ICSA Labs Launches New IoT Certification Program

ICSA Labs Launches New IoT Certification Program

ICSA Labs has launched a new certification and testing program specifically for IoT devices and sensors, in a bid to improve overall standards of security in embedded computing devices.

The Verizon subsidiary will test six elements in its new IoT Security Testing and Certification Program: alert/logging, cryptography, authentication, communications, physical security, and platform security.

It’s being recommended for firms that develop, manufacture and resell IoT kit and those looking to buy devices and sensors to use inside their business.

Products that pass the test will receive the ICSA Labs badge of approval, which the firm hopes will become a standard of excellence in the industry.

As such, in developing the standard, ICSA Labs looked to other emerging guidelines such as the OWASP Internet of Things Top 10, the Industrial Internet Consortium Reference Architecture and the Online Trust Alliance’s IoT Trust Framework.

ICSA Labs managing director, George Japak, argued that the sheer size of the IoT industry already makes it difficult for firms to find the most secure products.

“Currently very little exists in the form of organized testing and/or standards to ensure IoT devices and the data exchanged is protected,” he added. “This program is aimed at filling that gap especially as more companies embrace the Internet of Things to streamline business and provide higher levels of customer service.”

Adam Philpott, director of cyber security for Cisco EMEAR, argued that as barriers to entry for IoT products are low there can often be associated risks, and as IoT endpoints expand so the risk increases.

“Companies can no longer rely upon labor-intensive systems for identifying and remediating breaches in a timely manner. To establish the security posture of endpoints, organizations must consider how they implement the systems that can identify and remediate cyber threats at digital pace and scale,” he told Infosecurity by email.

“It is therefore vital that organizations adopt a holistic and integrated approach to threat defense to mitigate risk, simplify compliance and build trust. By doing so, organizations can enable a faster threat response and increase the potential of keeping pace with increasingly bold, innovative and persistent hackers.”

Numerous reports over the past few years have highlighted security and privacy issues in IoT products.

Most recently, over half (53%) of IT professionals surveyed by Spiceworks claimed that wearables are the most likely source of any IoT-related internal security breach.

Consumers are concerned too. A report from global trade body the Mobile Ecosystem Forum (MEF) last month found that 62% are concerned about privacy and 54% said they were worried about home security as a result of the IoT.

Source: Information Security Magazine