Michelle Kradolfer, Police CPI IoT Technical Officer
SBD’s accreditation scheme provides a recognised standard for all security products that can deter and reduce crime
The implementation of IoT technology in alarm signalling solutions has changed the face of the security industry. The innovation involved in internet-connected consumer products offers customers enormous benefits with regards to the security of households and businesses.
Nevertheless, the adoption of cybersecurity requirements within these products is not where it should be, hence the passing of the Product Security and Telecommunications Infrastructure Act of 2022. The legislation applies new laws to all consumer IoT products to ensure that minimum security standards are met.
In this blog, we speak to Michelle Kradolfer, Police CPI IoT Technical Officer at Secured by Design (SBD), who after completing her Masters in Criminology and Master in Cybercrime and Digital Investigation, undertook a career in cybersecurity, previously working for Interpol and the Police Digital Security Centre.
We discuss SBD’s Secure Connected Device Accreditation Scheme, how it’s helping SBDs’ clients and the impact new this legislation will have on crime.
Simply put, what does Secured by Design do?
SBD is the official police security initiative within the Police Crime Prevention Initiative portfolio. SBD focuses on improving building security and surroundings to create safe spaces for work, living and more.
Working with builders, developers, local authorities, and housing associations, SBD incorporates crime prevention standards into developments from concept to completion.
Our Police Preferred Specification accreditation scheme recognises over 7000 crime prevention products, including high-spec security doors and advanced technology for safe access control.
Describe the issues involved with ensuring the security of IoT products?
IoT products are simply not built with security in mind. Manufacturers have complied with other safety requirements in the past, such as ensuring electrical components don’t overheat. However, merely 20% of manufacturers incorporate fundamental security standards in IoT products.
Like an overlooked lock on a door, manufacturers have neglected to prioritise cybersecurity measures and many products lack the necessary safeguards to shield consumers from cyber threats. Consequently, any internet-connected device or application becomes susceptible to becoming a tempting "key" for cybercriminals to exploit and steal personal information.
What is the Product Security and Telecommunications Infrastructure Act and how will it fill this gap?
The Product Security and Telecommunications Infrastructure Act of 2022 has become law after receiving Royal Assent on December 6, 2022. This legislation encompasses various consumer IoT products, from essential safety gear like smoke detectors and door locks to the ever-watchful connected cameras.
The Act imposes minimum security requirements on manufacturers, importers, and distributors of these products to ensure consumer protection. With businesses required to comply with the Act from the 29th of April 2024, it establishes a strong regulatory framework that can adapt to rapid technological advancements and evolving malicious tactics.
Tell us about the Secure Connected Device Accreditation scheme that SBD launched following this bill?
In collaboration with the Department for Science, Innovation and Technology, we launched a scheme in response to impending legislation. Companies can now turn to us for assessing their products against the full ETSI EN 303 645 standard's 13 provisions.
We evaluate their products, suggest certification routes, and help them meet the Act's requirements. Once certified by an SBD approved certifying body, companies can seek our prestigious SBD accreditation.
What benefits do companies and end-customers receive because of these certified IoT products?
The robust standards of certification exceed government legislation, protecting companies, products, and customers. Our annual appraisal ensures compliance with evolving government requirements and cyberthreats.
Customers can trust that IoT components won't compromise security. Considering the significant findings of a 2021 study on smart home security where over 12,000 hacking attempts were identified in a single week, the significance of these certifications cannot be understated.
As consumers embrace exciting technology such as app-based door unlocking, it's crucial to remember that uncertified IoT innovation can have consequences.
This act is certainly a step in the right direction for deterring cybercrime on IoT devices;
how impactful do you think it will be?
The cyber threat landscape affects many homes and businesses, but the consequences can be easily avoided. This Act, and SBD’s certification scheme, offers a path for manufacturers to prioritise security and support the government's efforts to develop safe IoT products and ensure consumer confidence.
It’s impossible to put a number on how much this will decrease crime; however, while we can never fully prevent crime, we at SBD are confident this will deter break-ins significantly.
SBD eagerly anticipates further collaboration with BT Redcare and other security providers, as we collectively strive to ensure ongoing compliance and empower companies to safeguard the future of IoT products.
Learn more about IoT safety in BT Redcare products by speaking to an account manager if you have any questions.
Regional Account Managers: