Skip to main content
Skip to main content

Cyber security IoT device security – the future

Home > What we do > Sensing, imaging, IoT > Internet of Things (IoT) > Cyber security IoT device security – the future

As IoT solutions evolve, so do the threats against them

In the short-term,  companies can ensure that they get the basics of IoT cyber security correct.

In the long-term, to ensure companies maintain cyber security, foresighting is required to identify new and emerging threats and develop methods to mitigate against these.

This is being supported by governments, academic institutions, trade bodies and commercial organisations.

In addition to the published Code of Practice for Consumer IoT Security, several other industry and government organisations have published their own IoT security recommendations and guides. These guides serve to support the design, manufacturing and procurement processes of IoT components and systems.

While the majority of guides focus on the security of software and communications, physical security for IoT hardware is also of importance and covered in more detail in articles such as IoTSF’s physical security article.

IoT-focused labelling, standards and legislation

It is not enough to merely encourage the adoption of best practice in the design of new products or services; industry should also adopt common labelling that clearly shows consumers that best practice has been followed.

Not only would this provide comfort and peace of mind to buyers; it helps a manufacturer or service provider to stand out from the competition and enhances their reputation as a cyber security-focused company.

In a recent research paper by Harris Interactive, 73% of people interviewed felt it is important or very important to introduce labels that highlight the security features on consumer IoT devices. Respondents also said that they would pay up to 10% more for the product.

UK consultation

In May 2019, the UK Government launched a consultation on its regulatory proposals for consumer IoT security, stating its ambition for the first three points of its Code of Practice for Consumer IoT Security launched in October 2018 to become mandatory. These are:

  • All IoT device passwords shall be unique and shall not be resettable to any universal factory default value
  • The manufacturer shall provide a public point of contact as part of a vulnerability disclosure policy in order that security researchers and others are able to report issues
  • Manufacturers will explicitly state the minimum length of time for which the product will receive security

The consultation explored various options for the mandatory labelling of IoT devices. It is expected that security labelling will initially be introduced on a voluntary basis.

Other standards and certification

Building on the 2018 UK Code of Practice, the European Telecommunications Standards Institute (ETSI) released the world’s first standard (ETSI TS 103 645) for consumer IoT security in February 2019. Designed with worldwide needs in mind, its purpose is to create a baseline for IoT security, and will be used as the baseline for future IoT certification schemes.

Other activities specifically focused on certification and labelling include the British Standards Institute (BSI) Kitemark for IoT devices, launched in 2018. Used for over 100 years, the Kitemark is a well-recognised logo, that indicates quality and safety in British products. Three different Kitemarks for IoT devices exist; residential, commercial and enhanced for residential or commercial products used in high risk or high value applications.

Unlike the proposed UK regulation, the BSI IoT assessment is not self-certification based.

It requires:

  • The IoT developer to hold compliance to the ISO 9001 quality;
  • pass IoT product tests for functionality, interoperability; and
  • perform regular monitoring assessments of their labelled products.

Joining the IoT community in Scotland

There are many organisations setting out on their IoT journey and finding value in sharing thoughts and challenges.

With our experience across a huge range of market sectors and our knowledge of enabling technologies, CENSIS has strong relationships with Scottish companies, public sector organisations, university research groups and hardware and software suppliers.

As part of our CENSIS community, you can join in with our regular IoT meetups to discuss ideas with like-minded people, take part in one of our hands-on technical workshops or come along to one of our Future Tech events to solve market sector problems in an open forum.

The highlight of our year is the annual CENSIS Technology Summit, where we hear from challenge providers, meet exhibitors who are showcasing new technologies, and network and connect with the sensors, imaging and IoT community.

Take a look at organisations we have worked with

If you would like to find out more about our work with businesses of all sizes, public sector bodies and universities, we have highlighted some of the challenges we have faced together with our clients.