Instrumentation May 2022

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

Internet of Things

user and subscriber are protected, and that radio equipment supports certain features ensuring protection from fraud. It would also mean that radio equipment would need to support features that ensure that software can only be loaded into the radio equipment once the compliance of the combination of the radio equipment and software has been demonstrated. The exact requirements are only in the form of a Draft Standards Request (at the time of writing) hence we need to wait until we see the final draft before any real assumptions can be made However, two important documents that are

presently in use, which specifically relate to IoT devices, are Guidelines document NIST.IR 8259 (US) and the Standard EN 303 645 (EU). The EN 303 645 covers only consumer products, whereas the scope of NIST.IR 8259 is not confined to consumer products and its general principles can therefore be applied to help demonstrate a baseline of cyber security protection for any IoT product. Although legislation has yet to be introduced

in Europe, assessment can still be performed using the EN 303 645 standard. An accompanying document, TS 103 701, provides a test methodology to be used. However, in

Instrumentation Monthly May 2022

the near future this may change as more standards are developed Also, now that the UK has left the EU, it is

preparing new legislation derived from the EN 303 645 standard, and this is strengthened by the recent introduction of the Product Security and Telecommunications Infrastructure Bill (PSTI) , and it will be initially limited to three security requirements:

A bAn on universAl defAult pAsswords in consumer smArt products

the implementAtion of meAns to mAnAge reports of vulnerAbilities

trAnspArency As to how long A product will receive security updAtes

There are other existing standards which are

aimed at improving security from network infrastructure to devices. For example, it is possible that an industrial IoT devices and systems could be certified under the IEC 62443 series of standards, as part of a larger installation. This standard series addresses security for

industrial automation and control systems (IACS). Although it may seem that the standards do not

cover everything, they do at least offer a first line of defence from cyberattack. However, manufacturers should also consider their own cybersecurity programmes as there are other options outside the present standards landscape. This includes more stringent, bespoke testing or “penetration testing” and the necessity to think “secure by design” from the onset and take a proactive approach to cybersecurity by recognising that attacks are “when not if”. Threat resilience should also be an iterative

task. Not all threats may have been discovered during the first assessment. It is therefore very important to ensure up to date compliance with all standards and constantly review your ‘cyber resistance’ status. Ongoing investment in cyber security is therefore crucial to keep up with technological development, as cybercriminals rapidly develop new forms of attack. Tackling the problems of cyber security risks can therefore only be realised by comprehensive planning, periodic evaluation, updates and monitoring. This must be done continuously, from design through to obsolescence.

TÜV SÜD www.tuvsud.com/uk 43

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45 | Page 46 | Page 47 | Page 48 | Page 49 | Page 50 | Page 51 | Page 52 | Page 53 | Page 54 | Page 55 | Page 56 | Page 57 | Page 58 | Page 59 | Page 60 | Page 61 | Page 62 | Page 63 | Page 64 | Page 65 | Page 66 | Page 67 | Page 68 | Page 69 | Page 70 | Page 71 | Page 72 | Page 73 | Page 74 | Page 75 | Page 76 | Page 77 | Page 78 | Page 79 | Page 80 | Page 81 | Page 82