Kiwa and KPN Security: prevent cyber-attacks on smart devices

Cybercriminals are increasingly attacking IoT consumer electronics. If it is up to Kiwa and KPN Security, this will soon change. The two companies have combined their expertise to help manufacturers and suppliers who wish to independently assess and certify their IoT consumer electronics. This ensures consumers that certified products meet standard safety requirements.

Nowadays virtually every household has several ‘smart devices’. Wifi-connected refrigerators, smart TV’s and lighting and online health trackers have become common household products. Too often these IoT devices are not or insufficiently protected against digital threats such as cyberattacks and data leaks. This carries the risk of cybercriminals infecting these IoT devices with rogue software or intercepting network traffic.

Mandatory security measures

Manufacturers and suppliers now have the opportunity to have their IoT products tested against the ETSI EN 303 645 standard, which contains requirements and procedures for the cybersecurity of devices which can be connected to the Internet of Things. This promotes the application of built-in security measures. Thermostats, doorbells, security cameras and other IoT devices that do not meet minimum cybersecurity requirements are expected to be banned from the European market from 2024. This is the result of new EU legislation that was recently adopted. This should ensure that consumers are better protected against cybercrime via IoT consumer electronics.

Independent assessment

Suppliers and manufacturers can now rely on Kiwa and KPN Security for independent assessment and certification of IoT devices on aspects related to cybersecurity. The two parties signed a cooperation agreement for this on November 2, 2021. This allows suppliers and manufacturers to have their products independently certified at a one-stop-shop, enabling them to bring new products to market quickly.

High-quality testing facilities

Within the agreement, KPN Security checks in its high-quality test facilities whether IoT products comply with the ETSI EN 303 645 standard and are therefore sufficiently cybersafe for users. This includes looking at the encryption used, the update mechanisms, default passwords and other important protection against cyberattacks.

Independent test results

Both KPN Security's test facilities and quality system meet high quality requirements and are monitored by Kiwa as an independent testing institution. Quality, independence and impartiality are thus guaranteed. Kiwa can therefore accept the test results for issuing a product certificate. This certificate allows a manufacturer to sell the product on the European market and beyond.

Basic safety requirements

‘With a product certificate, manufacturers can demonstrate that the foundation for cybersecurity is present in their IoT consumer products,’ says Sabyne van Mourik, business development manager at Kiwa. ‘This offers good protection against cyberattacks that can for example cause data leaks. Consumers know that a product meets the basic safety requirements.’

Erno Doorenspleet, CTO at KPN Security adds: ‘IoT devices are becoming increasingly popular because they can add a lot of value to our lives by making things more sustainable, simpler or efficient. Security is an absolute precondition for this. It is crucial to build IoT products securely from scratch, so that they are safe by design. This provides a good basis for cybersafe use of these IoT devices.’

More information

• Read more the joint expertise of Kiwa and KPN Security regarding Independent assessment and certification security measures of IoT consumer electronics on the website of Kiwa Netherlands.
• Read more about "ETSI EN 303 645: security of IoT consumer electronics" on this page.

From left to right: Ron Scheepers (Kiwa), Sjoerd Hulzinga (KPN), Bart Scholten (Kiwa), Diederik van Daal, Erik van der Meij, Madelon Spaan, Jeroen Hondeman, Erno Doorenspleet (all KPN) and Sabyne van Mourik (Kiwa).