Internet of Things

Connecting every single thing is the basic idea of the internet. More and more machines, plants and devices are integrated into this global network. These "things" can carry out many production steps in a highly automated manner – Industry 4.0. Humans control whether machines themselves have everything under control. This control, however, is absolutely indispensable as cyberattacks are possible – and occur every day in the so-called Internet of Things (IoT). Thus, cybersecurity cannot be taken for granted, but must be established again and again.

Cybersecurity in  IoT is  essential for businesses. This is due to the fact that cybersecurity incidents can cause severe damages, for instance non-functioning servers or broken-down production chains.  It is equally quite conceivable that a hacker manipulates steam boilers, pressure equipment or tank facilities so that they explode.

Most machines and plants were not originally designed to function in the age of IoT. They had to be digitally retrofitted and often lack up-to-date safety mechanisms. The TÜV Association is of the opinion that they require additional protection.

Every device that communicates via internet protocols can become a target of cyberattacks.

Marc Fliehe

The fight against cyberattacks

The Internet of Things is not limited to industry alone. Every smartphone, every smart watch and every smart home application (such as "smart" electricity meters) is linked to the greater network - and is therefore just as vulnerable. The number of smart products connected to the internet is rapidly increasing: 30 billion devices in 2020, and up to 75 billion estimated devices in 2025.

"Most IoT devices are being designed based on functionality considerations instead of security considerations," the German Federal Office for Information Security (BSI) reminds us. Hence, IT security does play no or only an inferior role during product development. "This results in the emergence of a new vulnerability area, which can be used by cyber criminals for their own purposes." Every day, cybercriminals around the world are searching for new ways to break through defence lines. Thus, the level of security must increase at the same pace. What was considered secure two years ago can already be significantly vulnerable today.

There is no such thing as absolute safety

This is why the TÜV Association calls on industry and politics to equip new products with the best possible security measures. This is especially crucial when a cyber-attack can also lead to physical risks for life and limb. The TÜV experts are of the opinion that neither consumers nor business operators can be expected to carry out software updates ex-post in order to achieve the necessary security level. Nevertheless, regular updates must be offered by the manufacturer/developer to keep products secure throughout their entire lifecycle.

With its expertise, the TÜV Association contributes to the EU-wide Cybersecurity Act, which offers a powerful regulatory framework for IoT devices. Likewise, the TÜV Association is involved in the deliberations to the German IT Security Act with its focus on the protection of critical infrastructures. 

Apart from that, the TÜV Association goes an important step further: Together with its members, the TÜV experts have developed their own certification for IoT products. While acknowledging that there is no absolute security, the certificate indicates that the product has incorporated the best possible protection mechanisms up-to-date- certified by TÜV experts.