27th November 2019
Today, the IoT Security Foundation and the IAMSE Consortium announced a partnership that aims to address the entry level cybersecurity requirements of consumer IoT products for the UK market. The scheme provides a baseline which is both low cost and simple to implement for manufacturers.
Given the many headlines that appear in the media, consumers are rightly concerned about the security and privacy of their devices. A recent report from the Internet Society which surveyed global consumers identified many concerns but also ‘the trust opportunity’. The opportunity exists for manufacturers to differentiate themselves by offering proof of trustworthy behaviour and demonstrating steps have been taken to design security into their processes and products. The IASME Consortiums’ IoT Cybersecurity Basic conformance scheme provides that proof.
Working with experts from the IoT Security Foundation, IASME has defined a set of 30 checks which can be verified by a national network of certifying bodies. Once the applicant satisfies those checks, a certificate is issued and the company can use the Basic tick mark on marketing materials.
John Moor, Managing Director of the IoT Security Foundation said “IoT security is a wicked challenge for manufacturers as there are many factors to consider beyond purely technical controls. This can be off-putting yet experts in the field know that many of the risks can be avoided with a small number of well thought out measures. This scheme is aimed to be simple, low cost and address the majority of common vulnerabilities we still see today. We’re proud to be working with the IASME Consortium to help us achieve our mission of ‘making it safe to connect’.”
Dr. Emma Philpott MBE said, “Through our work with Cyber Essentials, we have seen the power of doing the basics right. We wanted to do the same for IoT and create a scheme which provides assurances for consumers and be attractive for business. We have worked with the IoT Security Foundation to create a scheme which does that, taking into account the immediate needs and anticipate regulatory changes that are likely to transpire in due course.”
Both organisations are now encouraging manufacturers, and retailers, to take a look at the scheme which can be found at https://www.iasme.co.uk/
Dr. Philpott concluded by saying “this is just the beginning of our work with IoT. We further hope to evolve the scheme as the threat landscape changes and create additional schemes with more stringent controls which are required beyond the consumer market.”
The scheme assessment report is published on the IoTSF website here
About the Internet of Things Security Foundation (IoTSF)
The IoTSF was formed as a response to existing and emerging threats in the Internet of Things applications. It is an international, collaborative initiative that seeks to promote best practice across multiple sectors and help organisations realise the benefits of IoT securely.
IoTSF promotes the values of a security-first approach, fitness for purpose and resilience through operating life. The security values are targeted at key stages of the IoT eco-system – those that build, buy and use products and services: Build Secure. Buy Secure. Be Secure.
IoTSF is an international, collaborative and vendor-neutral members’ initiative, driven by the IoT eco-system and inclusive of all parties including technology providers and service beneficiaries.
About the IASME Consortium
IASME worked closely with the UK’s National Cyber Security Centre (NCSC) since 2013 to develop Cyber Essentials and contributed to writing the first technical requirements document.
IASME became an Accreditation Body (AB) for the Cyber Essentials Scheme in 2014 and currently licences to more than 170 Certification Bodies (CB’s). Since the Cyber Essentials Scheme started, IASME has issued more than 8,000 certificates and now certifies between 400 and 500 companies a month to Cyber Essentials, Cyber Essentials PLUS and roughly 20% of those certify to the wider IASME Governance including GDPR certification.