Security of internet of things requires chain approach

A good example of the increased complexity of security in the IoT era is “smart” lighting. A home-garden-and-kitchen ceiling lamp used to be labeled as "safe" when the power network, cabling and switch met the requirements. However, the “smart” lighting that is increasingly being used in home automation environments involves much more when it comes to safety. It must not only meet technical installation requirements, but the app that controls the lighting and the software that make the intelligent lamp smart must be well protected against hackers.

Many devices that are intended for IoT use are marketed without basic security level and can therefore have vulnerabilities. For example, a vulnerability in "smart bulb" software could lead to hackers breaking into Wi-Fi networks via a lighting system. And how big are the consequences with alarm and monitoring systems? Or with self-driving cars? There are cases where hackers gained access to the system of a car and thus took over control. As long as the windshield wipers or air conditioning are concerned, that is not such a disaster, but what if terrorists can use a vehicle in this way in the event of an attack?

Nowadays almost everyone has a smartphone or tablet. No less than ninety percent of all online data was generated in the last two years. Artificial intelligence and machine learning, as developments in the field of the internet of things continue, will increasingly leave their mark on the most diverse aspects of our daily lives. This also means that security challenges are increasing. Securing IoT devices knows no national borders and vulnerabilities can have consequences for governments, companies and citizens all over the world.

With European laws and regulations such as the AVG (GDPR) and the Cyber Security Act, substantial steps have been taken in the field of cross-border cyber security. The AVG regulates EU-wide how organizations should deal with privacy-sensitive information. The Cyber Security Act has introduced new rules that provide Europe with a framework for the certification of cyber security products, processes and services.

It is only logical that IoT devices and components will be subject to more and more requirements. That such standards or guidelines are based on safety throughout the entire chain, is an absolute requirement. Kiwa recently developed a certification scheme in the field of chain-wide IoT security called Remote Access for Remote Services (RARS). The scheme is intended for chains of alarm systems that can be managed with mobile apps. When formulating new requirements, new technologies are integrated into existing standards. For example, the standards EN 50131 and EN 50136, for alarm systems, burglary and robbery systems and alarm transmission systems and equipment, are extended with requirements for data security.

Cyber security is therefore increasingly becoming IoT security. To guarantee that integrated chain safety, separate processes, devices, services and data can be considered "safe". Here, more and more aspects must be taken into account: from access control, data security, code quality and mandatory updates from the manufacturer to security tests and data and access security. Kiwa helps manufacturers and suppliers to bring their products to a higher level of security.

More information

Would you like more information about the RARS certification scheme? Please have a look at this page (global website). Or contact us via the form on this page.