comment on this article

How to navigate upcoming regulations for IoT

The complexities of upcoming regulations for IoT and the knock-on effect for manufactures. We investigate how a common approach and a security baseline, such as the PSA Certified framework, can simplify the regulation landscape, allowing manufacturers to achieve fast time-to-market without compromises.

Across multiple industries we see a drive to digitize and embrace new and connected technologies that promise to bring advanced levels of services and efficiencies. As digital transformation takes off across all sectors, the number of connected devices is rapidly surging. Unfortunately, the attention from hackers and adversaries has also grown - leading to a number of high-profile hacks and attempts to disrupt lives. As more hacks hit the headlines, it’s only natural that governments have started to wake up to the need to protect consumers.

It's always been important for manufacturers to take responsible steps towards secure devices, but as regulators work on guidance documentation - and ultimately regulation - it’s more important than ever to ensure that devices are shipped with a baseline of security. I’ve heard from manufacturers that the regulatory landscape is quite confusing – as they need to navigate both regional and industry-specific standards. Keeping track of these is starting to slow down innovation (as compliance introduces bottlenecks - time, resources and bandwidth are finite), but they also can’t ignore them as standards will unlock assurance at scale. The good news is that we believe that it’s not as confusing as it initially seems – as there is a good amount of consensus on what devices need to be “secure” – it just needs a bit of deciphering.

Some of the key challenges facing manufacturers with regard to security

So, how do we, as businesses, get ready for upcoming regulation and to ultimately reduce the threat of cyber-attacks, without causing a lag in innovation? Well, at PSA Certified, we believe that we need to move beyond a scattered, fragmented and inconsistent approach to security. Instead adopting something that is more of a unified approach. From the outset, our vision was to collaborate – offering a framework and certification program to make security adoption simpler for the entire IoT ecosystem.

PSA Certified adopts an approach that all connected devices need a 'minimum' set of security requirements, underpinned by a Root of Trust. The baseline we’ve created wasn’t made in isolation, in fact, we actively review the emerging laws, regulations and baseline requirements to make sure they are in scope of the advice we’re giving to the ecosystem. First, it’s inspired by the PSA Certified 10 security goals – these are 10 goals that every connected devices need to resist some of the most common threats in our connected ecosystem. Secondly, it provides alignment with security laws, requirements and regulations, including: NIST 8259A (IoT Device Cybersecurity Capability Core Baseline*), EN 303 645 (Cyber Security for Consumer Internet of Things: Baseline Requirements), California State Law (SB-327) and emerging regulations from the UK's Department for Digital, Culture, Media & Sport (DCMS).

The scope of key upcoming regulation and how PSA Certified Level 1 maps

This work is rolled into our baseline security certification known as PSA Certified Level 1 which allows you to ‘rubber stamp’ your products to demonstrate that you meet multiple cybersecurity baseline requirements and show that you have met regionally important regulations. Ultimately, the framework makes it quicker, easier and more cost-effective to design security into a device – getting you ready for regulation as they emerge but more importantly helping to prevent some of the most common device vulnerabilities and prevent IoT cyber incidents. The best bit is that the team looking after the documents are frequently reviewing the technology landscape and ensuring we make periodical updates.


As an industry, we have an important role to play in building people’s trust in the IoT, which is fundamental to the acceptance of new technologies. PSA Certified offers you a framework to gain fast compliance to upcoming regulation, giving you a route to lead the adoption of a more secure connected world.

Author
Anurag Gupta, Director Business Development, Arm (A PSA Certified Co-Founder)

Comment on this article


This material is protected by MA Business copyright See Terms and Conditions. One-off usage is permitted but bulk copying is not. For multiple copies contact the sales team.

What you think about this article:


Add your comments

Name
 
Email
 
Comments
 

Your comments/feedback may be edited prior to publishing. Not all entries will be published.
Please view our Terms and Conditions before leaving a comment.

Related Articles

PillarHall test chip

The PillarHall test chip for analysing 3D thin film structures from Chipmetrics ...

What is EMC testing?

Testing of products under EU guidelines to ensure they don't either pollute the ...

Quad-output SIMO PMIC

The MAX77655 single-inductor multiple output (SIMO) power management IC (PMIC) ...

Circuit protection

Circuit protection is designed as an intentional weak link which can combat ...

Digital consciousness

​Would you consider uploading your brain to the cloud if it meant you could ...

Under attack

According to Gartner, two thirds of organisations are planning to deploy 5G by ...

A racing certainty

AI has shaken the automotive industry to its core, inspiring a revolution. ...

Data privacy concerns

Professor Antonio Capone of the Politecnico di Milano University talks to Neil ...

A connected vision

Jamie Hayes, Mobile Network Operators Director at BT Wholesale, talks to Neil ...