IASME collaborate with Police CPI on secure connected device accreditation

Worcestershire-based cyber and information security experts IASME have announced they are collaborating with Secured by Design, the official police security initiative, on their new secure connected device accreditation.

Besides computers, tablets and mobile phones, many other objects connect to the internet. Bike locks, storage cupboards, security cameras and lights are examples of ‘connected’ or ‘smart’ devices, which are collectively known as the ‘Internet of Things’. They enable the user to control their functions remotely, usually using a mobile phone app.

But if a smart device can be accessed by the user online, there is also the possibility that other people may be able to access it, which raises both security and privacy concerns.

Insecure devices can provide an access point for criminals on the internet to steal personal data, access microphones or cameras or hijack a device for ulterior motives. It is therefore important to ensure that all IoT products have the right security in place to protect consumers from becoming victims of cyber crime.

Secured by Design (SBD) operates an accreditation scheme on behalf of the UK Police Service to show that products or services have met recognised security standards. These products or services – which must be capable of deterring or preventing crime - are described as having achieved ‘Police Preferred Specification’.

There are currently many hundreds of companies who produce thousands of individual attack resistant crime prevention products that have met the exacting Police Preferred Specification.

This includes doors, windows, external storage, bicycle and motorcycle security, locks and hardware, asset marking, alarms, CCTV, safes, perimeter security products and many others. SBD is the only way for companies to obtain police recognition for security-related products in the UK.

This year, SBD launched a Secure Connected Device accreditation for companies providing internet connected products. Working closely with certifying bodies, who assess IoT products and services against the worldwide standard, SBD’s IoT Device assessment framework identifies the level of risk associated with an IoT device and its ecosystem. They are then able to provide recommendations on the appropriate certification routes.

Once third party testing and independent certification for a product has been achieved, the company can apply to become SBD members. The product will receive the SBD Secure Connected Device accreditation, a unique and recognisable accreditation that will highlight products as having achieved the relevant IoT standards and certifications.

Michelle Kradolfer, SBD’s IoT Technical Officer, said: “I am delighted to announce that we have included IASME’s IoT Cyber Assurance Level 2 into our Secure Connected Device framework.

"With the rise in IoT and smart devices being sold in the UK market, it’s important for companies to ensure that their IoT products are built as securely as possible and an integral part of doing so is getting their IoT products appropriately assessed and accredited.

"By obtaining our Secure Connected Device accreditation and undergoing a testing and certification process, companies are sending a clear message on the importance of IoT security for their products, which will make them stand out from the crowd and inspire confidence from their consumers.”

Dr Emma Philpott MBE, CEO of Malvern-based IASME, welcomes the partnership with SBD and the integration of the scheme as part of widespread and comprehensive accreditation. She says “IASME has developed the IoT Cyber Assurance scheme to provide an opportunity for manufacturers to improve the security of their internet-connected devices and to show they are compliant with best-practice security.

"The technical controls required for certification guard against the exploitation of common IoT cyber security vulnerabilities. Certification is a vital tool in enabling organisations to verify the security of connected devices in their own supply chain.”