Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Physical Security

10/21/2020
01:00 PM
50%
50%

IASME Consortium to Kick-start New IoT Assessment Scheme

The IASME Consortium has been awarded a DCMS grant, enabling the UK organization to kick-start an Internet of Things (IoT) assessment scheme. IASME is looking for manufacturers interested in getting their IoT device certified cyber secure for free via the new pilot scheme.

The IASME Consortium has announced that it is launching an Internet of Things (IoT) security assessment scheme with an initial pilot project which will certify devices from 10 manufacturers free of charge. The scheme pilot is being partially funded by a grant from the United Kingdom's Department for Digital, Culture, Media and Sport (DCMS), which IASME and two other organisations were successful in winning.

Digital Infrastructure Minister, Matt Warman, said: "We want people to have confidence in the smart devices they are buying and for retailers to be sure they are stocking secure products. This funding will help make sure robust security standards for internet-connected products are built in from the start while also providing a boost for our burgeoning digital economy."

IASME is well known for helping companies to improve their cyber security through certification and guidance alongside a network of 250 Certification Bodies across the UK. The Consortium says it will use this experience to develop an accessible and affordable IoT certification scheme in advance of new IoT security legislation being rolled out in the UK.

The pilot will be open to any IoT devices that are sold to UK consumers and IASME is looking for 10 manufacturers to take part in the pilot, which is the first of its kind in the UK.

When asked about launching the pilot for the certification, Dr. Emma Philpott MBE, CEO of IASME, said: "Following discussions with the IoT Security Foundation about the need for a low-cost certification scheme for IoT devices, we are excited to be able to be able to start this pilot project with help of UK government funding. We are looking forward to being able to deliver our scheme across the UK and to ensuring that it is just as practical, affordable and accessible as the Cyber Essentials scheme.

"IASME is determined to help manufacturers to demonstrate that their IoT devices have the most important security controls in place for not only their peace of mind, but also for the reassurance of their customers."

You can read IFSEC Global's recent interview with Emma Philpott MBE, here.

If you are a manufacturer interested in being involved in this pilot for free, contact [email protected] for further information.

This story first appeared on IFSEC Global, part of the Informa Network, and a leading provider of news, features, videos and white papers for the security and fire industry. IFSEC Global covers developments in long-established physical technologies — like video surveillance, access control, intruder/fire alarms and guarding — and emerging innovations in cybersecurity, drones, smart buildings, home automation, the Internet of Things and more.

IFSEC Global, part of the Informa Network, is a leading provider of news, features, videos and white papers for the security and fire industry. IFSEC Global covers developments in long-established physical technologies – like video surveillance, access control, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Visit the Web's Most Authoritative Resource on Physical Security

To get the latest news and analysis on threats, vulnerabilities, and best practices for enterprise physical security, please visit IFSEC Global. IFSEC Global offers expert insight on critical issues and challenges in physical security, and hosts one of the world's most widely-attended conferences for physical security professionals.

Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This gives a new meaning to blind leading the blind.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30550
PUBLISHED: 2021-06-15
Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30551
PUBLISHED: 2021-06-15
Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30552
PUBLISHED: 2021-06-15
Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30553
PUBLISHED: 2021-06-15
Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-24037
PUBLISHED: 2021-06-15
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untruste...