Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
EU Cybersecurity Act and IoT Certification: Landscape, Perspective and a Proposed Template Scheme
RISE Research Institutes of Sweden, Digital Systems, Data Science.
RISE Research Institutes of Sweden. Ericsson, Sweden.
RISE Research Institutes of Sweden. National University of Computer and Emerging Sciences, Pakistan.
RISE Research Institutes of Sweden, Digital Systems, Data Science. Uppsala University, Sweden.ORCID iD: 0000-0001-8192-0893
2022 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 10, p. 129932-Article in journal (Refereed) Published
Abstract [en]

The vulnerabilities in deployed IoT devices are a threat to critical infrastructure and user privacy. There is ample ongoing research and efforts to produce devices that are secure-by-design. However, these efforts are still far from translation into actual deployments. To address this, worldwide efforts towards IoT device and software certification have accelerated as a potential solution, including UK’s IoT assurance program, EU Cybersecurity Act and the US executive order 14028. In EU, the Cybersecurity Act was launched in 2019 which initiated the European cybersecurity certification framework for Internet and Communications Technology (ICT). The heterogeneity of the IoT landscape with devices ranging from industrial to consumer, makes it challenging to incorporate IoT devices in the certification framework or introduce a European cybersecurity certification scheme solely for IoT. This paper analyses the cybersecurity certification prospects for IoT devices and also places article 54 of the EU Cybersecurity Act in an international perspective. We conducted a comparative study of existing IoT certification schemes to identify potential gaps and extract requirements of a candidate IoT device security certification scheme. We also propose an approach that can be used as a template to instantiate an EU cybersecurity certification scheme for IoT devices. In the proposed template, we identify IoT-critical elements from the article 54 of the Cybersecurity Act. We also evaluate the proposed template using the ENISA qualification system for cybersecurity certification schemes and show its qualification on all criteria. 

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc. , 2022. Vol. 10, p. 129932-
Keywords [en]
Conformity Assessment, EU Agency for Cybersecurity (ENISA), EU Cybersecurity Act, Internet of Things, IoT Certification, Security Certification Scheme, Cyber security, Security certification, Software certification, User privacy, Cybersecurity
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:ri:diva-62619DOI: 10.1109/ACCESS.2022.3225973Scopus ID: 2-s2.0-85144011821OAI: oai:DiVA.org:ri-62619DiVA, id: diva2:1729316
Note

This work was supported in part by the Swedish Foundation for Strategic Research (SSF) Secure Software for the Internet of Things(aSSIsT) Project, in part by the Horizon 2020 (H2020) Cyber security cOmpeteNCe fOr Research anD InnovAtion (CONCORDIA) Project under Grant 830927, and in part by the Cybersecurity Knowledge Platform at Research Institutes of Sweden (RISE). 

Available from: 2023-01-20 Created: 2023-01-20 Last updated: 2024-05-24Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Raza, Shahid

Search in DiVA

By author/editor
Raza, Shahid
By organisation
Data ScienceRISE Research Institutes of Sweden
In the same journal
IEEE Access
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 84 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf