CONNECTED PRODUCTS (IOT)
CYBERSECURITY
Ever since the Internet of Things (IoT) was first introduced, it has seen continuous expansion, with more and more connected products. This opens doors to vulnerabilities that can generate dramatic impacts. Our services help manufacturers mitigate the risk of their connected products and assure compliance with new regulations. At the same time, we can support them in developing and communicating their cybersecurity effectiveness.
CONTEXT
Connectivity is now a must-have functionality for new products. And it’s not just about smart gadgets. Connectivity is imperative for any new product, including vehicles, medical devices, and industrial and telecommunications equipment. The cybersecurity of these products has thus become a critical topic that cannot be ignored. After all, any of these newly connected products could end up as a doorway to all kinds of vulnerabilities.
The first few years of the IoT saw the lack of a clear set of relevant standards and frameworks to support manufacturers in developing appropriate assurance levels of security in their products. Today, though, there are multiple internationally recognised standards, frameworks, and certification programs that can help them, including IEC 62443, ETSI EN 303 645, and ISO 21434.
From a regulatory point of view, cybersecurity is also seen as a major topic. The first examples are already in place, or are in the final drafting stage:
- UNECE international regulations mandate connected vehicles’ cybersecurity and software update processes and functionalities.
- Medical devices need to measure up to extensive requirements for placement in various markets, including the US (FDA regulations) and EU (MDR regulations).
- The Radio Equipment Directive (RED) will set in place regulatory requirements that target consumer products.
OUR SERVICES PER TYPE OF PRODUCTS
CONSUMER PRODUCTS
| SUPPORT AND PREPARATION | COMPLIANCE | CERTIFICATION/REGULATORY |
|---|---|---|
| Design reviews | Design reviews | BV IoT Class 1 (CTIA 1) |
| Validation and penetration testing | P-SCAN (product vulnerability scanning) | BV IoT Class 2 (OWASP) |
| BV IoT Class 3 (ETSI EN 303 645) | ||
| Common Criteria Certification | ||
| Radio Equipment Directive (RED) | ||
| EUROSMART IoT certification | ||
| Japan’s Telecommunications Business Law - Security Standards of IoT Equipment |
MEDICAL DEVICES
| SUPPORT AND PREPARATION | COMPLIANCE | CERTIFICATION/REGULATORY |
|---|---|---|
| Design reviews | IEC 62443 compliance | UL 2900 certification |
| Validation and penetration testing | UL 2900 compliance | Common Criteria certification |
| Code reviews | EU MDR compliance gap analysis | |
| Processes reviews | FDA compliance gap analysis |
NETWORK PRODUCTS
| SUPPORT AND PREPARATION | COMPLIANCE | CERTIFICATION/REGULATORY |
|---|---|---|
| Design reviews | IEC 62443 compliance | Common Criteria certification |
| Validation and penetration testing | BSPA certification |
CONNECTED VEHICLES
| SUPPORT AND PREPARATION | COMPLIANCE | CERTIFICATION/REGULATORY |
|---|---|---|
| Review of processes and consultancy in drafting/implementation | ISO/SAE 21434 compliance gap analysis | UNECE Cybersecurity (R155) and Software Updates (R156) compliance gap analysis |
| Workshops on cybersecurity and regulatory requirements | UNECE Cybersecurity (R155) and Software Updates (R156) type approval | |
| Risk assessments on vehicles and components | Common Criteria certification | |
| Penetration testing of components and systems |
INDUSTRIAL PRODUCTS
| SUPPORT AND PREPARATION | COMPLIANCE | CERTIFICATION/REGULATORY |
|---|---|---|
| Design reviews | IEC 62443 compliance gap analysis | IECEE certification (IEC 62443) |
| Validation and penetration testing | Common Criteria certification | |
| Review of development processes | ||
| IEC 62443 workshops |
For more details on our Consumer products cybersecurity services, please visit BV CPS CYBERSECURITY
For more details on IoT services, please visit SECURA IOT MARKET PAGE
