IoT refers to a system of connected objects processing data over a wireless network. A lack of human intervention means that these devices function via machine learning, hence the reason they are labelled as ‘smart’. Indeed, IoT is certainly smarter than the internet, which means then that IoT secure compliance is vitally important. CRIBB Cyber Security is now recognised as an IoT certification body, so we decided to take a closer look in our latest blog.
What is IoT?
The ‘internet of things’ is all around us. One growing example is in home security systems, which enable security management via different devices. IoT sensors connect alarms, cameras, microphones and lights. When a doorbell is rung nowadays, a computer, tablet, or even a mobile phone can be used to speak with the caller. Impressive certainly, although the overall security risk of this particular security network is quite high, as we shall see.
The risks of IoT
These are numerous, and include:
- Device hijacking & theft
- Data siphoning, breaches & denial of service
- Man-in-the-Middle / Device spoofing
The first point requires little explanation. It can ultimately result in a cyber criminal having control over several devices. In our home security example, someone gaining access to your smart phone could then tamper with your alarm. This could then lead to physical theft or worse.
‘Data siphoning’ is the act of intercepting data being transmitted between IoT devices. It can be particularly costly when that data is of a sensitive nature, as can data breaches. In a denial of service incident, devices can be rendered useless. Not overly concerning in the case of a smart refrigerator, but far more worrying with security cameras.
‘Man-in-the-middle’ incidents are also known as ‘spoofing’. Essentially, these see attackers assume the identity of a device before then sending false data from it.
What is compliance in IoT?
A key technical standard for IoT security was established by the European Telecommunications Standards Institute (ETSI). Known as ETSI EN 303 645, it gives IoT stakeholders and manufacturers a target to aim for. The IoTSF Security Compliance Framework is another useful tool. Launched by the IoT Security Foundation, this framework incorporates an informed checklist and a robust evidence-gathering process. It is essential to achieve compliance with best practice standards, becoming certified in the process.
A new IoT certification body
CRIBB Cyber Security has long been a certification body with the full backing of the UK Government. Now we are also an official certification body. Just recently we successfully completed the IoT Security Assured scheme from IASME. Developed to allow manufacturers to demonstrate compliance, the scheme is crucial in verifying the security of connected devices in their supply chain.
We will speak in depth with CRIBB’s Patrick Carolan about this next week, but he initially had this to say:
“Having studied the IoT Security Assured scheme, I can confirm that it aligns with the ETSI technical standard. It is also mapped to the IoTSF Security Compliance Framework.
“We have worked with the IASME Consortium for many years to ensure CRIBB stays at the forefront of cyber security. IoT is becoming increasingly more important as the number of smart devices grows. It is therefore essential to aim for compliance in this area.”