Every IoT manufacturer wanting to sell into the UK market must now comply with the requirements set out by the ETSI (European Telecommunications Standards Institute) Standard which are mirrored by the UK legislation. The main three requirements are:
• No default passwords – a manufacturer must use unique passwords for individual devices/product sets or allow the user to choose a password for themselves.
• Each device must now have a vulnerability disclosure policy, helping to ensure vulnerabilities are fixed as quickly as possible once discovered.
• Information about the support period of a product or device is to be provided at point of sale, including how long the manufacturer will support the device with updates.
It’s clear from this legislation that recognition is growing about the need for best practice when developing and protecting IoT devices. At The Cyber Scheme, we are increasing the availability of skilled hackers in the IoT/IIoT/ICS environment, helping them use and transfer skills they may already have in app testing or engineering. Our CSII training course provides practical training in IoT hacking which we believe to be unique – followed by a comprehensive accredited assessment that aims to test the competence of the practitioner in a practical setting. Aimed at intermediate testers, it also provides a pathway to the more advanced IoT exams we currently have in development.
For more information about The Cyber Scheme’s IoT training and assessments please visit: https://thecyberscheme.org/iot-ics-training/
ENDS