Technology Update - EAW News June 2020

Jun. 23 2020

With accelerated business transformation, especially as it relates to data, digital and analytics being the new normal; the issue of security of connected objects becomes ever more pressing. The number of cyber-attacks on connected objects also continues to grow numbering many hundreds of millions of attacks every year. Yet recent research claims only 10% of IoT manufacturers consider security by design. To support device buyers and sellers worldwide, our June issue of Bureau Veritas’ global E.A.W. eNewsletter has a special focus on cybersecurity and introduces three complimentary webinars for your consideration.

EAW JUN main image

Bureau Veritas Consumer IoT Cybersecurity

There are a variety of cybersecurity regulations and guidelines that have been published or are being updated around the world including a new requirements under the EU Radio Equipment Directive, the EU Cybersecurity Act, ETSI-EN 303 645; CTIA IoT cybersecurity; OWASP; USA’s California CCPA and Nevada’s SB220, etc. To comply with these regulations and standards, it is the responsibility of an IoT Device manufacturer to make sure all the necessary measures to avoid security defects have been implemented and follow the state-of-the-art cybersecurity measures.

Bureau Veritas continues to innovate and evolve our Cybersecurity Solutions. Join our series of webinars to understand the market landscape of cybersecurity and gain insights from our technical presenters on how to address ever-changing industry standards and regulatory requirements whilst effectively identifying common known vulnerabilities in connected products.

IoT Cybersecurity Essentials Series #1 – Challenges, Risks & Regulatory Framework

Companies and IoT device manufacturers need to demonstrate due diligence has been carried and implement best practice approaches in the assessment of the resilience of their connected products to provide confidence to the end users. Join our cybersecurity essentials launch webinar to get the latest information on:

Cybersecurity challenges for consumer IoT and retail markets

Cybersecurity risks and measures including TARA (Threat Assessment & Risk Analysis); architecture and attack surfaces and security counter measures

Cybersecurity regulations and standards for your IoT products:


 •  EU Cybersecurity Act I Radio Equipment Directive I ETSI-EN 303 645
 •  CTIA IoT Cybersecurity I OWASP I Eurosmart IoT Certification
 •  USA’s California Consumer Privacy Act (CCPA) I Nevada’s SB220
 •  UK’s NSCS Code of Conduct
 •  … etc.

Bureau Veritas’ IoT Device Cybersecurity Suite of Solutions 


IoT Cybersecurity Essentials Series #2 – Understanding & Managing Vulnerabilities

To validate your product is protected against all known vulnerabilities, you firstly need to understand what the known vulnerabilities are and then secondly test your connected object to validate it is protected. Joining the webinar, you will get 1st hand information covering:

What are the key vulnerabilities and what are their sources

How you can assess your connected products against all known vulnerabilities

Introduction to P-SCAN – an automated test platform to detect vulnerabilities and protocol implementation defects for communications interfaces (Zigbee, Bluetooth®, Wi-Fi®)

Overview of our technical partner, CEA-Leti, a global leading cybersecurity research organization

Penetration Testing Essentials for Consumer IoT Devices

Introduction to our global network of accredited labs and technical centers in France, USA, China and Taiwan who can support you with enabling smooth market access and a good end-customer experience


IoT Cybersecurity Essentials Series #3 – Demonstrating Trust, Maintaining Compliance

After price, cybersecurity is the main criteria that consumers consider when purchasing connected objects. They especially look for means to identify and select the level of security via labels. Join our webinar to see how you can benefit from the Bureau Veritas Cybersecurity Assessment Scheme. 

Identify which of the 3 classes of evaluation is suitable for your product


• Basic Essential: Minimal regulatory requirements; maximum consumer protection – passwords management, software update policy, sensitive data management, resistance to known vulnerabilities, …


• Basic Advanced: Compliance to guidelines for low – medium risk products – GDPR compliance, software update testing, documentation and testing of third-party components for known vulnerabilities, …


• Substantial Advanced: Compliance to guidelines for higher risk products – Verification of integrity of software through secure boot process, …

Bureau Veritas IoT Device Cybersecurity Assessment & Certification Scheme supporting you in understanding, preparing and complying with security requirements for your connected products/devices

“Black Box” (securing end users) and “Grey Box” (securing design and development) Approaches

Introduction to our Product Certification Scheme