Security: BSI unveils new kitemark certification for IoT devices

Security: BSI unveils new kitemark certification for IoT devices

Connected technology firms are now able to apply for a specialist IoT certification from the British Standards Institution (BSI) to show that their products are secure.

After a lengthy consultation process, the BSI has unveiled the Kitemark for Internet of Things devices, to help buyers easily identify IoT products that are trustworthy, safe, secure, and functional.

Recent research has found that the average household has up to ten internet-connected devices, with that number expected to grow to 15 by 2020. However, other reports have revealed that many popular smart home products and security cameras contain serious security flaws.

Internet of Business also reported recently that the growth of so-called shadow IoT devices poses a security challenge to enterprises, with employees connecting fitness trackers, smart TVs, household appliances, games consoles, and other IoT devices to corporate networks, opening them to the risk of cyber attack.

To help tackle the spread of insecure devices on the country’s networks, the British government introduced its Secure by Design guidelines in March, to make sure that IoT manufacturers take steps to improve the security of their products.

Improving product security

The BSI said it’s looking to build on these guidelines by “providing an ongoing rigorous and independent assessment to make sure the device both functions and communicates as it should, and that it has the appropriate security controls in place”.

There are three IoT Kitemarks, for products used in residential, commercial, and high-risk applications. Companies applying for BSI certification will need to submit their devices for in-depth testing to determine both their security and safety, and their intended use.

If a device passes all of the tests, then the manufacturer will able to display the Kitemark on products and associated marketing materials.

As well as looking for security flaws, the BSI will quiz manufacturers on the functionality and interoperability of their products. The organisation said that companies will “undergo regular monitoring and assessment” after the initial tests have been completed.

David Mudd, IoT business development director at the BSI, believes that the certifications will support both consumers and technology companies. “Connected devices can bring huge benefits to consumers, but as they become ever more commonplace, it’s imperative that both their function and their security is up to scratch,” he said.

“The new BSI Kitemark for IoT Devices will provide consumers with a quick and easy way of identifying which products they can trust to not only perform as expected, but also keep their data secure.”

Internet of Business says

With GDPR coming into play this month, the need to take a smarter view of enterprise security could not be clearer – particularly in the wake of numerous reports which reveal that IoT security strategy is poor in many organisations, with many also failing to take even basic precautions with IoT devices.

Here is a selection of our recent IoT security reports:-

Our Internet of Manufacturing events take place on 5-6 June in London, and on 6-7 June in Chicago.