The Security Event 2022 saw the official police security initiative, Secured by Design (SBD), launch a ‘Secure Connected Device’ accreditation for companies providing IoT connected products.
The rise of the Internet of Things (IoT) and smart devices has revolutionised the way we live, both at home and at work, with many smart devices allowing control remotely. Whether it is a doorbell, central heating, lightbulb, voice assistant (Alexa, Siri), kitchen appliance, children’s toy or baby monitor, everything connected to the internet falls under this category.
However, with the increase in IoT products available and a growing ecosystem of interconnected devices, cyber criminals are targeting and exploiting vulnerabilities of both products and apps, as most are mass-produced without security being a major consideration.
Without the appropriate levels of security, any internet connected device or app is at risk of providing cyber criminals with the ‘key’ in accessing and stealing personal data. Now more than ever, it’s important to ensure that all IoT products have the right security in place to protect consumers and reduce the risk of them falling victim to cyber crime.
In 2018, the Government published the first Code of Practice (CoP) for the Internet of Things. The CoP, developed by Department of Digital, Culture, Media & Sports (DCMS), sets a benchmark for security for manufacturers to follow when developing IoT products for the UK market, based upon the ETSI standard EN 303 645: The European Standard on connected device security.
Working closely with certifying bodies such as IASME, BSI and UL, who assess IoT products and services against the CoP, SBD’s IoT Device assessment framework identifies the level of risk associated with an IoT device and its ecosystem, providing recommendations on the appropriate certification routes.
Once third party testing and independent certification for a product has been achieved, the company can apply to become SBD members, with the product receiving the SBD ‘Secure Connected Device’ accreditation, a unique and recognisable accreditation that will highlight products as having achieving the relevant IoT standards and certifications.
Michelle Kradolfer, SBD’s IoT Technical Officer, said: “There is an alarming increase in IoT devices experiencing a cyber-attack or breach over the recent years and that is mainly because most IoT devices aren’t produced with security at the forefront.
“With 35 billion internet connected devices being used worldwide, which is increasing significantly each year, it’s essential that we turn our focus on ensuring that IoT products and apps have the appropriate level of security in place so that consumers can use them in a safe manner and reduce the risk of a cyber-breach.
“That is why I am delighted to announce the launch of our new ‘Secure Connected Device’ accreditation, which is given to companies with IoT products that have taken the necessary steps to ensure it meets the relevant IoT standards and certifications. By obtaining this accreditation, companies are sending a clear message on the importance of IoT security within their products and services, which will make them stand out from the crowd and inspire confidence from their consumers.”