Scheme Update: Using SESIP to Simplify Security Evaluation and Build Trusted IoT Products (E21c)
Today, the average time it takes for an IoT device to be attacked once connected to the internet is just five minutes. The security problem, however, is no longer limited to the number of IoT devices. It is about the number of different types of devices and how best to protect them. Although security guidelines and certification schemes are helping to address the security challenge, different IoT objects must meet different security requirements and assurances. They do not all require the same certification and it is often not possible, due to their sheer number, to test each one individually. As a result of regulatory market pressures, multiple security schemes and evaluation methodologies will be brought to market; creating a fragmented landscape and making it difficult for manufacturers to choose the appropriate levels of security for their products.
Within this presentation, GlobalPlatform will introduce the Security Evaluation Standard for IoT Platforms (SESIP) and explain how it provides accessible, solution-ready and pre-certified IoT platforms that meet industry compliance requirements. It will explain how it is promoting SESIP to answer demand for simpler approaches to security and provide accessible, solution-ready and pre-certified IoT platforms that meet industry compliance requirements. By providing evidence of the security functionality of an IoT platform and its resilience against attacks, national and private certification bodies can reuse it to certify multiple different IoT devices based on this platform. Thanks to a knowledgeable network of laboratories, SESIP is achieving a practical, market relevant approach to security evaluation.