Along with the evolution of Internet of Things (IoT) and 5G service, technology is deeply ingrained in human life, while the cybersecurity of networking devices also poses a huge concern.
Taiwan is a hotspot for hacker attacks, as well as the best site for cybersecurity testing. In order to strengthen the security of IoT, the Taiwan government has recruited experts from the cybersecurity industry and top academics to work on the drafting and implementation of the "Internet of Things Cybersecurity Certification" system.
Since 2017, Taiwan has gradually established IoT cybersecurity industry criteria for three types of products, including video surveillance systems, smart bus information and communication systems, and smart street lights, including the “Video Surveillance System Cybersecurity Standard,” the “Smart Bus Onboard Information and Communication System Cybersecurity Standard,” and the “Smart Bus Information and Communication System Cybersecurity Standard.”
Thirty-six models of Taiwan IP Cams have obtained cybersecurity certification
Internationally, hackers are using IP cameras to launch distributed denial-of-service (DDoS) attacks in a number of incidents. Since the IP network cameras made in Taiwan account for 35% to 40% of the total number installed worldwide, it is all the more necessary to consider cybersecurity as one of the most important elements.
Therefore, among a wide range of IoT devices, Taiwan has given priority to video surveillance systems for the implementation of IoT cybersecurity.
The "Video Surveillance System Cybersecurity Standard" was jointly developed by the Institute for Information Industry (III) and the Taiwan Association of Information and Communication Standards (TAICS) commissioned by the Taiwanese government.
The standard, with its comprehensive testing and certification system, has assisted 11 Taiwanese companies and 36 models of IP cameras to improve their cybersecurity design and acquire the certification.
Figure 1:Taiwan companies with IoT cybersecurity certification
Not only video surveillance devices, including smart bus onboard units, smart stop signs, smart street lamps, etc., are being sent by manufacturers for certification to secure a conformity label, the cybersecurity standards and test specifications for smart speakers are being developed.
In addition, the Video Surveillance System Cybersecurity Standard has been certified as a national standard (CNS 16120).
Compliance with international IoT cybersecurity standards
To be in conformity with the international common cybersecurity criteria, the III requires that the regulations of the IoT Cybersecurity Certification System be formulated in accordance with international IoT-related cybersecurity standards, such as the CNS 27001, ANSI/CAN/UL 2900-1:2017, GSMA IoT Security Guideline, OWASP IoT Top 10 Vulnerabilities, and the Japanese government's IoT security guidelines.
As such, Taiwan-made products that have passed the test also comply with the U.S. IoT network security standards and regulations.
Depending on the security risk and complexity of security technology protection, we classify Taiwan's IoT cybersecurity certification system into three levels and award qualified providers corresponding certification marks.
Level 1 is the elementary cybersecurity level for certified IoT devices that can be used safely in an average household. Level 2 is the intermediate level, which is suited for networking devices for commercial use, and Level 3 is the highest level of cybersecurity.
Figure 2:Cybersecurity level
In order to meet market demands, any industry feedback or market complaints regarding the IoT cybersecurity certification regulations will also be reviewed and standards and regulations updated under the supervision of the III.
Through the establishment of the IoT cybersecurity standard, Taiwan actively encourages Taiwan's equipment suppliers to invest in product upgrades and incorporate the concept of cybersecurity into product design at the product development stage.
Cybersecurity certification ecosystem builds testing credibility
Taiwan's "IoT Cybersecurity Certification" system has a rigorous cybersecurity certification ecosystem in place.
Under the authorization of the competent authorities, TAICS is a certification body responsible for promoting the development of industry standards and the verification of the authorization regulations of the IoT Security Label.
The Taiwan Accreditation Foundation (TAF) certifies testing laboratories to ensure that they have adequate cybersecurity testing capabilities. Finally, a third-party testing laboratory is responsible for testing and submitting test reports to TAICS for review, and only those products that pass the review will receive the cybersecurity testing certification and label of conformity.
Figure 3:Taiwan cybersecurity certification framework
TAF has currently issued the evaluation and certification to 12 professional testing laboratories, which have begun to assist IoT device manufacturers in testing their products to ensure that they have effective network protection.
Pushing international links and ETSI exchange
As a service point of contact for cybersecurity certification in Taiwan, TAICS promote the testing and certification system to international standards organizations and industry associations, such as ETSI, NIST, MTSFB*, etc., and to facilitate international participation and cooperation.
Among others, TÜV Rheinland has joined the Taiwan certification system and is one of the accredited laboratories for video surveillance systems.
IPCAM network security has been taken seriously by the world and is considered a matter of great concern. Through the implementation of the "IoT Cybersecurity Certification," high-tech products ordered and produced in Taiwan will have higher cybersecurity quality in the future, and Taiwan will also become a "safe and reliable digital island."
*1. ETSI:European Telecommunications Standards Institute
*2. NIST:National Institute of Standards and Technology
*3. MTSFB:Malaysian Technical Standards Forum Bhd
For more information about IoT Cybersecurity Certification, check out: TAICS