Global safety certification company UL has introduced a security certification scheme for IoT devices.
UL says its IoT Security Rating is based on emerging industry consensus on baseline security capabilities, and assesses critical security aspects of connected products against common attack methodologies and known IoT vulnerabilities with the objective to make product security transparent and accessible to consumers.
Based on UL’s assessment of a device it can be awarded a trust mark that manufacturers can add to the product. There are five levels of certification: bronze, silver, gold, platinum and diamond.
UL says its cybersecurity experts use extensive knowledge of current best practices, real-world experience and independent objectivity to holistically assist companies in reaching their full potential – and making a secure and seamless connection with the Internet of Everything.”
“Today, no mechanism exists for retailers to understand the level of security in the connected products they sell,” it says. “Similarly, there is no industry security baseline that suits today’s consumer IoT market.”
However the UK and Australia have introduced voluntary security standards for consumer IoT devices. The UK is considering making conformance mandatory.
In the US, in California and Oregon, legislation will come into force on January 1 2020 that will hold US manufacturers responsible for adding “reasonable security features” in devices or physical objects that are able to connect to the internet directly or indirectly.
