What aspects are part of the security of an IoT-environment?
The impact of the Internet of Things (IoT) on our daily live increases. The more and more evolving functionalities of smart devices offer opportunities. In contrary to these benefits, there are also some challenges when it comes to safety and security.
Devices and buildings which are connected to the internet might contain one or more vulnerable parts. Therefore, it’s important to understand what IoT is and what aspects should be taken into account when we look at the security of an IoT-environment. In the end we should be completely confident we can for instance trust our fire alarm while we are asleep.
Two IoT disciplines
IoT can be divided in two disciplines: Consumer Products IoT and Industrial IoT. There are some similarities between these disciplines, like the integral chain approach. However, the two disciplines are used in a different way. This implicates the safety requirements differ, for example in severity, when both disciplines are brought into practice. The requirements can be more strict for one application when compared to another:
- Consumer Products IoT: products or devices which are used by the end consumer. Like a smart doorbell.
- Industrial IoT: processes which have an industrial purpose. This is for instance a production process of a boiler in which collected data is used to make the process ‘smarter’.
Three main topics for safety in IoT
When looking at safety in IoT we can distinguish three main topics. The vulnerability in smart devices is in most cases caused by unawareness about possible failures during installation of the end- product. There are very specific technical parts which should be applied with relevant expertise and specialization to reach the required safety level.
The three main topics for safety in IoT are:
- Technology: this is the technical development which provide us the IoT functionalities. Like encryption, radio technology, modulation, building materials etc.
- Processes: the technology is part of processes that consist of predefined procedures to provide a service to people.
- Human interaction: the way people use the technology and processes.
Testing IoT safety
Several standards have been developed to test safety of IoT devices. These tests help your organization in product development. A product which has an official certificate distinguishes itself from its competitors. Plus the certificate can be a requirement to be able to sell the product on the market you aim for. Products with a certificate give extra assurance to the client. He or she will have the confidence to install for example your smart fire alarm.
As your Partner for Progress Kiwa can help you with this. Together we make sure IoT safety increases constantly.
More information
Would you like to know more? Please contact Sabyne van Mourik via Sabyne.van.mourik@kiwa.com or 06-25010217.
ETSI EN 303 645: security of IoT consumer electronics
Refrigerators, lighting, TV’s, smoke detectors, toys, fitness trackers... An ever-increasing number of everyday electronic consumer products is connected to the internet. These ‘smart’ devices make our lives more pleasant and often easier, but they also entail security risks.
IEC 62443 certification: Cyber Security for Industrial Automation & Control Systems (IACS)
Digitalization and the Internet of Things (IoT) offer great opportunities for manufacturing industries. However, if not properly secured they can cause vulnerability, leading to cybercrime and attacks by hackers. This can seriously damage daily operations and business continuity.
Penetration Tests and Ethical Hacking Services
A penetration test, also known as a pentest or ethical hacking, is an authorised simulated cyberattack on an IT/ OT system, performed to ultimately evaluate the cybersecurity of that digital system. At Kiwa we perform tailormade pentests of which the results provide valuable insights to the owners of the tested system.
