image

Internet of Things

The IoT Cyber Assurance scheme offers certification for internet-connected devices based on crucial security controls, showcasing a dedication to implementing top-quality security measures. The system aligns with the ETSI EN 303 645 standard and UK legislation while being mapped to the IoTSF Security Compliance Framework. Certified devices are protected against typical IoT cyber security weaknesses like weak passwords, outdated software, and insecure communications. Level 2 certification offers an extra level of assurance beyond the verified assessment provided at Level 1, including 3rd party testing and independent certification.

INDUSTRIAL INTERNET OF THINGS

Modern Industrial IoT (IIoT), which includes traditional Operational Technology (OT), has added to an already complex IT environment. This interconnected environment brings risks. Understanding the OT assets and how to secure them is very different from traditional IT infrastructure. We support the integration of Industrial IoT (IIoT)) into these existing security systems, removing duplication of effort, improving situation awareness and improving the security posture of the organisation.

Organisations have invested in modern IT infrastructure, including 5G networks. IIoT can provide increased productivity and decision-making based on the data it generates. By auditing, we aim to assess the secure integration of IIoT into the IT infrastructure, removing duplication of effort, improving situation awareness and the security posture of the organisation, thereby increasing the ROI.

Risk Assessment
Integrating IIOT with IT infrastructure brings both major benefits and an increased risk, presenting more endpoints through which attacks can be launched, and an increase in the risk of shadow IT developing. We support the organisation in developing a risk and mitigation strategy, particular to IIoT. By identifying risks associated with relevant and critical zones and defining countermeasures.
Integration Assessment
The integration of IIOT and IT aims to enhance the value to the organisation. We will review the integration of OT into the IT infrastructure, the segregation of the OT into relevant and critical zones, how the patching regimen for OT is used to reduce the downtime, ensuring critical patches are applied and ensuring sufficient time to test and validate these in an OT environment and how communication integration can improve data flow for decision making and situation awareness.
Supply Chain Security Assessment
A supply chain security assessment provides trust when integrating IIoT into the IT Infrastructure. We review security controls and governance in the supply chain of IIoT, looking for secure development processes, Hardware and Software Bill of Materials. threat analysis and certification requirements of suppliers.
Architecture Review
The IIoT will allow the integration of many more devices to connect to the IT Infrastructure. A zero-trust architecture for IIoT is an essential security approach to reduce the risk. Moreover, the use of the digital twin concept to provide analysis of the system as a whole, identify unwanted behaviour and improve the overall performance system. We will review how the architecture is designed to reduce risk and how assets are digitally represented.
IIoT System Audit
An audit of the complete IIOT system and its integration into the IT infrastructure. Auditing will examine the risk strategies and mitigation, asset inventory management, security configuration management, vulnerability management, policy & procedures, training and awareness and incident response.

SERVICES BLOGS

Read More
The Securing of Consumer IoT Products Passes Into UK Law
Read More
IoT Cyber Assurance Level 2 – Case Study from The IoT Pilot Scheme.