The vulnerability to connected products is huge, and since the internet of Things (IoT) was first introduced, the development has expanded continuously, which can have major consequences. Bureau Veritas' services help reduce the risk of connected products and assure compliance with new regulations.
Connected products includes vehicles, medical equipment and industrial- and telecommunications equipment. Cyber security for these products has become a critical issue that can not or may not be ignored as it is a doorway to all kinds of vulnerabilities.
Today there are multiple internationally recognized standards, frameworks, and certification programs that can help manufacturers than ever before, including IEC 62443, ETSI EN 303 645, and ISO 21434.
Cyber security is seen as a major topic from a regulatory point of view. The first examples are already in place, or are in a final drafting stage:
- UNECE international regulations mandate connected vehicles’ cyber security and software updates processes and functionalities
- Medical devices need to measure up to extensive requirements for placement on various markets, including the US (FDA regulations) and EU (MDR regulations)
- The Radio Equipment Directive (RED) will set in place regulatory requirements that target consumer products
OUR SERVICES PER TYPE OF PRODUCTS
CONSUMER PRODUCTS| SUPPORT AND PREPARATION | COMPLIANCE | CERTIFICATION/REGULATORY |
|---|
| Design reviews | ETSI EN 303 645 | BV IoT Class 1 (CTIA 1) |
| Validation and penetration testing | P-SCAN (product vulnerability scanning) | BV IoT Class 2 (OWASP) |
| | | BV IoT Class 3 (ETSI EN 303 645) |
| | | Common Criteria certification |
| | | Radio Equipment Directive (RED) |
| | | EUROSMART IoT certification |
| | | Japan’s Telecommunications Business Law - Security Standards of IoT Equipement |
MEDICAL DEVICES| SUPPORT AND PREPARATION | COMPLIANCE | CERTIFICATION/REGULATORY |
|---|
| Design reviews | IEC 62443 compliance | UL 2900 certification |
| Validation and penetration testing | UL 2900 compliance | Common Criteria certification |
| Code reviews | | EU MDR compliance gap analysis |
| Processes reviews | | FDA compliance gap analysis |
NETWORK PRODUCTS| SUPPORT AND PREPARATION | COMPLIANCE | CERTIFICATION/REGULATORY |
|---|
| Design reviews | IEC 62443 compliance | Common Criteria certification |
| Validation and penetration testing | | BSPA certification |
CONNECTED VEHICLES| SUPPORT AND PREPARATION | COMPLIANCE | CERTIFICATION/REGULATORY |
|---|
| Review of processes and consultancy in drafting/implementation | ISO/SAE 21434 compliance gap analysis | UNECE cyber security (R155) and Software Updates (R156) compliance gap analysis |
| Workshops on cyber security and regulatory requirements | | UNECE cyber security (R155) and Software Updates (R156) type approval |
| Risk assessments on vehicles and components | | Common Criteria certification |
| Penetration testing of components and systems | | |
INDUSTRIAL PRODUCTS| SUPPORT AND PREPARATION | COMPLIANCE | CERTIFICATION/REGULATORY |
|---|
| Design reviews | IEC 62443 compliance gap analysis | IECEE certification (IEC 62443) |
| Validation and penetration testing | | Common Criteria certification |
| Review od development processes | | |
| IEC 62443 workshops | | |