LG is first company to achieve certification to the new SafeShark and BSI Consumer IoT Verification

LG has become the first company to pass SafeShark and BSI’s newly launched Consumer IoT Verification Scheme, demonstrating its commitment to cyber security best practice.

Pictured (l-r) DTG Strategic Technologist and SafeShark director Alex Buchan, LG Electronics Director EU Innovation Digital TV R&D Stuart Savage and BSI Global Digital & Connected Product Sales and Operations Manager Tolga Sakar.

The first scheme of its kind, SafeShark testing and BSI certification provide assurance that connected products and devices have appropriate cyber security controls in place for their intended use, in accordance with international best practice.

The scheme has been developed through Department for Digital, Culture, Media & Sport (DCMS) funding and industry collaboration with the National Cyber Security Centre (NCSC), as well as international standards body ETSI. SafeShark tests products against cyber standard ETSI EN 303 645 using a unique and innovative automated testing platform called Intercept. Certification is provided by BSI based on a test report provided by SafeShark.

The consumer logo demonstrates a rigorous, objective and independent verification of a connected device’s security - offering peace of mind to consumers and shareholders, and giving manufacturers a genuine, certified point of differentiation on shelf.

Once certified, products are continually monitored by the Intercept platform to ensure compliance is maintained over the whole life-cycle of the product, as firmware is updated, and as cyber threats and standards evolve.

Commenting on the news LGEUK President Mr B.S. Lee said: “We are pleased to announce that LG Electronics has become the first company to pass the SafeShark test specification with its Smart TV platforms, demonstrating its commitment to cyber security best practice.

“LG's product development and innovation platform seeks to ensure that all its technological advancements are future-ready and have consumer safety and security as a core priority. The SafeShark and BSI certification is a critical first step, to ensure we are prepared for future UK and EU legislation, which mandates that manufacturers must prove they have met cyber security performance requirements before being able to sell their products.”

SafeShark Director Alex Buchan said "SafeShark is delighted that LG has leveraged first mover advantage to demonstrate best practice, before legislation mandates manufacturers take action. The cybersecurity threat around connected devices is a critical issue and this scheme offers proactive manufacturers like LG the opportunity to parlay compliance into a point of differentiation, positioning themselves and their products as the most trusted on the market and giving consumers confidence at the point of purchase.”

BSI Sales and Operations Manager - Digital & Connected Product Certification Tolga Sakar said “Huge congratulations to LG for being the first organisation to achieve certification to the new Consumer IoT Verification. This achievement proves that LG’s products adhere to the security protocols outlined in the emerging legislation, which will give consumers confidence that an LG connected device or appliance is secure. The LG team should be very proud of this success.”

SafeShark selected as finalist in DCMS ‘Most Innovative Cyber SME 2022’ competition

SafeShark has been selected as one of the UK’s 14 most creative and original information security businesses in the UK.

SafeShark, a Joint Venture between DTG Testing and Connect Devices, backed by BSI to provide the leading independent certification for new IoT cybersecurity standards, has been shortlisted in the UK’s Most Innovative Cyber SME 2022 contest, run by the Department for Digital, Culture, Media & Sport (DCMS) in partnership with Infosecurity Europe.

As a finalist, SafeShark will have a stand (M96) in the DCMS Cyber Innovation Zone at InfoSecurity Europe 2022 (21-23 June at ExCeL London) where we’ll be demo-ing the SafeShark objective and continuous testing to meet the new upcoming legislative requirements, backed by BSI certification to turn compliance into competitive edge.

A full list of 2022 finalists can be found here.

This is the seventh year the competition has been run, and is open to micro, small and medium cybersecurity businesses registered in the UK. The overall winner will be announced live on the Innovation Showcase stage at the show. Visitor registration is open here.  

Commenting on the news, SafeShark Director and DTG CEO Richard Lindsay-Davies said: “We are delighted that SafeShark has been recognised as one of the most important innovations in the cyber security space. The legislation that is now before Parliament is designed to add a layer of protection for consumers in their own homes. This award underlines that SafeShark goes beyond those mandated requirements to demonstrate to retailers and their consumers that device manufacturers have really gone the extra mile to keep their customers safe.”

Breakfast Briefing: Cybersecurity Standards in action

As SafeShark and BSI get ready to announce the first global consumer device manufacturer to attain our new Cybersecurity certification, we’re inviting representatives from across the connected devices sector to get up close and in person with the tech, the process and the standard.

This session of Parliament is one of the busiest for the TV and tech sector in years, with the Media Bill and the Product Security and Telecommunications Infrastructure both making headline news for our industry.

But what will the latter mean in practical terms? Legislation may lay down a compliance baseline, but the real market opportunity lies in driving best practice in an area that is moving closer to the top of the consumer agenda. Connected device manufacturers need to:

Protect your customers, your business, your investors, your reputation, and your brand position.

Prepare for the legislation and increasing consumer demand before this becomes a business-critical issue.

Enhance your products and brand early on, building a reputation and trust by taking a hard consumer protection stance.

Which is where Safeshark and BSI come in.

Our Breakfast Briefing offers delegates an update on the impact of the legislation direct from DCMS, an insight into the tech behind SafeShark with our live demo on a connected TV, and an outline of how certification will help them turn compliance into competitive edge.

Where: Tintagel House, 92 Albert Embankment, London SE1 7TY

When: Thursday June 30th 8.45am – 10.15am (followed by one-to-one opportunities)

Register now using the form below:

What is SafeShark?

Set up through DCMS funding, SafeShark is a Joint Venture between DTG Testing and Connect Devices, backed by BSI to provide the leading independent certification for new IoT cybersecurity standards. SafeShark certification is designed to secure consumer trust and ‘Protect, Prepare and Enhance’ product, offer and brand position.

Certification offers proactive manufacturers the opportunity to leverage first mover advantage, parlaying it into a point of differentiation and positioning themselves and their products as the most trusted on the market.

Product Security and Telecoms Infrastructure Bill in Queen's Speech

The bill, which aims to improve “cyber resilience and digital connectivity” across the UK, was one of the five bills moved into the current session from the last. It contains the legal compliance obligations for manufacturers of IoT connected devices. Read more here.

New Scottish co-ordination centre to tackle cyber threats

Scotland’s ability to prevent and respond to a growing cyber threat will soon be increased with the creation of a new Scottish Cyber Co-ordinations Centre (SC3).

This £1.5 million centre will pool expertise to: share intelligence; provide early warning of cyber threat and attacks; manage incidents and lead recovery. It is a part of the Scottish Government’s Covid Recovery Strategy as they are committed to establishing a recognised, authoritative and collaborative function to combat the accelerating threat of cyber attacks.

“At times of heightened international tension, it is more important than ever to ensure that Scotland is ready to defend itself against cyber attacks […] Establishing a new dedicated cyber co-ordination centre is a bold and ambitious development for Scotland. By providing a central coordination function that pools expertise from across a number of existing or developing Centres of Excellence, we can maximise our ability to work together to address cyber threats and attacks – whether that is sharing intelligence, providing early warnings, managing incidents or leading recovery.”

John Swinney, Deputy First Minister

Read the full report here.

Report: 90% of technology decision-makers deem security a 'business priority'

According to the PSA Certified 2022 Security Report, 90% of its technology decision-maker respondents have increased the importance placed on security in the past 12 months, making it one of their top three business priorities.

The annual report, now in its second year, surveyed 1,038 technology decision-makers across Europe, USA, and APAC. They found that a third of companies believe that the risk of IoT hacks has risen during the pandemic due to widespread distributed working. A further 31% of respondents identified cost as the major inhibitor from implementing more stringent security measures.

The desire for guidance is also higher than ever, with 96% of respondents saying they would be interested in an industry-led set of guidelines on IoT best practices – considerably higher than the 84% in 2021.

Security frameworks and step-by-step guides were ranked as the most useful tools for deploying secure products to market, underlining the critical nature of education and support in shaping a more secure IoT.

Read the full report here.

Study: UK firms most likely to pay ransomware hackers

A new report by security firm Proofpoint suggests that around 82% of British firms, which have been victims of ransomware attacks, paid the hackers in order to gain back their data. The global average was 58%, making the UK the most likely country to pay cyber-criminals.

Proofpoint’s data also found that more than three-quarters of UK businesses were affected by ransomware in 2021 alone, with phishing being the key way that criminals accessed company networks.

Furthermore, only half of the companies affected by ransomware regained access to data and systems after the first payment, the research found, as criminals got greedy and demanded more money.

The fact that phishing remains the favoured method of attack for cyber-criminals means that firms need to build "a culture of security", said Proofpoint researchers.

Read the full study here.

Record levels of investment into UK’s cyber security sector

New government data shows that 1,800 UK-registered cyber security firms have generated a total of £10.1bn in revenue in the most recent financial year, a massive 14% increase from the previous financial year. The DCMS Annual Cyber Sector Report, which tracks the growth and performance of the UK cyber security sector, reveals the industry contributed around £5.3bn to the UK economy in 2021, rising from the previous year’s figure of £4bn.

More than £1bn of external investment for these UK cyber security firms was secured across 84 deals. Employment across the industry also grew by 13%, with more than 6,000 new jobs added to the UK’s 50,000-strong cyber workforce.

“Cyber security firms are major contributors to the UK’s incredible tech success story. Hundreds of British firms from Edinburgh to Bristol are developing and selling cutting-edge cyber tools around the world that make it safer for people to live and work online. We are investing in skills training and business initiatives to help the UK go from strength to strength as a global cyber power and open up the sector to people from all walks of life.”

Nadine Dorries, Digital Secretary

Read the full release here

Jan 28th is Data Protection Day – are you taking action?

Cyber security and data protection and privacy is becoming an increasingly hot topic amongst consumers. From high profile cyber attacks and hacks, to GDPR and awareness of personal permissions, the UK population is becoming ever more savvy about how their data is being used, and by whom.

Our 2021 Consumer survey report – State of the Nation – found that privacy concerns around personal data while watching TV corelated strongly with age. More than a third (36%) of all respondents said they didn’t want their personal data or viewing behaviour accessed or shared at all by or with broadcasters, advertisers and streamers/platforms. However, this rises sharply to 62% in older demographics, while only 16% of 16-25 year olds expressed any concerns.

But, the cybersecurity threat is evolving. IoT devices are increasingly a target for cyber criminals as security by design hasn't yet been properly established in such a fast-moving and emerging market.

Add to that a changing threat landscape, and new working patterns driven by the pandemic, and lines between consumer home network security and that of employers has become blurred. It means privacy and security in the home is now a critical issue for both users and employers.

The upcoming Product Security and Telecommunications Infrastructure Bill, which had its second reading in Parliament this week, is designed to set minimum requirements of manufacturers to protect consumers using connected devices, laying down a compliance baseline, but the real market opportunity lies in driving best practice in an area that is moving closer to the top of the consumer agenda.

Certification offers proactive manufacturers the opportunity to leverage first mover advantage, parlaying it into a point of differentiation and positioning themselves and their products as the most trusted on the market.

What is SafeShark?

Set up through DCMS funding, SafeShark is a Joint Venture between DTG Testing and Connect Devices, backed by BSI to provide the leading independent certification for new IoT cybersecurity standards. SafeShark certification is designed to secure consumer trust and ‘Protect, Prepare and Enhance’ product, offer and brand position.

What will basic legislative compliance look like? 

There are three security requirements for legislative compliance:

These requirements are a subset of a European IoT cyber security standard (ETSI EN 303 645) and associated test specification (ETSI TS 103 701). 

Is this enough?

However, these represent a minimum baseline requirement for compliance and on their own are not enough to build trust around a product or brand.

DCMS has said the regulation is the first step on a journey, and it is undoubtedly the rock on which secure IoT can be built – but it is not, by any means, the entire solution. Compliance alone will not represent or demonstrate good practice, but the standard does.  So, there is a unique opportunity for first movers to go beyond basic compliance and drive differentiation by forging trust with an ever more security-savvy consumer base.  Proactive manufacturers will:

Protect your customers, your business, your investors, your reputation, and your brand position.

Prepare for the legislation and increasing consumer demand before this becomes a business-critical issue.

Enhance your products and brand early on, building a reputation and trust by taking a hard consumer protection stance.

So, why SafeShark?

SafeShark’s assessment process will incorporate the requirements in the ETSI test specification that have been classified as ‘Mandatory’. But it takes manufacturers beyond that, turning compliance into a competitive edge and combining accessibility and affordability using its automated Intercept software.

Preparation and protection

The UK Government has said the legislation will adapt over time to remain effective. Additionally, with European requirements also being developed, the SafeShark assessment process will ensure products are prepared for future developments, protecting customers, shareholders, and brand trust. 

Support

We are here to support manufacturers, help navigate the legislation, ease the burden of in-house testing and self-certification, and ensure your products demonstrate appropriate security certification.

Independent

Going beyond basic compliance, the BSI mark demonstrates a rigorous, objective, and independent verification of a connected device’s security - offering peace of mind to consumers and shareholders, and giving manufacturers a genuine, certified point of differentiation on shelf. 

Uniquely placed

Our proprietary testing platform – Intercept – is the only pass/fail model in this market providing repeatable, objective results. Our UKAS-accredited lab in Central London – the UK’s only comprehensive testing and accreditation centre for digital TV devices and services – incorporates the DTG Testing Zoo, the world’s largest independent collection of connected televisions and devices and our team of dedicated expert technologists.

Ongoing service

SafeShark’s best-in-class service ensures the device is subjected to continuous testing, throughout its market life to ensure our certification remains valid. The manufacturer and retailer remain informed and confident in the security credentials ultimately protecting the end consumer.

PSTI bill introduced to parliament for second reading

The Product Security and Telecommunications Infrastructure Bill has its second reading today, 26 January 2022. The bill would make provisions about the security of internet-connectable products and products capable of connecting to such products; to make provision about electronic communications infrastructure; and for connected purposes.

The Bill would:

This briefing explains the background and main provisions of the Product Security and Telecommunications Infrastructure Bill 2021-22.

Read it in full here.