With the world going digital, the popularity of Internet of Things (IoT) devices is rapidly rising. This is not only reshaping people's lives but also spurring a wave of new market opportunities. However, growingly widespread use of connected devices also leads to increased cybersecurity threats. To control cybersecurity risks, governments around the world are enacting cybersecurity laws while leading manufacturers are also implementing cybersecurity requirements for their products.
As international markets and customers impose more and more regulations and requirements on cybersecurity, Taiwan-based ICT device manufacturers feel mounting pressure.
Having long been committed to developing security compliance solutions for IoT devices, Onward Security envisaged the trend of security assessment for connected devices years ago and thus took early action by actively engaging in international standards certification and conformity assessment. As a result of its efforts, Onward Security has made itself Taiwan's only Amazon Alexa Voice Service (AVS) and Amazon Prime Video security assessment lab and Asia's only Cellular Telecommunications Industry Association (CTIA) authorized test lab with an aim to help electronics brands and manufacturers obtain security certifications and thereby penetrate into international supply chains.
Security compliance enhances brand image while reducing operating costs
According to Onward Security Director of Technical Service, Daniel Liu, the rise of 5G and AIoT will bring a massive number of smart devices and applications into reality, many of which will be used at people's homes. In the case of security incidents resulting from poor security implementations on the part of the developers, people's safety and privacy will be at risk. To prevent such threats, many governments and manufacturers impose regulations and requirements demanding that connected devices comply with security standards. California's new IoT Security Law that went into effect on January 1, 2020 is an example.
Although the security standards are not currently mandatory, they may be incorporated as part of government procurement procedures and national standards. For example, Taiwan Association of Information and Communication Standards (TAICS) has established a set of cybersecurity standards for a slew of products including video surveillance devices, smart street lamps and smartbus systems. When government procurement procedures include security compliance in the future, a product's conformity to the security standards will play a critical role. As to international standards, Amazon requires that products built in with Alexa and/or Prime Video pass security assessment by Amazon authorized labs or else manufacturers will be prohibited from shipping the products. CTIA, representing major North American telecom companies, also has the IoT Cybersecurity Certification Program in place to ensure that connected devices have appropriate security capabilities and thereby protect consumers and wireless networks.
Liu notes that security assessment generally takes at least two weeks but could take as long as one and half to three months if any vulnerabilities or non-compliance items are discovered and need to be fixed and then retested, which is common during the initial stage of assessment. This will inevitably delay product development but developers have no way around it if they want to meet end market requirements. Liu thinks having their products pass security assessment enables manufacturers to penetrate into international supply chains while validating their product quality and enhancing their brand image. More importantly, if vulnerabilities are found after the product goes to market, the impact, including the burden on service personnel, delay in product development and cost for deploying security patches, will be much more serious than if the issues are caught and resolved beforehand. This manifests the value of security assessment. The benefits definitely outweigh the time and effort it takes.
Operating an ISO 27001 and ISO 17025 accredited lab, Onward Security has built up strong capabilities in IoT security regulatory compliance through rigorous testing methodology, extensive service experiences and active devotion in international standards, based on which it is able to provide Taiwan-based manufacturers with comprehensive compliance and certification services for international cybersecurity standards.
According to Onward Security Director of Technical Service, Daniel Liu, Onward Security exerts all efforts in making itself an authorized lab for international cybersecurity standards so that Taiwan-based manufacturers can have their products assessed and certified locally without engaging foreign labs and auditors to help reduce certification costs.
DIGITIMES' editorial team was not involved in the creation or production of this content. Companies looking to contribute commercial news or press releases are welcome to contact us.
