Connected consumer products are now an integral part of everyday life but the evolution of this technology has been so fast that security considerations have not kept pace. Security assurance within the supply chain is an extremely important element in the overall process of improving security in the IoT. Standard security requirements are still a long way from being adopted and enforced but represent a fundamental way to validate the statements of individual companies within the ecosystem and provide a critical part of the framework of trust between organisations. Security assurance is a way of verifying the requirements and rules and providing the confidence that a particular device complies with those rules.
Standards must be maintained
Many standards already exist for security across a range of Internet-connected consumer devices, covering hardware and software. However, the most prominent in the IoT space is ETSI EN 303 645, which is a European standard for IoT security in Internet-connected consumer products.
Over the past 40 years, the result of not doing anything, or doing very little, with regards to security has seen many applications compromised, leading to a real impact on every-day life. In the IoT space, for example, cyber physical devices, such as door locks, can be compromised by allowing unauthorised access to a building, or a smart thermostat can be hacked to disrupt the operation at a temperature sensitive facility. So, this becomes more than just an issue with the security of data, but physically manifests as a real-world problem and can even put human safety at risk.
Without vigilance and rigorous security, seemingly harmless products can be taken over and used to cause harm. One well documented example of this was the case of the Mirai Botnet in 2016. Threats such as this are a serious concern to Governments and corporations around the world. Many of the issues come from basic flaws in security design for which the fixes are