The necessity of IoT Security illustrated by a smart home control on a tablet

IoT Cybersecurity Testing

Security for all devices in the Internet of Things

The special feature of the Internet of Things (IoT) is essentially connected devices. These include sensors and actuators as well as backend connections and optionally communicate with gateways and smartphone apps.

DAkkS
DakkS
All accreditations
All accreditations

Why IoT cybersecurity?

Networking in particular makes applications and components of IoT devices vulnerable to attack. To access a networked device, three main targets are attacked: the device itself, the network and the infrastructure (app, cloud). But the security of the networked environment can prevent such external access. Elements of a holistic IoT cybersecurity are among others:

  • Secure application
  • Robust design
  • Trustworthy handling of private data
  • Update/upgrade behavior of firmware and software
  • Security against attacks on the data validity and authenticity of the communication partners

Holistic reliability: IoT cybersecurity testing at CETECOM

A selection of different icons, man in the background clicks on the cloud security symbol

With our CETECOM IoT cybersecurity tests, we verify the current security status of your connected devices – an important milestone in the market launch of your products. Benefit from our years of experience in regulatory certification of products with wireless technologies.

 

ETSI EN 303 645 / ETSI TS 103 645 and ETSI TS 103 701

We have been accredited by the German Accreditation Body (DAkkS) for the European Cybersecurity Standards/Specifications for Consumer IoT devices.

ETSI EN 303 645 and ETSI TS 103 645 define the essential requirements, while ETSI TS 103 701 contains test cases to verify these requirements. Based on these test definitions, a manufacturer can demonstrate the conformity of its device according to ETSI EN 303 645.

CTIA Cybersecurity Certification Test Plan for IoT devices

ctia – everything wireless

Our laboratories in Germany and the USA have been recognized by the CTIA as Authorized Test Laboratory (ATL) for the CTIA Cybersecurity Certification Test Plan for IoT devices.

The IoT Cybersecurity Test Plan defines test cases that must be performed on the device in a recognized test laboratory in order to obtain CTIA cybersecurity certification. The certification is defined for three security levels. The first level tests basic security features of IoT devices, while the second and third levels test security elements for devices with increasing complexity and manageability.

The tests assume that the device provides an execution environment for IoT applications that uses an LTE, 5G or WLAN communication module. If the end device does not support at least one of these communication options, the CTIA test plan is not applicable.

Based on the CTIA requirements, CETECOM will provide you with an IoT cybersecurity certification according to the latest CTIA requirements.

The „CSC – CyberSecurity Certified“ label

CSC 'Cybersecurity Certified' label

Cybersecurity will become an integral part of product safety and, with clear legal requirements and independent cybersecurity tests, can have a positive signal effect on product sales. A first step has been taken – a Europe-wide security certificate is offered by the new test mark: CyberSecurity Certified (CSC).

As part of this approval process, which is divided into three stages, we and our partner TÜV NORD are focusing on meeting the basic requirements for secure development and operation over the entire life cycle of the product. These requirements are largely based on the basic safety requirements for consumer IoT devices according to ETSI EN 303 645.

The following cybersecurity tests are performed as part of this process:

  • Secure product development and documentation.
  • In-house cybersecurity checks, e.g. nmap scan, vulnerability scan, static and dynamic code analysis, input validation
  • Secure operation, related to authentication
  • Password management
  • Data storage
  • Secure product lifecycle, related to
  • Update mechanism
  • Security update information
  • Reset to factory settings
  • Patch management
  • Vulnerability management
  • Incident management
  • Change and risk management

CETECOM performs the tests and prepares a corresponding test report. This is then verified by our partner TÜV NORD and after successful completion, the manufacturer receives the CyberSecurity Certified mark of conformity and a corresponding certificate for its product.

Accreditations in detail

DAkkS

German Accreditation Body (DAkkS)

Our laboratory in Essen is accredited by the DAkkS to to carry out tests for consumer IoT devices according to European cybersecurity specifications.

Detailed information on the scope of our accreditation for our laboratories in Germany can be found in our accreditation overview.

Further Topics

News on the topic of IoT & cybersecurity

Stay up to date.
The CETECOM™ newsletter is sent out about once a month. No constant follow-up mails. Only selected content from our experts.