Energy & industry
With the rise of permanent connectivity and digitalization industrial control systems (ICS) and networks are eminent subjects of mandatory assessment and validation of cybersecurity vulnerabilities. We execute cybersecurity (OT, IIoT) risk and compliance evaluation via global cybersecurity accreditations & standards.
The Internet of Things has created a constantly connected network of people, machines, and companies, allowing the continuous sharing of data in value-creating processes. The technology brought about several challenges in the field of Quality Assurance. These include security, user privacy, the reliability of the service, interoperability, and integration.
IoT sensor networks or camera networks are often located in places that make them easily accessible by an attacker. On the other hand, they can be difficult to check by the service provider periodically. These devices, therefore, act as a vulnerable point to the entire network.
An additional difficulty is that either due to low production costs or energy consumption issues, it is not always possible to update some devices, typically in sensor networks. Thus, known security defects can be exploited by a potential attacker.
Furthermore, some IoT devices are powered by battery or solar energy, and to minimize consumption, lightweight authorization, and security algorithms are implemented. These expose devices as a weak entry point to the whole network.
IoT devices are also connected to the internet, which has at least two consequences: the number of links between connected devices will grow, and the weakly secured device can act as an entry point. Combined with GPS, voice recognition, or embedded cameras, this can lead to security and privacy threats.
Thus, there is a high demand for efficient testing and quality assurance methods developed for IoT-specific environments. These may include interoperability testing, testing the behavior of the IoT solution under a limited network connection, and techniques to efficiently reduce a high number of platform configurations.
At Qtics, we provide Information security assessment up to EAL5 level according to the ISO 15408 Common Criteria, while we also carry out Smart metering data security assessment as per METAS Based on Swiss methodology (Swissmig - Die Prüfmethodologie).
Standard, legislation, guidance
|ISO 15408 Common Criteria||Information security assessment up to EAL5 level|
|METAS Based on Swiss methodology (Swissmig - Die Prüfmethodologie)||Smart metering data security assessment|