The special characteristic of the Internet of Things (IoT) essentially consists of networked devices. These include sensors and actuators, as well as backend connections, and optionally communicate with gateways and smartphone apps. It is precisely the networking that makes applications and components of IoT devices vulnerable. To access a networked device, three main targets are typically attacked: the device itself, the network, and the infrastructure (app, cloud).
Certain security aspects can prevent or at least hinder third-party access and attacks on the networked environment. Elements of holistic IoT Cybersecurity include, among others:
- Secure Applications
- Robust Design
- Trustworthy handling of private data
- Firmware and Software Update/Upgrade Procedures
- Security against attacks on data validity and authentication of communication partners
The RWTÜV subsidiary CETECOM supports companies in achieving the best possible safety for their technical products in a variety of ways:
Tests according to ETSI EN 303 645 / ETSI TS 103 645 and ETSI TS 103 701
CETECOM has been accredited by the German Accreditation Body (DAkkS) for the European cybersecurity standards/specifications for consumer IoT devices. ETSI EN 303 645 and ETSI TS 103 645 define the basic requirements, while ETSI TS 103 701 contains test cases to verify these requirements. Based on these test definitions, a manufacturer can demonstrate the conformity of their device in accordance with ETSI EN 303 645.
CTIA Cybersecurity Certification
The CETECOM labs in Germany and the USA have been recognized by the CTIA as an Authorized Test Laboratory (ATL) for the CTIA Cybersecurity Certification Test Plan for IoT Devices, and devices that pass may receive CTIA Cybersecurity IoT Certification according to the latest CTIA requirements for network operators.
„CSC – CyberSecurity Certified“
As part of the CSC approval process, CETECOM, together with its partner TÜV NORD, focuses on meeting the fundamental requirements for secure development and operation throughout the entire product lifecycle. These requirements are largely based on the fundamental security requirements for consumer IoT devices according to ETSI EN 303 645.
CETECOM conducts the tests and prepares a corresponding test report. This is then verified by our partner TÜV NORD and, upon successful completion, the manufacturer receives the CyberSecurity Certified conformity mark and a corresponding certificate for their product.
With the cybersecurity services of RWTÜV subsidiary CETECOM, networked devices are verified to be up to date with the latest security standards. An important milestone in the market launch of technical products.
For further information, see https://www.cetecom.com/de/testen/it-sicherheit/