DEKRA contributes to the IoT Device Security Specification and CSA Certification Program

Mar 21, 2024 Digital & Product Solutions

Strengthening IoT security

Current challenges and the importance of a mutual recognition agreement
In today's digital era, the security of Internet of Things (IoT) devices has never been more critical. With the increasing presence of these devices in our homes, workplaces, and public spaces, a complex set of security challenges has emerged. The Connectivity Standards Alliance (CSA), in collaboration with the Cyber Security Agency of Singapore, has taken a significant step toward harmonizing cybersecurity efforts by signing a Mutual Recognition Agreement on cybersecurity labels for consumer IoT. This agreement underscores the importance of establishing globally recognized standards for IoT device security, a goal that DEKRA has vigorously supported from the beginning.
Technical specifications of the program and mapping with standards
The IoT Device Security Specification 1.0, developed and recently released by the CSA Product Security Working Group (PSWG), is a comprehensive framework designed to ensure the reliability and security of IoT devices. Based on rigorous requirements, such as those set by the NIST in the United States (NIST 8259, NIST IR 8425, NIST SP 800-213) and EU ETSI requirements (IEC 62443 & ETSI EN 303 645), this specification provides a detailed set of guidelines for the evaluation and certification of devices. At DEKRA, we have played a crucial role in adapting these international standards to create a specification that is not only exhaustive but also globally applicable.
The contribution of DEKRA within the Working Group
As a reference laboratory with extensive experience in the evaluation and certification of IoT devices, DEKRA has contributed knowledge to the CSA's Product Security Working Group. Our contribution has focused on ensuring that the specification is cost-effective, allowing manufacturers to adopt robust security practices without compromising economic viability. Thanks to our deep understanding of cybersecurity standards and our practical experience in the field, we have helped to forge a specification that effectively balances security, accessibility, and efficient implementation.
Following the recent release of the IoT Device Security Specification 1.0 and this Mutual Recognition Agreement, Jorge Wallace, Cybersecurity Technical Leader at DEKRA and vice-chair of the PSWG RSG (CSA), has stated, "This collaboration marks an essential step in harmonizing global cybersecurity efforts. It is a clear indicator of the critical role that global cooperation plays in safeguarding our digital ecosystem."
Advantages of this program and next steps
The IoT Device Security Specification 1.0 represents a significant advance in protecting IoT ecosystems against emerging security threats. For DEKRA, participating in this effort not only reflects our commitment to cybersecurity but also embodies our vision for a safer digital future for everyone. Looking ahead, we will continue to collaborate with the CSA and other global partners to refine and promote this specification. Together, we can establish a new standard in IoT security, ensuring that our clients' devices not only meet current security regulatory requirements but are also prepared for the security challenges of tomorrow.