SESIP embraced as European IoT security evaluation standard

GlobalPlatform’s Security Evaluation Standard for IoT Platforms (SESIP) has been embraced as the foundation for a European Standard (EN). 

This milestone decision aims to streamline the IoT ecosystem’s approach to regulatory challenges and facilitate a comprehensive understanding, deployment, and explanation of security measures.

“This is all about raising the bar for IoT security,” commented Eve Atallah, the chair of GlobalPlatform’s SESIP sub-task force.

Atallah highlighted the complex scenario faced by device manufacturers and non-security experts due to the many national and regional regulations that have emerged in recent years.

The SESIP methodology offers a standardised framework for evaluating IoT security implementations, specifically tailored to address the unique requirements and challenges posed by the evolving IoT ecosystem.

The World Economic Forum has reported a 358 percent increase in cybersecurity threats in recent years, outpacing societies’ ability to prevent or respond to them effectively. 

The adoption of SESIP as a European Standard helps to address this pressing issue, providing a unified reference point for assessing IoT cybersecurity in alignment with various regulatory and industry requirements—including those outlined by leading organisations such as ENISA, ETSI, IEC, and NIST.

One of the notable advantages of SESIP is its support for the composition and reuse of certificates. This innovative feature enables previously certified components to be utilised in building devices with embedded security assurances, eliminating the need for a complete reevaluation of the same component in different markets. This not only enhances efficiency but also promotes innovation and cost-savings across the certification process.

The impact of SESIP’s adoption extends globally, with both national and private certification bodies developing schemes based on this methodology. For instance, Taiwan’s Institute for Information & Industry is assessing the SESIP methodology; demonstrating its international recognition and applicability.

“CEN and CENELEC, as two of the officially recognised European Standardization Organisations (ESOs), have a strong commitment to making the digital transition in Europe a reality, working together with all relevant stakeholders to ensure that new technologies are safe, trustworthy and beneficial for all,” said Cinzia Missiroli, Director for Standardization and Digital Solution at CENELEC.

“In this context, our collaboration with GlobalPlatform is key. The work on the European standard based on their SESIP methodology is a good example of what can be achieved in working together for an inclusive and safe digital society for Europe.”

By providing a centralised and standardised approach to cybersecurity evaluations, SESIP addresses the challenges posed by regulatory fragmentation, complexity, and escalating cybersecurity threats.

(copyright： IoT News SESIP embraced as European IoT security evaluation standard (iottechnews.com)