News
Adoption of GlobalPlatform’s IoT security evaluation standard grows with European recognition
October 2023 by Marc Jacob
GlobalPlatform’s Security Evaluation Standard for IoT Platforms (SESIP) methodology has been adopted as the basis for a European Standard (EN) by the European Committee for Standardization, CEN and CENELEC. The standard is working to help the IoT ecosystem address regulatory fragmentation and better understand, deploy and explain security.
Value for all IoT stakeholders
The World Economic Forum (WEF) reported in 2022 that cybersecurity threats have increased by over 358% in recent years, outpacing societies’ ability to effectively prevent or respond to them. A year on the challenge persists, with WEF noting cybersecurity as a constant concern and listing as a top 10 global risk for 2023.
The SESIP methodology provides a standardized approach for evaluating IoT security implementations, tailored to the unique requirements and challenges of the evolving ecosystem. The methodology has analyzed and mapped regulatory and industry requirements from leading organizations such as ENISA, ETSI, IEC and NIST. The IoT community therefore has a single, accessible reference point for assessing IoT cybersecurity in line with these and other requirements, reducing fragmentation, complexity and cost from security certification processes for stakeholders.
Additionally, the SESIP methodology also supports composition and reuse of certificates. This enables previously certified components to be used to build a device with in-built security assurances, without having to repeat a complete evaluation of the same component in each and every targeted market. This drives greater efficiency, security, innovation, and cost-savings across the certification process.
Importantly, both national and private certification bodies are creating and managing certification schemes based on the SESIP methodology. One recent example is Taiwan where the methodology is being assessed by the Institute for Information & Industry.
A rapidly growing ecosystem
SESIP has rapidly grown into an internationally recognized standard for security evaluation, supported by a large community of security providers, industry bodies, security laboratories and other stakeholders.
The GlobalPlatform community is responsible for maintaining the methodology, enforcing a governance model with an associated quality brand between CBs, product vendors and laboratories. The longstanding certification body (CB) TrustCB has already licensed 10 laboratories and certified 28+ products from industry-leading companies including Amazon Web Services, Microchip Technology, STMicroelectronics, NXP Semiconductors, Renesas, Secure Thingz, Silicon Labs, Trusted Objects and Winbond Electronics Corporation. Most recently, SGS Brightsight CB has joined the program to become a GlobalPlatform SESIP CB.
The methodology is also already recognized and referenced by bodies including PSA Certified, National Institute of Standards & Technology (NIST) and Car Connectivity Consortium (CCC).
Simplifying & strengthening IoT security through standardization
More than 200,000 experts from industry, associations, public administrations, academia, and societal organizations are involved in the CEN and CENELEC network, that reaches over 600 million people in 34 countries. The development of a European Standard is based on the so-called National Delegation Principle and is governed by the principles of consensus, openness, transparency, national commitment and technical coherence.
