IoT security testing and certification program
To help companies mitigate risks associated with an increasingly connected world, ICSA Labs, an independent division of Verizon, is rolling out a new security testing program to provide assurance testing for Internet of Things (IoT) devices and sensors.
ICSA Labs will test six components as part of the new IoT Security Testing and Certification Program including: alert/logging, cryptography, authentication, communications, physical security, and platform security. The ICSA Labs Product Assurance Report found the majority of security devices fail to perform as intended.
“We expect the Internet of Things to be the next digital wave,” said George Japak, managing director, ICSA Labs. “Given the enormity and complexity of the space, it can be tricky for enterprises to navigate. We know from multiple recent studies that the #1 concern among adopters is security and privacy, and our new IoT Security Testing and Certification Program directly addresses this concern.”
The certification program is recommended as part of an overall compliance program for organizations that brand and resell IoT devices and sensors; organizations implementing IoT devices and sensors in their businesses; and device and sensor makers.
Certified devices and sensors carry the ICSA Labs’ mark of approval that indicates they underwent demanding testing and any weakness or vulnerability found was mitigated and confirmed through further testing by ICSA Labs. In addition, certified devices are tested over their lifecycle at regularly established intervals to help make the devices more secure.
“Currently very little exists in the form of organized testing and/or standards to ensure IoT devices and the data exchanged is protected,” said George Japak, managing director for ICSA Labs. “This program is aimed at filling that gap especially as more companies embrace the Internet of Things to streamline business and provide higher levels of customer service.”
In developing the new criteria, ICSA Labs compared its categories and requirements to other emerging guidelines including OWASP Internet of Things Top 10, Industrial Internet Consortium Reference Architecture and the Online Trust Alliance’s IoT Trust Framework.