Forti5 Technologies was among the handful of assessing companies to take part in the IoT Cyber Assurance scheme pilot.
The IoT Cyber schemes certify internet-connected devices against the most important security controls and demonstrate commitment to best practice security. The level 2 version of the system provides a level of certification above the verified assessment level, providing independent 3rd party testing and certification.
Among the first companies to achieve the IoT Cyber Assurance Level 2 (audited) certification was Chess with Mymesh, their smart building enabling wireless technology. Chess Wise is a Dutch company headquartered in the Netherlands with a UK sales office. Chess has its background in the banking industry and that is perhaps where the company’s great focus on security comes from. They have used the secure-by-design principle from the beginning with a vision for a secure smart building where everything connects and can be managed together for a reasonable cost. Such a system had to be wireless, of course, and highly scalable.
Cyber security Assessor Gary Wills from Forti5 Technologies put Mymesh through its paces (from a security standpoint). He tested the Mymesh wireless control system, which consists of the Mymesh Network (actuators, sensors), the ethernet gateway, the cloud server (Edge42) and the Bluetooth gateway (commissioning device). As part of the audit, Gary checked the documentation, interviewed Chess, and checked and tested the device physically. Gary says, “The mentality at Chess for cyber is the kind of security you might expect in a bank! Every 10 seconds, the encryption keys change, so there would be no time to hack it. If you try and look at what’s on the chip, it automatically wipes itself, so the physical and the software aspects have a high level of security.”
Mymesh said that the IASME IoT certification and the feedback from our Assessor, Gary, were helpful to share with other customers to demonstrate what we are doing. External certification certainly reassures clients that you have a secure system that a third party has audited. I hope that more and more customers will ask for this, as many don’t have the knowledge to go into a detailed discussion. The unique network protocol of Mymesh is certified to the Assurance level 2 of the scheme, which means that its security aligns with all of the 13 ETSI security requirements plus the data privacy requirements.
The IoT Cyber assurance certification involves an interview, documentation review and hands-on IoT System testing. Hence, it is affordable to most SMEs and start-ups. IASME fixes the certification fee, but we at Forti5 Technologies take the time to make sure that the assessment is explained so that the company understand what is expected and why it is necessary.
If you want to know more about how we at Forti5 Technologies can help you on the certification journey, do not hesitate to contact us.