- Services
- Industries
- Automotive
- Battery
- Building inspection
- Fire alarms system testing
- Household appliances
- Installation materials
- Industrial machinery
- IT & audio video
- Laboratory, test & measurement
- Lighting equipment
- Maritime, oil & gas
- Medical & healthcare equipment
- Military & aerospace product testing
- Wireless & telecom
- Resources
- About
- Blog
- Events
Cyber Security and the Internet of Things
As we all surround ourselves with an increasing number of smart products, the total number of such products worldwide is in the tens of billions. Each of these products represents a potential threat and has become a prime target for cyber-attacks by hackers and criminals. Not necessarily because the product itself is of interest, but because it can give access to the connected network.
Fortunately, there are several internationally accepted standards to help manufacturers secure their devices.
- EN 18031 series — This is the new European standard that de facto became mandatory for compliance with RED cybersecurity requirements from 1 August 2025. The standard was published in August 2024 and become an EU harmonized standard early 2025, meaning meaning the standard can be used for self-declaration by the manufacturer. If the standard is not used Notified Body must be used. Nemko provides service for this standard today, both for testing to the standard and as Notified Body for RED.
- ETSI/EN 303 645 — This European standard details requirements for security of Internet-connected consumer devices and is used as basis for requirements in a number of countries as well as for several schemes including CB certification.
- IEC 62443 — This series of standards focuses on the cyber security of various aspects of industrial communications networks, including industrial automation and control systems and components, as well as requirements for IACS service providers.
How Nemko Can Help
Nemko can test connected systems and devices according to the requirements and best practices detailed in EN 18031, ETSI/EN 303 645 and other standards as well as performing Notified Body service for cybersecurity of the Radio Equipment Directive.
Cyber Security Product Attestation
This service provides a trusted, third-party cyber security verification method for manufacturers of custom products and components, as well as those who do not require certification. (For a detailed product description, please contact Nemko)
Based on requests from customers, we have developed three services that can help you get a good head start on the new cybersecurity requirements.
Gap analysis report
We do a GAP analysis of your product against the standard and provide a list of the shortcomings and how you should address these. Such gap analysis may be combined with training and workshops.
Training
At Nemko, we have identified the most relevant standards and requirements to meet the regulations. We can take you on a “guided tour” through the standard(s) including examples of solutions.
Workshops
We apply each clause of the standard to your specific product. Workshops are a very concrete and useful way to assess incompliance as they are based on one of your existing products.
