ICSA Labs, an independent division of Verizon, is launching a security testing program for Internet of Things (IoT) devices and sensors. The test program is intended to help organizations that brand and resell IoT devices, as well as those that are incorporating IoT into their businesses, feel more secure with their IoT deployments.
“We know from multiple recent studies that the No. 1 concern among adopters is security and privacy,” says George Japak, managing director at ICSA Labs.
The program will have six components, including alerts/logging, cryptography, authentication, communications, physical security, and platform security.
According to Dima Tokar, CTO and head analyst at MachNation, ICSA Labs’ security testing program may be the first of its kind. And, while it may be valuable, he also said that this type of test is only a snapshot of the state of security at a given time. In addition, he said, there are other security initiatives such as the Industrial Internet Consortium’s Security Working Group.
Tokar, however, warns that MachNation does not believe that “one size fits all” when it comes to IoT security. “First one would not do the same kinds of security testing for IoT devices that go in the home, a fleet of recreational boats, and a nuclear power plant. Second, IoT device security is only one piece of a holistic IoT security approach,” he said in an email to SDxCentral.
ICSA Labs plans to give its mark of approval to certified devices and sensors. This will indicate that devices underwent demanding testing and that any weakness or vulnerability found was mitigated and confirmed through further testing by ICSA Labs. In addition, certified devices will be tested over their lifecycles at regularly established intervals to help make the devices more secure.
ICSA Labs is an independent division of Verizon that provides third-party testing and certification for security and health IT products and other network-connected devices.