Cyber security news

                                                                                                                                                                                       

- IoT cybersecurity standard added to the CB scheme!

Initiated by Norway, the ETSI 303 645 standard for IoT cyber security of consumer products has finally been added to the list of standards for CB certification. Getting a European standard into the international IECEE/CB scheme was not an easy task. The initial suggestion by Nemko met massive opposition from some non-European countries, and in the IECEE management meeting when discussed, it became the most heated debate ever. However, the following vote amongst the members gave a very positive result, and after a round of last-minute objections, the final acceptance was ensured.

The types of products covered by the ETSI standard are among those which are in the largest scope of products within the CB scheme for certification of electrical safety, i.e. household appliances, lighting products, IT & AV products, and home security products.

Nemko has already used this standard for national certification during the past 3 years and has several experienced experts as well as training programs in place. Applications to the IECEE for an extension of Nemko’s CB scheme scope are in process.

For more information, please contact Geir.Horthe@nemko.com

- Attending the annual “Black Hat” conference in USA

Black Hat is a premiere cybersecurity event uniting global experts and exploring the newest threats,
defenses, and vulnerabilities through workshops, presentations, and live demos. The aim is to elevate skills, fortify defenses, and stay ahead in a fast-changing digital world.
This year’s annual event, which took place in Las Vegas, USA during 5-10 August, was attended by Nemko’s Mr.Øyvind Storhaug, who runs the pen test operation at the Systemsikkerhet (System security) section in Arendal, Norway.

Amongst the many examples presented, he noted i.a. the vulnerability of satellites positioned in Low Earth Orbit (LEO), which depends on obscure communication methods, necessitating once expensive (but now affordable) communication equipment for protection against hacking. This parallels the situation with OT and IoT devices.
However, unlike those devices, once a satellite is launched, upgrading or repairing becomes nearly impossible. In an experiment, researchers created a virtual satellite closely resembling a real one. Astonishingly, they gained complete control over it and even established a password, effectively locking out the rightful owners from the control without the password!

For more information, please contact Oyvind.Storhaug@nemko.com

(The article is based on the information provided by Geir Hørthe and edited by T.Sollie)