alphaspirit - stock.adobe.com

UK security centre to launch IoT security standard

The London-based Centre for Strategic Cyber Space and Security Science is working on an internet of things security standard and has roped in participants from eight markets

The UK-based Centre for Strategic Cyber Space and Security Science (CSCSS) is planning to launch a new internet of things (IoT) security standard later this year in an effort to shore up the security of connected devices.

Speaking at a Fortinet event in Singapore today, Aloysius Cheang, the CSCSS’s Asia-Pacific executive vice-president, said a technical committee has been formed to develop the IoT security standard, which is expected to be ready by September 2018.

Cheang said work began on the standard on 25 June 2018 involving participants from eight countries and markets – China, Taiwan, Thailand, Singapore, India, Israel, the UK and Canada.

He said the CSCSS is also organising a global IoT security congress on the sidelines of Singapore International Cyber Week, to be held during the week of 18 September.

Giving a glimpse of the centre’s approach to developing IoT security standards, Cheang said securing the participation of original design manufacturers (ODMs) in Taiwan that design most IoT devices currently in use is key.

He also said IoT standards developed by organisations such as the Institute of Electrical and Electronics Engineers (IEEE) and the International Organisation for Standardisation (ISO) are insufficient and “still very raw”, and that roping in Taiwanese ODMs will ensure the CSCSS’s IoT standard is widely adopted.

Besides the CSCSS, the Internet Society’s Internet Engineering Task Force is working on IoT standards in areas including authentication and authorisation, cryptography for IoT use cases and device lifecycle management.

But the plethora of IoT security standards could make it difficult for a global IoT standard to emerge. Olaf Kolkman, chief internet officer at the Internet Society, attributed the current state of affairs to differing security requirements across industries.

Read more about IoT security

  • Asian businesses tend to view IoT security more positively, rather than being a barrier to IoT deployment.
  • Wireless devices and smart technologies are increasingly being brought into the workplace, and pose a growing risk to company data.
  • The UK government has announced plans to develop a new code of practice to improve the security of connected internet of things devices.
  • The security failings in today’s internet-connected devices will only become more pervasive unless action is taken immediately, according to industry experts.

“There are so many different verticals using IoT, with each of them having different safety and security standards,” Kolkman told Computer Weekly. “A connected device like a smoke detector, for example, has different security properties from that of a medical device.”

Despite the multitude of approaches to IoT security, Kolkman said most are underpinned by common IT security principles, such as the need to closely follow the lifecycle of IoT devices and to ensure that physical access to IoT devices does not allow intrusion.

Read more on Regulatory compliance and standard requirements