Certifying IoT Devices: Challenges from the Real World (L21c)
There is no doubt that the state of security of IoT devices, especially Consumer IoT, could be significantly better. Compared to other industries, the security maturity level of the IoT market is in an early stage. In order to improve the situation, various regulations and security standards have been published over recent years, like the EU Cyber Security Act, GDPR, California Consumer Privacy Act, California Companion Privacy and Cybersecurity Bills S.B. 327, A.B. 1906 or the standard “Cyber Security for Consumer Internet of Things: Baseline Requirements”, just to name a few. These new requirements result in several practical challenges for manufacturers, resellers and testing laborites alike. The market consists of a wide range of devices, fragmented technology and a complex supply chain which makes it difficult to efficiently certify all kinds of IoT devices on a reasonable assurance level. In this talk we will provide an overview about schemes and standards applicable to IoT devices and discuss these challenges from the perspective of manufacturer, resellers and testing laborites.