Contact person
Ted Strandberg
Projektledare
Contact Ted
Certifications of Cyber Security for Consumer Internet of Things
RISE offers testing and certification of IoT devices according to cybersecurity requirements from the ETSI (European Telecommunications Standards Institute) and the Swedish Theft Prevention Association SSF.
Purpose
IoT devices are consumer products that anyone can have in their home and that can connect to the internet. Examples include smart TVs, home assistants, smart speakers, connected household appliances such as refrigerators and washing machines, connected alarm systems, digital door locks, smoke detectors or baby monitors.
These products have become part of our daily life and although they help us in many daily routines, they can compromise our privacy and security if not designed correctly. Security standards such as ETSI EN 303 645 and SSF 1120-1 contain requirements on cybersecurity aspects that the product needs to meet, ensuring a higher level of security.
With the increasing use of internet-connected products in the home, the likelihood of cyber-attacks is increasing. It is important that the product is developed and tested correctly to withstand such attacks. The ETSI EN 303645 standard defines the basic requirements for IoT products throughout the product life cycle such as the design, development, manufacturing, use and maintenance phases.
Testing IoT devices against the ETSI EN 303645 standard assesses whether the product meets the general cybersecurity requirements of the standard and testing against the SSF 1120-1 standard tests whether the product can withstand an attack through penetration testing.
Method
The evaluation is based on methods accredited by Swedac for the standards:
- ETSI EN 303 645
- SSF 1120-1
The test against the standard is advantageously complemented by a penetration test that RISE can offer as a separate service. Here you find our penetration test offer.
Deliveries
The results of the RISE evaluation are compiled in an accredited RISE report.
Avaliable courses
RISE offers the following courses in this area:
-Cybersecurity on IoT products
FAQ
FAQ
Why is cybersecurity important for IoT devices in the home?
Cybersecurity is critical for IoT devices because they collect and store personal information about users. If they are not adequately protected, they can be vulnerable to cyber-attacks that could lead to intrusion, data theft or unauthorised control of the device.
What testing is required to certify IoT devices to cybersecurity standards?
Tests to certify IoT devices include assessing the device's resistance to attacks, which is done by testing against standards such as ETSI EN 303 645 and SSF 1120-1, as well as penetration testing to identify vulnerabilities.
What is the difference between ETSI EN 303 645 and SSF 1120-1 standards?
ETSI EN 303 645 is a European standard that defines basic cybersecurity requirements for IoT products throughout their lifecycle. As SSF 1120-1 is based on ETSI EN 303 645, they are very similar, but a major difference is that some requirements have been added on how to perform penetration testing.
How can I get help in improving the cybersecurity of IoT devices?
RISE offers testing to ensure that the IoT device meets the cybersecurity requirements of both ETSI EN 303645 and SSF 1120-1 standards.
