4 November 2021

Kiwa and KPN Security: prevent cyber-attacks on smart devices

Cybercriminals attack consumers through home devices

Cybercriminals are increasingly attacking IoT consumer electronics. If it is up to Kiwa and KPN Security, this will soon change. The two companies have combined their expertise to help manufacturers and suppliers who wish to independently assess and certify their IoT consumer electronics. This ensures consumers that certified products meet standard safety requirements.

Nowadays virtually every household has several ‘smart devices’. Wifi-connected refrigerators, smart TV’s and lighting and online health trackers have become common household products. Too often these IoT devices are not or insufficiently protected against digital threats such as cyberattacks and data leaks. This carries the risk of cybercriminals infecting these IoT devices with rogue software or intercepting network traffic.

Mandatory security measures

Manufacturers and suppliers now have the opportunity to have their IoT products tested against the ETSI EN 303 645 standard, which contains requirements and procedures for the cybersecurity of devices which can be connected to the Internet of Things. This promotes the application of built-in security measures. Thermostats, doorbells, security cameras and other IoT devices that do not meet minimum cybersecurity requirements are expected to be banned from the European market from 2024. This is the result of new EU legislation that was recently adopted. This should ensure that consumers are better protected against cybercrime via IoT consumer electronics.

Independent assessment

Suppliers and manufacturers can now rely on Kiwa and KPN Security for independent assessment and certification of IoT devices on aspects related to cybersecurity. The two parties signed a cooperation agreement for this on November 2, 2021. This allows suppliers and manufacturers to have their products independently certified at a one-stop-shop, enabling them to bring new products to market quickly.

High-quality testing facilities

Within the agreement, KPN Security checks in its high-quality test facilities whether IoT products comply with the ETSI EN 303 645 standard and are therefore sufficiently cybersafe for users. This includes looking at the encryption used, the update mechanisms, default passwords and other important protection against cyberattacks.

Independent test results

Both KPN Security's test facilities and quality system meet high quality requirements and are monitored by Kiwa as an independent testing institution. Quality, independence and impartiality are thus guaranteed. Kiwa can therefore accept the test results for issuing a product certificate. This certificate allows a manufacturer to sell the product on the European market and beyond.


Standing, from left to right: Erno Doorenspleet (KPN) and Sabyne van Mourik (Kiwa). Sitting, from left to right: Ron Scheepers (Kiwa) and Madelon Spaan (KPN)

Basic safety requirements

‘With a product certificate, manufacturers can demonstrate that the foundation for cybersecurity is present in their IoT consumer products,’ says Sabyne van Mourik, business development manager at Kiwa. ‘This offers good protection against cyberattacks that can for example cause data leaks. Consumers know that a product meets the basic safety requirements.’ Erno Doorenspleet, CTO at KPN Security adds: ‘IoT devices are becoming increasingly popular because they can add a lot of value to our lives by making things more sustainable, simpler or efficient. Security is an absolute precondition for this. It is crucial to build IoT products securely from scratch, so that they are safe by design. This provides a good basis for cybersafe use of these IoT devices.’


About KPN Security

KPN Security has been playing a crucial role for decades in guarding the critical infrastructure of Dutch organisations. Every day we support more than 1,200 customers who rely on our knowledge and expertise, and on the most extensive security portfolio available on the market. We do not only offer strong, ready-to-use security solutions for identity and privacy, but we also have a complete portfolio for managed security solutions.

With over 400 security professionals, we are the largest Managed Security Service Provider (MSSP) in the Netherlands and market leader in the Dutch IT security market. This also includes a state of the art Security Operations Centre. From our SOC the security specialists secure and monitor the IT infrastructure of KPN and its business customers. So that they can use the opportunities of the digital world with uttermost confidence.

Please visit this website for more information.