With the exponential growth of the Internet of Things (IoT), the vulnerability of billions of IoT devices to cyber attacks is increasing. Nemko has now launched a cyber security certification service based on the new European standard “Cyber Security for Consumer Internet of Things”.
Large corporations have already suffered the consequences of hacks, with intruders gaining entry to core financial systems and credit card data. Open backdoors have been found in poorly secured ‘minor’ IoT devices, such as air-conditioning units, printers and even the thermometer of a lobby aquarium.
Manufacturers of IoT devices have in recent years had vague cyber security regulations to follow. They have seen an increasing number of different customer requirements and an array of guidelines from dozens of third parties. A standardised set of requirements has been a pressing need.
Nemko’s customers can now achieve an overall certification to demonstrate compliance with a common European cyber security standard. This simplifies the process and provides the proof and documentation they need towards the market and their customers.
Per Ove Øyberg, CEO, Nemko
Certifications make it possible to simplify trade by having a common and defined set of requirements, demonstrate security to customers and ensure regulatory compliance. They make products safer by finding vulnerabilities in the product design, such as a hardcoded password, ports that are unnecessarily left open, radio transmissions that give information to a possible outside listener or a lack of secure solutions for closing future vulnerabilities.
The first customer to achieve the new cyber security certification is the Norwegian IoT manufacturer Datek, one of Norway’s leading providers of IoT products and solutions. Datek delivers solutions to private companies and the public sector both in Norway and internationally.
We’re very satisfied with this project and the cooperation with Nemko. We believe the new certification scheme will lift the quality of the products and increase consumer trust in connected devices.
Espen Westgaard, CTO, Datek
In the initial project, Nemko evaluated a Datek gateway for smart houses. Early input from Datek was important for determining the best work processes and methodology for the assessment, using a standard with a common and defined security level. Nemko performed evaluation of the product design and solutions, and the testing was done on Datek premises.