The new Cybersecurity Certified mark of TÜV-Verband supports digital security in the Consumer Internet of Things (CIoT) and reduces reservations against this new area of technology. TÜV SÜD has now awarded its first CSC certification mark, which went to a US manufacturer and confirms the cybersecurity credentials of a connected vacuum robot.
So far, many consumers have been wary of buying smart home appliances such as smart TVs and alarm or home automation systems that connect households to the Internet, even though these devices ease workloads and offer time and cost savings in everyday life. This reticence is rooted in concerns over cyberattacks or inadequate data protection.
According to a Forsa study commissioned by TÜV-Verband, the association of testing, inspection and certification organisations in Germany, and carried out in January 2021, two out of three respondents were concerned that their IoT devices might be hacked. Three-quarters of those surveyed said they would look out for third-party IoT certification. “Against this backdrop, we are proud to be the first testing, inspection and certification (TIC) company in Germany to have issued the CSC certificate”, says Florian Wolff von Schutter, Expert for IoT cybersecurity at TÜV SÜD.
The IoT Market
The new CSC certification mark is modelled on the GS mark for product safety. It inspires trust and transparency in a new and sensitive market. As genuine vendor-independent certification, it is based on international norms and standards such as ETSI EN 303 645. Companies can choose between three certification levels of “Basic”, “Substantial” and “High”, with the detail and scope of certification increasing level by level. The certification auditing procedure examines all security-relevant processes such as security incident management, security patches and subcontractors. The resulting certificate is valid for three years and covers annual factory inspections including auditing of vulnerability management. The scheme was developed by TÜV-Verband.
In their first certification, the TÜV SÜD experts assessed a connected vacuum robot, including its development and production processes, in accordance with international standards. The audit agenda took in extensive penetration testing, cloud verification and testing of processes relevant for IT security.
Florian Wolff von Schutter points out: “In this context an important factor is to ensure security by design, from intermediate products such as integrated circuits to subsequent software updates. The same applies to radio interfaces and the encryption used.” Testing was carried out at testing laboratories in Germany, the UK, the USA and Singapore. TÜV SÜD accompanied the certification, which was concluded within four months.