The Internet of Things (IoT) has entered the home. As cloud technology continues to expand its market reach, cloud-based applications are starting to make waves in the consumer market. Combined with a market of industry-specific platforms already in use, it’s clear the future of digital integration into everyday life will come from IoT developments.

The development and implementation of IoT-based products is anything but a risk-free zone. Plenty of risks abound, especially in terms of security. The more people using IoT devices, there needs to be a clearly defined process in place to ensure the quality of products and a surveillance protection policy is in place.

With a robust security infrastructure in place, hacking and other forms of cybercrime can be prevented.

Setting standards and norms is difficult in every industry, as it requires a set of objective standards and strong third-party intervention. In IoT, security framework is particularly challenging because so few standards have been set.

In traditional IT such as firewalls, switches, and routers, new products are subject to Common Criteria (CC) evaluation. Under CC, companies can list the security functional requirements (SFRs) within a security target. Since every product can be designed differently, and new products are always being developed.

This is the framework traditional IT and cloud companies must work through to gain security accreditation for any new products, or new product updates. Although it is a tedious system, it does provide strong third-party security standards.

Smart TVs and CC Framework

It is only within the last few years that IoT companies have been passing through the CC framework successfully. In 2016, Samsung achieved an Evaluated Assurance Level (EAL) 1 for their Smart TV. Then in April of 2017, LG took a step further and achieved an EAL 2 for their Smart TV product. The company published a study detailing its certification process, and here are two important takeaways:

Step 1: Operational Capacity

It’s the company’s responsibility to show with adequate proof that their product is resistant to malware or external attack. LG put the software underlying Smart TV through a series of tests to show its operational capacity.

Step 2: Security Requirements

In the absence of PPs for the Smart TV, LG created security targets based on similar PPs, for kernel, mobile device, Digital Rights Management (DRM), and the application of Smart TV.