Connected_Products_Security_cover

Connected Products (IoT) Cybersecurity

Ever since the Internet of Things (IoT) was first introduced, it has seen continuous expansion, with more and more connected products. This opens doors to vulnerabilities that can generate dramatic impacts. Our services help manufacturers mitigate the risk on their connected products and assure compliance with new regulations. At the same time, we can support them in developing and communicating their cybersecurity effectiveness.

Context

Connectivity is now a must-have functionality for new products. And it’s not just about smart gadgets. Connectivity is imperative for any new product, including vehicles, medical devices, and industrial and telecommunications equipment. The cybersecurity of these products has thus become a critical topic that cannot be ignored. After all, any of these new connected products could end up as a doorway to all kinds of vulnerabilities.

The first few years of the IoT saw the lack of a clear set of relevant standards and frameworks to support manufacturers in developing appropriate assurance level of security into their products. Today, though, there are multiple internationally recognized standards, frameworks, and certification programs that can help them, including IEC 62443, ETSI EN 303 645, and ISO 21434.

From a regulatory point of view, cybersecurity is also seen as a major topic. The first examples are already in place, or are in a final drafting stage:

  1. UNECE international regulations mandate connected vehicles’ cybersecurity and software updates processes and functionalities.
  2. Medical devices need to measure up to extensive requirements for placement on various markets, including the US (FDA regulations) and EU (MDR regulations).
  3. The Radio Equipment Directive (RED) will set in place regulatory requirements that target consumer products.

Our services per type of products

Consumer products
Support and preparation Compliance Certification/Regulatory
Design reviews ETSI EN 303 645 BV IoT Class 1 (CTIA 1)
Validation and penetration testing P-SCAN (product vulnerability scanning) BV IoT Class 2 (OWASP)
    BV IoT Class 3 (ETSI EN 303 645)
    Common Criteria certification
    Radio Equipment Directive (RED)
    EUROSMART IoT certification
    Japan’s Telecommunications Business Law - Security Standards of IoT Equipement
Medical devices
Support and preparation Compliance Certification/Regulatory
Design reviews IEC 62443 compliance UL 2900 certification
Validation and penetration testing UL 2900 compliance Common Criteria certification
Code reviews   EU MDR compliance gap analysis
Processes reviews   FDA compliance gap analysis
Network products
Support and preparation Compliance Certification/Regulatory
Design reviews IEC 62443 compliance Common Criteria certification
Validation and penetration testing   BSPA certification
Connected vehicles
Support and preparation Compliance Certification/Regulatory
Review of processes and consultancy in drafting/implementation ISO/SAE 21434 compliance gap analysis UNECE Cybersecurity (R155) and Software Updates (R156) compliance gap analysis
Workshops on cybersecurity and regulatory requirements   UNECE Cybersecurity (R155) and Software Updates (R156) type approval
Risk assessments on vehicles and components   Common Criteria certification
Penetration testing of components and systems    
Industrial products
Support and preparation Compliance Certification/Regulatory
Design reviews IEC 62443 compliance gap analysis IECEE certification (IEC 62443)
Validation and penetration testing   Common Criteria certification
Review od development processes    
IEC 62443 workshops    

For more details on our Consumer products cybersecurity services, please visit BV CPS Cybersecurity
For more details on IoT services, please visit Secura IOT Market Page