TUV Rheinland Becomes IoT Cybersecurity Mark Accredited Testing Lab for IP Cameras
TAIPEI, April 22, 2020 /PRNewswire/ — Due to the cybersecurity requirements of video surveillance system vendors, the Product Safety Testing Laboratory of TUV Rheinland Taiwan was recently certified by the Taiwan Accreditation Foundation (TAF) as an accredited testing lab for Taiwan Association of Information and Communication Standards (TAICS). TUV Rheinland can now provide Level 1 testing and certification for video surveillance systems – IP cameras, as well as product cybersecurity testing based on ETSI TS 103 645 and CA SB 327. IP camera vendors can now open up even more markets by applying for compliance with the product cybersecurity requirements of the EU, California (US), and Taiwan simultaneously.
The emergence of the digital economy and Internet-of-Things (IoT) has given rise to even more IoT cybersecurity threats, such as: hacking of IP cameras, which may lead to the leaking of surveillance footage. Many childcare centers, nursing homes, or families with elderly people, children, and pets now install IP cameras for security surveillance or home security. Attacks against these IP cameras may allow malicious users to compromise the privacy of the system owner without them being aware of it. There have been a number of cybersecurity incidents involving video surveillance systems in recent years. The best-known was the Distributed Denial of Service (DDoS) that took place at the end of 2016 when hackers used the Mirai zombie network to infect large numbers of IP cameras. The infected devices were then used as a springboard to launch DDoS attacks against Internet service providers. As a result, services were disrupted at many high-traffic websites, including Twitter, Netflix, and Airbnb.
To assist the carrying out of comprehensive cybersecurity testing for IP cameras and strengthen IoT security, the Industrial Development Bureau of the Ministry of Economic Affairs (MOEA) commissioned the Institute for Information Industry (III) and TAICS to establish a set of cybersecurity standards and corresponding testing guidelines for video surveillance system cameras that can be applied to embedded cameras with wired connections. The new cybersecurity standard and testing requirements are based on the relevant international IoT cybersecurity standards and testing guidelines, such as CNS 27001, ANSI/CAN/UL 2900-1:2017, GSM (Groupe Speciale Mobile Association) IoT Safety Guidelines, the vulnerability testing of the Open Web Application Security Project (OWASP), and the Japanese government’s IoT Security Guidelines. Together, they establish a domestic cybersecurity quality standard for video surveillance systems. This standard has now been incorporated into the acceptance specifications for procurement projects by subordinate MOEA agencies responsible for critical infrastructure, such as oil, water, and electricity. The cybersecurity standard for video surveillance systems – IP cameras was also formally adopted as the CNS-16120 standard of Taiwan in December, 2019.
The cybersecurity standard for video surveillance systems – IP cameras consists of five security aspects: physical security, system security, communication security, security of identity verification and authorization mechanisms, and privacy protection. The standard sets out in detail the cybersecurity requirements for video surveillance devices. Product security is also divided into three levels (Level 1, 2, and 3), based on the level of cybersecurity risk and the complexity of security technology. Vendors can select what level of product security certification they need based on their own requirements. Products that pass testing by TAICS-accredited testing labs such as TUV Rheinland and then apply for TAICS can obtain the IoT Cybersecurity Mark.
Photo – https://photos.prnasia.com/prnh/20200422/2783436-1
SOURCE TUV Rheinland Taiwan Ltd.