Also online at: www.dijonline.co.uk Secure Connected Device accreditation for IoT products Secured by Design’s (SBD) Secure Connected Device accreditation scheme, developed in consultation with the Department for Science, Innovation and Technology (DSIT), helps companies to get their products appropriately assessed against all 13 provisions of the ETSI EN 303 645 standard, a requirement that goes beyond the Government’s legislation so that companies can not only demonstrate their compliance with the legislation but help protect themselves, their products and customers. The SBD Secure Connected Device IoT Assessment identifies the level of risk associated with an IoT device and its ecosystem, providing recommendations on the appropriate certification routes with one of the SBD approved certification bodies. Once third-party testing and independent certification for a product has been achieved, the company can apply to become SBD members, with the product receiving the SBD’s Secure Connected Device accreditation, a unique and recognisable accreditation that will highlight products as having achieved the relevant IoT standards and certification. Why is the Secure Connected Device accreditation for IoT products important? It is vitally important to ensure that all IoT products have the right level of security in place to protect consumers and reduce the risk of them falling victim to cyber crime. Adverse publicity due to a cyber incident could be catastrophic to the reputation of the product and company. In 2021 Which? undertook a study to look at how a smart home could be at risk from hackers, setting up their own smart home. This detected more than 12,000 scanning or hacking attempts in a single week. Without the appropriate levels of security, any internet connected device or app is at risk of being readable, recognisable, locatable, and/or controllable via the internet, thus providing cyber criminals with the ‘key’ in accessing and stealing personal data. This can then be used for a multitude of criminal purposes, including burglary, theft, blackmail, harassment and stalking. Compliance with the Secure Connected Device accreditation sends a clear message to the wider industry of the importance of IoT security and companies accredited to this SBD standard will lead by example and be at the forefront of the IoT revolution and in doing so will help to keep their customers and the public safer from the risk of a cyber breach. The Secure Connected Device accreditation is the only way for companies to obtain police recognition for the security of their IoT products in the UK. Find out more on SBD’s Secure Connected Device accreditation at www.securedbydesign.com/IoT THE door industry journal summer 2023 Secured by Design I wrote about the new SBD ‘Secure Connected Device’ accreditation scheme for companies offering Internet of Things (IoT) connected products and services in a previous column and the essential nature of this accreditation has been brought into sharp focus with the Product Security and Telecommunications Infrastructure Act 2022 now being enacted into law. The new law applies to all consumer IoT products, including connected safety-relevant products such as door locks, connected home automation and alarm systems and smart home assistants. The Product Security and Telecommunications Infrastructure Act requires manufacturers, importers and distributors to ensure that minimum security requirements are met in relation to consumer connectable products, as well as providing a robust regulatory framework that can adapt and remain effective in the face of rapid technological advancement, the evolving techniques employed by malicious actors and the broader international regulatory landscape. The government have mandated that businesses will need to be compliant with the new security requirements relating to consumer connectable products laid down in the Product Security and Telecommunications Infrastructure Act from the 29th of April 2024. I would encourage everyone to ensure that they are sighted on the new law and have taken the appropriate steps to ensure that you are compliant with its requirements. These minimum security requirements are based on the UK’s Code of Practice for Consumer IoT security, the leading global standard for consumer IoT security ETSI EN 303 645, and on advice from the UK’s technical authority for cyber threats, the National Cyber Security Centre. The regime will also ensure other businesses in the supply chains of these products play their role in preventing insecure consumer products from being sold to UK consumers and businesses. The cyber threat to a ubiquitous digital landscape affects everybody who touches the internet, ranging in scale from deadly to stressful, financial and reputational. It’s vitally important that producers of such products consider security technology and support the Government’s plan to help manufacturers develop safe IoT products that consumers can use with confidence. The law also contains an enforcement regime with civil and criminal sanctions aimed at preventing insecure products being made available on the UK market within it. You can find out more about the act, its sanctions and how you can comply with the act in the article alongside. Jon Cole, Chief Operating Officer Secured by Design A regular column by Jon Cole, Chief Operating Officer, Secured by Design, the official police security initiative, which has been delivering a wide range of crime prevention activities across the UK for over 30 years and operates a product-based police accreditation scheme for security-rated products. Jon Cole
RkJQdWJsaXNoZXIy Mzg2Nzk=