The market for IoT devices, systems and services will cover homes, offices, infrastructure, and health, besides surveillance and white goods. What if such everyday and now connected devices such as toys, home assistants and baby monitors, are hackable? While standards and frameworks for Internet of Things (IoT) devices’ security are around, there are no widely used or accepted assessment schemes for independently evaluating IoT devices’ and products’ security.
Hence the IoT Security Foundation and the IASME Consortium are partnering; their aim, to address the entry level cybersecurity requirements of consumer IoT products for the UK market. Their scheme offers a baseline for manufacturers to meet.
They suggest the IASME Consortium’s IoT Cybersecurity Basic conformance scheme as an opportunity for manufacturers to differentiate themselves by offering proof of trustworthy behaviour and demonstrating steps to design security into their processes and products. Lead author of the scheme is the cyber consultant Sarb Sembhi. IASME has defined a set of 30 checks – including vulnerability disclosure, device interfaces, remote software updates and product physical security – which can be verified by national certifying bodies. Once the applicant satisfies those checks, a certificate is issued and the company can use the Basic tick mark on marketing materials. As for the cost of going through the scheme, they say it’ll be ‘in the same fee brackets’ as for Cyber Essentials.
John Moor, Managing Director of the IoT Security Foundation said: “IoT security is a wicked challenge for manufacturers as there are many factors to consider beyond purely technical controls. This can be off-putting yet experts in the field know that many of the risks can be avoided with a small number of well thought out measures. This scheme is aimed to be simple, low cost and address the majority of common vulnerabilities we still see today. We’re proud to be working with the IASME Consortium to help us achieve our mission of ‘making it safe to connect’.”
Dr Emma Philpott of IASME, pictured, said: “Through our work with Cyber Essentials, we have seen the power of doing the basics right. We wanted to do the same for IoT and create a scheme which provides assurances for consumers and be attractive for business. We have worked with the IoT Security Foundation to create a scheme which does that, taking into account the immediate needs and anticipate regulatory changes that are likely to transpire in due course.
“This is just the beginning of our work with IoT. We further hope to evolve the scheme as the threat landscape changes and create additional schemes with more stringent controls which are required beyond the consumer market.”
Background
From April 2020, Malvern-based IASME will be the sole delivery partner for Cyber Essentials, the Government backed certification scheme. Visit https://www.iasme.co.uk/.
