Grant Programme for Consumer IoT Assurance Schemes 2020/21
A grant-making programme to support the development of industry-led assurance schemes for consumer IoT security, including details of the successful bids.
Documents
Details
Applications to this programme have now closed.
Product assurance schemes help consumers make better purchasing decisions in a crowded market. They are a statement of confidence in a product’s ability to keep a person safe (for a given threat model). The better the technical efficacy of the scheme, the more trust we can gain in the product.
They provide feedback to manufacturers to help them improve their product, and can demonstrate effective cyber security measures aligned with the security requirements of the government’s intended legislation. The requirements of an assurance scheme can go beyond the baseline for compliance with legislation, achieving better security standards. The government wants to support a secure by design approach that manufacturers implement and consumers value.
We recognise the importance of product assurance in achieving good security outcomes, and are working to ensure that product assurance processes play an appropriate role in our legislative approach. Where changes to the wider technological or threat landscapes render it appropriate, the intended legislation will enable Ministers to mandate assurance schemes for particular categories of consumer connected products, especially where the risk to consumers is considered to be high.
DCMS has been working closely with the NCSC to explore how we might gain confidence in products that claim to meet the EN standard. Together, we have supported UK innovators through a £400,000 grant programme to develop pilot schemes. The ultimate objective is to ensure accessibility of the assurance market, and to catalyse uptake of good cybersecurity practice as contained within the ETSI EN 303 645 and the Code of Practice.
There are many ways in which the security of consumer IoT products can be improved, assurance services being one of them. DCMS strongly encourages manufacturers to explore these new services as part of their approach (including those that were not supported through this grant-making initiative).
The three successful bidders have piloted separate assurance schemes to explore different aspects of the consumer IoT landscape. They are:
The Internet of Toys Assurance Scheme: by combining cybersecurity standards with the data protection requirements of the Age Appropriate Design Code, this scheme is tailored for devices likely to be used by children under 18.
Smart TV Cyber Security Assurance: the SafeShark platform detects specific security vulnerabilities in smart TVs. This will underpin the BSI Consumer IoT Verification Scheme, providing confidence to consumers that best-practice cyber security has been met for TV products displaying the logo.
IASME IoT Security Assured: the scheme is based on self-assessment and review by an assessor, creating an accessible means for start-ups and smaller businesses to show their commitment to protecting consumers from cyber threats.
The three grant recipients will each be offering webinars explaining the nature of their projects, what they have created using the DCMS Grant Funding, and providing an opportunity for interested parties to ask questions of the teams. The webinars will take place on the 19 May 2021. Tickets can be booked in advance of the sessions by clicking on the following links.
Introduction to IoT Security Assured Scheme 9:30-10:30am 19 May: Introduction to IoT Security Assured
Introduction to the Internet of Toys 11-12pm, 19 May: Introduction to the Internet of Toys Certification Scheme
Introduction to Safeshark 12:30-1:30pm, 16 June: Introduction to Safeshark
Updates to this page
Last updated 14 June 2021 + show all updates
-
The 'Introduction to Safeshark' webinar has been moved to Wednesday 16 June, 12:30-1:30pm.
-
Added details of the successful bidders to the programme. Added details of free webinars happening on 19 May.
-
The eligibility criteria has been amended to provide clarity for bidders.
-
First published.