle and motorcycle security systems, locks and hardware, asset marking solutions, alarms, CCTV cameras, safes, perimeter security products and many others. Secured by Design is the only way in which companies can obtain police recognition for security-related products in the UK.
Secured by Design has been working closely with certifying bodies who assess IoT products and services against the worldwide standard ETSI EN 303 645. Secured by Design’s IoT device assessment framework identifies the level of risk associated with a given IoT device and its ecosystem. It’s then possible to provide recommendations on the appropriate certification routes.
Once third party testing and independent certification for a product has been achieved, the company involved can then apply to become a member of Secured by Design. The product will receive the Secured by Design Secure Connected Device accreditation: a unique and recognisable accreditation highlighting that products have achieved the relevant IoT standards and certifications.
IASME involvement
IASME’s IoT Cyber Assurance Level 2 scheme certifies Internet-connected devices against the most important cyber security controls and itself comprises an essential element of the framework for the accreditation.
The IASME IoT Cyber Assurance scheme aligns with all 13 provisions of the ETSI EN 303 645 worldwide standard, as well as with the imminent IoT security legislation and guidance being put in place for the UK. Further, it’s mapped to the Internet of Things Security Foundation’s Security Compliance Framework.
The Level 2 scheme includes a hands-on audit of the device under scrutiny and provides the assurance of third party testing and independent certification. The audit process is managed by an assessor skilled in IoT cyber security and sourced from one of IASME’s network of certification bodies. The scope of the certification includes the IoT device and any associated hub, app and cloud service the device relies upon to operate.
Importantly, the scheme is accessible to micro and smaller manufacturers as well as larger organisations.
Securely built
Michelle Kradolfer, IoT technical officer for Secured by Design, said: “I’m delighted to announce that we’ve included IASME’s IoT Cyber Assurance Level 2 scheme within our own Secure Connected Device framework. Given the rise in volume of IoT and smart devices being sold in the UK market, it’s vitally important for companies to ensure that their IoT products are built as securely as possible. An integral part of doing so is making sure that these products and systems are appropriately assessed and accredited.”
Kradolfer added: “By obtaining the Secure Connected Device accreditation and undergoing a testing and certification process, companies are sending a clear message on the importance of IoT security for their products, which will make them stand out from the crowd and inspire confidence from consumers.”Dr Emma Philpott MBE, CEO of IASME, welcomes the partnership with Secured by Design and the integration of the scheme as part of widespread and comprehensive accreditation.
“IASME has developed the IoT Cyber Assurance scheme to provide an opportunity for manufacturers to improve the security of their Internet-connected devices and also to show that they are compliant with Best Practice security,” urged Philpott. “The technical controls required for certification guard against the exploitation of common IoT cyber security vulnerabilities. Certification is a vital tool in enabling today’s organisations to verify the security of connected devices in their own supply chain.”
*Additional information regarding the IASME IoT Cyber Assurance certification is available by sending an e-mail to info@iasme.co.uk
Wyche Innovation Centre
Walwyn Road
Upper Colwall
Malvern
WR13 6PL
UNITED KINGDOM
03300 882752