Cyber Security certification
Over the past year, Datek AS and Nemko have been discussing a scheme for cyber security certification of IoT products. The certification targets the consumer market in general with focus on smart home products in particular. There is a lot of negative press around the lack of security in IoT products. This leads to consumer skepticism. We hope that a cyber security product label can work in a similar way to other labels found on products related to for example environment and health. The certificate documents that the manufacturer has focused on security and privacy and comply to established best practice. In the long term, we hope that such a certificate will be required to ensure that manufacturers have enough focus on this area in their products.
Nemko has been working intensely on this service for the past few months. Since April we have been working on a joint pilot with Nemko for one of our smart home products.
«We are very pleased with the collaboration with Nemko in this project. We believe such a certification scheme can lift the quality and trustworthiness of connected products among consumers in the future», says Espen Westgaard, CTO at Datek AS.
Cybersecurity around the world
The security certification Nemko is launching is in preparation for legislative regulations expected to come from the EU next year. These regulations are linked to the EU Cybersecurity Act and their Certification Framework. It is expected that the certification will be based on the new ETSI EN 303 645-standard (“Cyber Security for Consumer Internet of Things”). It is this standard that was used in the pilot. In Finland a Cyber security product label is already implemented based on the same standard. Other countries and American states are also working on similar efforts.
«It was important for Nemko to run a pilot project on the new European security standard with a representative IoT product. With its long experience and technical expertise in cyber security, Datek was an ideal partner for this, and showed that such projects can be carried out efficiently through good cooperation», says Geir Hørthe, Certification Manager at Nemko.
The experience with the pilot has been very good. It was confirmed that we follow best practice in our approach to a security focused product development for our smart home products, both with regards to hardware and software. At the same time, the pilot project pinpointed several issues that improved the security and privacy aspects of our product.
It is important to emphasize that certification does not guarantee that the product is “hacker proof”. However, it ensures that we follow best practice when it comes to the security and privacy areas of our products.
«As a developer, we see certification requirements as a helpful tool in the development of our products. The ETSI EN 303 645 standard places reasonable demands on what is best practice in this area and contributes to an increased focus on embedded security and privacy. The standard itself does not create products that are 100% secure, but it raises awareness of safety at every level and thus raises the quality of the products», says Kåre Gunnar Nesheim, Senior Developer at Datek AS.
Are you interested in learning more about the new standard. Join Nemkos webinar on IoT and Cybersecurity.
Related articles about IoT security