Security for networked products in the Smart Home

Digital security functions in smart home products

Smart home products are being introduced into numerous households. Counting into the term “smart home products” are any devices connected to the internet or otherwise integrated. Amongst the most popular home automation equipment are heating, light and ventilation systems. In the domestic appliances sector, washing machines, dishwashers and refrigerators are often seen to be integrated into the home network. Concerning the branch of consumer electronics, internet-enabled televisions, Bluetooth speakers and game consoles make up some of the most popular smart home devices.

The majority of manufacturers and distributors of smart home products are already aware of this: consumers have little confidence when it comes to the security of these integrated products. Two out of three citizens believe that there is a high risk of being the culprit of a hacking attack. Another four out of five citizens (80 percent) are unsure of how well their devices are secured against these cyber-attacks. These and further results have been deducted from the Forsa-study by the TÜV association. The smart home market is evolving rather slowly, because it is lacking the required trust in those consumable products and users have reservations concerning them. There exist lots of technical concerns and above all the fear of data abuse within their own walls. Recurring reports of easily attackable smart home products are stirring uncertainty amongst consumers.

More security for networked products through examination by the IoT Security

As a manufacturer of integrated smart home devices, it is recommendable to heighten the trust of your consumers in the product. At the same time, incentives to invest in IT-security should be created. For this reason the TÜV Organizations have developed an examination and certification of integrated devices in the Internet of Things (IoT) based on the official examination program of the European Cybersecurity Acts. TÜV NORD does not solely examine the devices, but also the processes inside the company, data security aspects and services, like cloud-connections. The new TÜV certification mark is supposed to dampen the consumers’ security concerns, offer better protection and a quick orientation.

"CSC - CyberSecurity Certified" "CSC - CyberSecurity Certified" "CSC - CyberSecurity Certified" "CSC - CyberSecurity Certified"
"CSC - CyberSecurity Certified"

 

Cybersecurity is set to become an inherent part of device security, due to the fact that digital security in the Internet of Things is only possible with clear legal requirements and independent examination. The new TÜV certification mark Cybersecurity Certified represents the first Europe-wide security certificate related to Consumer IoT Security.

This is essential because 83 percent of the respondents of the Forsa-study replied, that they would feel safer if the IT-security of integrated devices was examined by independent checkpoints. 72 percent would take a certification mark into account when buying such a device. TÜV NORD has seen this urgency to act and is supporting manufacturers concerning the challenges of offering better security for devices integrated in the Internet of Things.

You want to increase the security of your smart home products?

Get in contact with our experts

Advantages of the examination and certification of networked prodcts in the consumer IoT

Security for smart home products
  • Real certification, independent of the manufacturer
  • Comprehensive risk analysis as a part of the certification
  • Based on internationally recognized norms and standards (such as ETSI EN 303 645)
  • Provides multiple evaluation levels, whose scope and depth are matched to the expected threat
  • Constant quality improvements through exchange of experiences
  • European requirements and EU-wide certification framework through the Cyber Security Act

CSC – Cyber Security Certified – more security in smart homes

Added values for manufacturers

  • Competitive advantage due to the lack of legal requirements for the IT-security of products

  • Arising development and trend when it comes to products of all sorts

  • Safe development and operation during the whole life-cycle of a product

  • Differentiation between manufacturers and traders from their competitors

Added values for consumers

  • Lower hazard potential within cyber attacks
  • Better orientation
  • Quick assessment of cyber security features of an integrated product
  • Reduction of uncertainty and increase of trust in smart home products

FAQ`s

On which foundation are the examination and certification based?

The requirements for the examination and certification are based upon established and recent standards (EN 303645/Cloud C5), which represent the current state of technology.

Is it possible to examine a whole product family or does each product have to be examined individually?

Examinations and certifications of product families are possible, provided that the technical and procedural conditions are identical for the whole family. Therefore, a multiplicity of devices can be certified and marked with our certification mark with little effort.

Is this certification also meeting the requirements of the European Cyber Security Act?

Yes, it is. The EN 303645, which has been chosen as a requirement base, is an official standard within the Cyber Security Act and can therefore be used as proof of conformity.

What examination levels and labeling options are there?

In accordance with the Cyber Security Act, there are three levels of examination: basic, substantial and high. The level is a result of the risk that the networking of the components entails. Each level comes with its own certification mark. The level is being assessed by a risk analysis. However, for most consumable goods, the basic level will be sufficient.