What aspects are part of the security of an IoT-environment?
The impact of the Internet of Things (IoT) on our daily live increases. The more and more evolving functionalities of smart devices offer opportunities. In contrary to these benefits, there are also some challenges when it comes to safety and security. Devices and buildings which are connected to the internet might contain one or more vulnerable parts. Therefore, it’s important to understand what IoT is and what aspects should be taken into account when we look at the security of an IoT-environment. In the end we should be completely confident we can for instance trust our fire alarm while we are asleep.
Two IoT disciplines
IoT can be divided in two disciplines: Consumer Products IoT and Industrial IoT. There are some similarities between these disciplines, like the integral chain approach. However, the two disciplines are used in a different way. This implicates the safety requirements differ, for example in severity, when both disciplines are brought into practice. The requirements can be more strict for one application when compared to another:
- Consumer Products IoT: products or devices which are used by the end consumer. Like a smart doorbell.
- Industrial IoT: processes which have an industrial purpose. This is for instance a production process of a boiler in which collected data is used to make the process ‘smarter’.
Three main topics for safety in IoT
When looking at safety in IoT we can distinguish three main topics. The vulnerability in smart devices is in most cases caused by unawareness about possible failures during installation of the end- product. There are very specific technical parts which should be applied with relevant expertise and specialization to reach the required safety level.
The three main topics for safety in IoT are:
- Technology: this is the technical development which provide us the IoT functionalities. Like encryption, radio technology, modulation, building materials etc.
- Processes: the technology is part of processes that consist of predefined procedures to provide a service to people.
- Human interaction: the way people use the technology and processes.
Testing IoT safety
Several standards have been developed to test safety of IoT devices. These tests help your organization in product development. A product which has an official certificate distinguishes itself from its competitors. Plus the certificate can be a requirement to be able to sell the product on the market you aim for. Products with a certificate give extra assurance to the client. He or she will have the confidence to install for example your smart fire alarm.
As your Partner for Progress Kiwa can help you with this. Together we make sure IoT safety increases constantly.
Would you like to know more? Please contact Sabyne van Mourik via Sabyne.firstname.lastname@example.org or 06-25010217.
ETSI EN 303 645
The ETSI EN 303 645 standard consists of requirements and procedures for cybersecurity of IoT-consumer products. The ETSI EN 303645 not only focusses on the smart device itself, but also on sensors and operational parts of the device. We do that by defining the requirements of the relevant safety aspects of the consumer IoT product.
More and more industrial Automation Control Systems are equipped with components that make use of the internet in a clever way in order to work more efficient and safe. De connection to the internet provides security challenges. This standard takes up these challenges.
Penetration tests of systems
A penetration test consists of several steps in which the vulnerability of a system is detected. The system is tested in all elements of the attack: from preparation to evaluation. This way the weaknesses of a system is tackled systematically. The penetration tests are custom made and performed.