The IoT Security Foundation , which is helping to secure the Internet of Things by composing and maintaining a comprehensive compliance framework of recommended steps for creating secure IoT products and services; and Malvern-based IASME Consortium, one of just five companies appointed as Accreditation Bodies for assessing and certifying against the Government’s Cyber Essentials Scheme. have announced a partnership that aims to address the entry level cybersecurity requirements of consumer IoT products for the UK market. The scheme provides a baseline which is both low cost and simple to implement for manufacturers.
Given the many headlines that appear in the media, consumers are rightly concerned about the security and privacy of their devices. A recent report from the Internet Society which surveyed global consumers identified many concerns but also ‘the trust opportunity’. The opportunity exists for manufacturers to differentiate themselves by offering proof of trustworthy behaviour and demonstrating steps have been taken to design security into their processes and products. The IASME Consortium’s IoT Cybersecurity Basic conformance scheme provides that proof.
Working with experts from the IoT Security Foundation, IASME has defined a set of 30 checks which can be verified by a national network of certifying bodies. Once the applicant satisfies those checks, a certificate is issued and the company can use the Basic tick mark on marketing materials.
John Moor, Managing Director of the IoT Security Foundation said “IoT security is a wicked challenge for manufacturers as there are many factors to consider beyond purely technical controls. This can be off-putting yet experts in the field know that many of the risks can be avoided with a small number of well thought out measures. This scheme is aimed to be simple, low cost and address the majority of common vulnerabilities we still see today. We’re proud to be working with the IASME Consortium to help us achieve our mission of ‘making it safe to connect’.”
IASME’s Dr. Emma Philpott MBE said, “Through our work with Cyber Essentials, we have seen the power of doing the basics right. We wanted to do the same for IoT and create a scheme which provides assurances for consumers and be attractive for business. We have worked with the IoT Security Foundation to create a scheme which does that, taking into account the immediate needs and anticipate regulatory changes that are likely to transpire in due course.”
Both organisations are now encouraging manufacturers, and retailers, to take a look at the scheme which can be found here.
Dr. Philpott added: “This is just the beginning of our work with IoT. We further hope to evolve the scheme as the threat landscape changes and create additional schemes with more stringent controls which are required beyond the consumer market.”