Cybersecurity IoT

IoT Device Cybersecurity

Ensure your device is not vulnerable to attacks

Ensure your device is not vulnerable to attacks

What is Cybersecurity and Why is IT Important?

Cyber security refers to the body of technologies, processes, and practices designed to protect the devices, networks, programs, and data from unauthorised access. Internet connected devices are constantly under threat from attack so If your device is vulnerable, then it could be hijacked and made unusable or your own or your customers data could be lost. For any business, this could be devastating from a brand and consumer confidence perspective, and could even have severe legal ramifications. This highlights the importance of ensuring that a device is “Cyber Secure”.

Global Legislation: NISTIR 8259 and EN 303 645

Mandatory cyber regulations are being introduced on a global scale. Therefore, it is important that a manufacturer understands what their responsibilities are to the end-user. There are several cybersecurity standards and recommendations already available providing guidance on cyber security of IOT devices.

Mandatory cybersecurity regulations are under review on a global scale, so it is important to consider this in any product development. There are several cybersecurity standards currently available providing guidance and test requirements on cybersecurity of IoT devices. Two important standards are:

  • ETSI EN 303 645 – This is a European Standard designed to encourage baseline security of consumer IoT devices
  • NISTIR 8259 – Foundational Cybersecurity for IOT devices. Can be used to support legislation in the US

What is Cybersecurity Testing and Assessment?

Any device which is connected to the internet instantly becomes a target for a malicious attacker to try and compromise that device. By performing a cybersecurity assessment and associated testing a manufacturer can identify any vulnerabilities through simulating an attack. Such an assessment is typically done by a combination of risk analysis and direct testing.

What is involved in CyberSecurity Testing?

The testing or assessment can be done in several ways. It could be as defined in applicable standards or as bespoke testing using industry accepted methods. Simple things like checking default passwords, software updates and reporting vulnerabilities are required as standard, but more in-depth penetration tests may be applied.

How can TÜV SÜD help?

TÜV SÜD has a global network of test facilities which is home to numerous cyber experts. We can perform testing to the latest standards and regulations discussed above, as well as providing bespoke risk assessments, tests and cyber training. Services include:

  • IOT Device testing to EN 303 645 and NISTIR 8259
  • Penetration Testing
  • Cybersecurity Risk Assessments (IoT, Network, B2B)
  • GDPR and Data Privacy
  • Regulatory Testing (RED, EMC, Safety, Global Market Access (GMA))

Next Steps

Site Selector