Securing UK devices through new cybersecurity test lab
Securing UK devices through a new cybersecurity test lab
The Internet of Things (IoT) presents vast and exciting opportunities for innovation for businesses. However, as more businesses are increasingly reliant on connected devices, they expose themselves to increasing security risks. Robust and timely security testing and validation is therefore essential to ensure product security for businesses and their customers, as well as aligning with industry regulations.
The average data breach takes months to identify and contain (Ponemon Institute 2023), underscoring the critical importance of timely security assessments. For large businesses and OEMs, this testing is not a large burden, but for SMEs and micro-sized businesses in the UK the complexity and expense of testing can be a steep barrier to innovation utilising the IoT.
Challenge
Testing and validation of connected devices is complex. There are many potential security threats that could be tested for, which may require many different 3rd party providers. This adds time, complexity and expense to the validation process.
The speed at which businesses are needing to adopt new technology to stay competitive in their fields has resulted in a gap in device security compliance testing for many businesses but is essential to build consumer trust.
The challenge is especially acute for SMEs and micro-businesses that don’t have the resources, capacity or expertise to test in-house or procure commercial services.
Solution
To address this gap, the IoT Operational Security Testing & Evaluation Centre (IoTSETEC) has been set up by WMG’s Secure Cyber Systems Research Group. This vendor-neutral, automated platform is designed specifically to provide cost effective, simplified compliance testing for SMEs and micro-sized businesses.
Being vendor-neutral means the lab is not restricted by a single security testing solutions or vendor- this allows for better and more adaptive security testing regimes tailored to the client's needs. This end-to-end security and resilience testbench for IoT and Cyber-Physical Production Systems (CPPS) spans the security testing lifecycle, from basic report submission and change check functionality to more extensive data gathering, aggregation, and mapping capabilities. The lab helps identify vulnerabilities through advanced testing techniques such as fuzzing, dynamic analysis, and hardware testing, enabling businesses to enhance product security, protect consumer data, and meet regulatory requirements effectively.
Businesses can be selective about which testing they require, reducing both time and cost rather than paying for a suite of unnecessary tests. Conversely the facility also has the capacity to exhaustively test in a cost-effective manner not offered by commercial providers.The IoTSETEC facility offers tailored services to accommodate various types of physical or digital devices of different sizes and complexities, spanning from consumer-grade smart home devices to industrial IoT (IIoT) systems deployed in critical infrastructure. The Centre’s pricing model is transparent and adaptable, designed to ensure accessibility for Micro-businesses and SMEs while scaling to meet the needs of larger organisations, with costs tailored to project scope, testing type, resource demands, and equipment use.
WMG was uniquely well placed to develop this lab because of its established reputation as part of the University of Warwick’s Academic Centre of Excellence for CybersecurityLink opens in a new window. We have collaborated with both government and industry to ensure that UK businesses adhere to best practices in securing modern cyber systems.
WMG’s mature R&D capability and depth of experience working with businesses means that we can have immediate impact on commercial environments. Businesses can come to WMG’s Cybersecurity team of experts and feel confident that they don’t need specialist knowledge on regulations to be fully compliant.
Impact
Ultimately, lowering the barrier to entry for IoT devices promotes innovation for SMEs and micro businesses.
By offering gradual and scalable testing services, this facility helps to build long-term cybersecurity maturity and resilience, which allows businesses to start small and incrementally building their security capabilities.
IoTSETECserves as a vital resource for SMEs seeking to navigate the complexities of cybersecurity compliance. It fosters a proactive and sustainable approach to security, ultimately contributing to enhanced market competitiveness and long-term organisational resilience.
"For SMEs, building in-house security testing is costly and resource-intensive. IoTSETEC provides a world-class alternative, offering cutting-edge assessments without the overhead." Professor Gregory Epiphaniou, WMG Cyber Security Group
“From an industry perspective, it’s valuable to have a safe, secure, and healthy environment where companies can test and evaluate their products and IT devices. This is important not only from a regional standpoint but also for national security, as having such facilities available supports both innovation and protection.” - Ryan Prothero, Cluster Manager, Midlands Cyber
Interest in the laboratory facilities has been shown by Bentley, Tata, the Bill Gates Foundation and government, strengthening WMG’s relationships with industry and government. The success of the facility in providing cutting edge testing services has also resulted in subsequent projects and partnerships with organisations including Thales UK and VMO2.Thales UK partnered with WMG in the ResAuto project, which provided valuable insights into CHERI-based (Capability Hardware Enhanced RISC Instructions) memory error handling for the automotive industry, enhancing security and resilience in automotive hardware.
Get in touch to find out how WMG can help your business with compliance testing at wmgbusiness@warwick.ac.ukLink opens in a new window