ICSA Labs, an independent division of Verizon, is rolling out a new security testing program to provide assurance testing for Internet of Things (IoT) devices and sensors to help companies mitigate risks associated with an increasingly connected world.
ICSA Labs will test six components as part of the new IoT Security Testing and Certification Program including alert/logging, cryptography, authentication, communications, physical security, and platform security. The ICSA Labs Product Assurance Report found the majority of security devices fail to perform as intended.
According to Verizon’s State of the Market: Internet of Things 2016 report, a projected 25.6 billion connected devices will enter the marketplace in 2019, up from 9.7 billion in 2014 and continued growth is expected with 30 billion devices projected to be online by 2020.
The certification program is recommended as part of an overall compliance program for organizations that brand and resell IoT devices and sensors; organizations implementing IoT devices and sensors in their businesses; and device and sensor makers.
ICSA Labs is an ISO-accredited, independent, third-party testing lab with experience in computer and network security testing experience. Using IoT Device Requirements Framework as a basis, the division can formulate test requirements for any IoT device type, and perform security and privacy related tests mapping to those criteria requirements. It also can certify IoT devices of all kinds following testing.
With ICSA Labs IoT security testing users reduce supply chain risk, improve market standing, free up internal resources caught up in vulnerability and patch management, protect the customer’s and own senstive information, preserve company brand, and avoid the high cost of remediation.
“We expect the Internet of Things to be the next digital wave,” said George Japak, managing director, ICSA Labs. “Given the enormity and complexity of the space, it can be tricky for enterprises to navigate. We know from multiple recent studies that the #1 concern among adopters is security and privacy, and our new IoT Security Testing and Certification Program directly addresses this concern.”
“Currently very little exists in the form of organized testing and/or standards to ensure IoT devices and the data exchanged is protected,” said George Japak, managing director for ICSA Labs. “This program is aimed at filling that gap especially as more companies embrace the Internet of Things to streamline business and provide higher levels of customer service.”
In developing the new criteria, ICSA Labs compared its categories and requirements to other emerging guidelines including OWASP Internet of Things Top 10, Industrial Internet Consortium Reference Architecture and the Online Trust Alliance’s IoT Trust Framework.