The compliance scheme will allow ‘smart’ devices and applications to be assessed against the Government’s proposed new IoT Code of Practice and the scheme allows for assessment within a digital verification framework providing ongoing real-time visibility of the scope, meaning and status of verification for a product or application.
The framework is intended to provide the flexibility to allow further evolution as the scheme is implemented and rolled-out and, according to David Mudd, the IoT Development Director at BSI, reflects the need for security provisions to be appropriate to the properties of the technology and usage.
The BSI’s new IoT compliance scheme is based on global best practice for information security, and is matched to the 13 points in the proposed Code of Practice developed by the government in collaboration with the National Cyber Security Centre, manufacturers and retailers.
According to Mudd, “There is already at least one IoT device for every person on the planet, and this is set to grow exponentially as the full potential of this technology is realised.
“Consumers and industry need to have confidence in the safety and reliability of these new devices and applications. Standards catalyse trust between innovative technologies and innovative business models and the independent verification of the Government’s Code of Practice will help to unlock trust in the IoT.”
Up until now it has been difficult to assess the safety and reliability of IoT devices and their applications. As a result, an individual’s online security, privacy and data has been at risk of exploitation or hacking. Recent high-profile breaches have included attacks on smart watches, CCTV cameras and children’s dolls.
A Government spokesperson responding to the announcement from the BSI said: "This Government wants everyone to benefit from the huge potential of internet-connected devices and it is important they are safe and have a positive impact on people’s lives.” They welcomed the work of the BSI in shaping and driving compliance.
Standards and guides
While the announcement focused on the verification of the Government’s IoT Code of Practice, the BSI has been working to develop a number of standards and guides to support the IoT. Its existing specification, PAS 212, underpins IoT interoperability, for example.
“The BSI is facilitating collaboration on IoT innovation and has a 1,300 strong IoT Community of experts and organisations looking to shape new opportunities and creating industry-led best practice in IoT,” explains David Cuckow, Global head of IoT at the BSI.
“As technologies and business models evolve, consensus standards are developed and revised, allowing the next cycle of innovation to start from a higher level.”
Cuckow accepts that the IoT, especially when it comes to the consumer space, is lagging when it comes to implementing security.
“Security is often an afterthought when it comes to developing new innovative products. We recently undertook research, funded by Innovate UK, part of which was to look at developments in standards globally. While we found that interoperability was a very hot topic, there was certainly less focus on security.”
According to Cuckow, “When it comes to security we need to bring all the key actors together in order to form a consensus for setting standards. That’s one of the main drivers behind out decision to establish an IoT community model – security and interoperability are key to unlocking the economic value of the IoT.”
To that end the BSI is looking to synchronise with national and international standards bodies to bring IoT stakeholders such as policy makers, regulatory bodies, manufacturers and suppliers together.
“It’s a complex value chain and we need manufacturers and stakeholders to take more responsibility when it comes to security,” says Cuckow. “Our role is to engage with the community at an early stage and to bring much greater focus to the issue of security.”