Silicon Labs
  • ⟵ Back
    Products
    Lowest-Power Wi-Fi 6 SoC Available: Introducing SiWx917
    Wireless ProtocolsWireless Protocols
    Bluetooth
    Wi-Fi
    Thread
    Zigbee
    Multiprotocol
    Proprietary
    Z-Wave
    Amazon Sidewalk
    Wi-SUN
    Matter
    IoT TechnologiesIoT Technologies
    Channel Sounding
    Energy Harvesting
    LPWAN
    Machine Learning
    Security
    Non-WirelessNon-Wireless
    MCUs
    Sensors
    Interface
    Power Management
    ServicesServices
    Custom Part Manufacturing
    Developer Services
    Long Term SDK Support
  • ⟵ Back
    Applications
    Smart HomeSmart Home
    Appliances
    Entertainment Devices
    IoT Gateways
    LED Lighting
    Security Cameras
    Sensors
    Smart Locks
    Switches
    Industrial IoTIndustrial IoT
    Access Control
    Battery-Powered Tools
    Circuit Breakers
    Commercial Lighting
    Electric Submetering
    Factory Automation
    Human Machine Interface
    Predictive Maintenance
    Smart HVAC
    Smart CitiesSmart Cities
    Battery Storage
    EV Charging Stations
    Smart Agriculture
    Smart Buildings
    Smart Metering
    Smart Solar PV System
    Street Lighting
    Smart RetailSmart Retail
    Commercial Lighting
    Direction Finding
    Electronic Shelf Labels
    Loss Prevention
    Wi-Fi Access Points
    Connected HealthConnected Health
    Portable Medical Devices
    Smart Hospitals
    Smart Wearable Devices
  • ⟵ Back
    Developer Tools
    Simplicity Studio 5
    Fast track IoT development
    Developer ToolsDeveloper Tools
    Software Documentation
    Release Notes
    Github
    Technical Library
    Simplicity Studio
    Mobile Apps
    Software Development Kits
    Hardware Development Kits
    Gateways
    RTOS
    Developer JourneysDeveloper Journeys
    AI/ML
    Amazon Sidewalk
    Bluetooth
    Bluetooth Mesh
    Google Home
    Matter
    Wi-Fi
  • ⟵ Back
    Resources
    DocumentationDocumentation
    Blog
    Case Studies
    Software Documentation
    Whitepapers
    Technical Library
    TrainingTraining
    Tech Talks 2025 Series
    Works With 2024 On-Demand
    Webinars
    Curriculum
    Full Training Library
    SupportSupport
    Community
    Submit a Ticket
    Quality and Packaging
    How to Buy
    Report a Security Issue
    Contact Us
    PartnersPartners
    Partner Network
    Channel & Distribution
    Ecosystem Partners
  • ⟵ Back
    Company
    About UsAbout Us
    Board of Directors
    Community Commitment
    Diversity, Equity and Inclusion
    Environmental, Social and Governance
    Management Team
    SustainabilitySustainability
    Environmental
    Supply Chain
    Quality
    News & EventsNews & Events
    Blog
    Press Room
    Events
    Investor RelationsInvestor Relations
    Annual Report and Proxies
    Board of Directors
    Financial Reports
    SEC Filings
    CareersCareers
    Careers
    Hyderabad Office
    Contact Us
English
  • English
  • 简体中文
  • 日本語
Ask AI
AskAI
Ask AI
//
IoT Security // Penetration Testing

IoT security requires a multi-layer approach to security through vulnerability discovery and threat hunting.

When customers conceptualize and design their IoT products, they should be aware that there are now emerging obligations necessitating the delivery of end-to-end fully secure IoT solutions. Depending on the market and target application space, these may include:

 

  • New regulatory compliance requirements for IoT
    • Cyber Shield Act
    • IoT Improvement Act
    • Executive Order on Improving the Nation’s Cybersecurity MAY 12, 2021
    • U.K. IoT Code of Practice
  • Data privacy regulations impacting data handled by IoT devices, networks, infrastructure and applications
    • California Consumer Privacy Act CCPA, SB-327
    • General Data Protection Regulation GDPR, EU law on data protection and privacy in the European Union
    • Health Information Privacy HIPAA
  • Industry standards and best practices affecting the design and implementation security requirements
    • NISTIR 8259 Core Cybersecurity Feature Baseline for Securable IoT Devices
    • ETSI Technical Spec TS 103 645 & ENISA European Standard 303 645 – Cyber Security for Consumer Internet of Things
    • NIST SP-800 and NIST SP-1800 publications
    • ISO/IEC 27000 series of information security standards
    • OWASP Embedded Application Security
  • Product security certifications
    • ioXt Aliance device certification profiles
    • ARM PSA (Levels 1, 2 & 3)
    • FDA approved medical devices (e.g. DTSec SESIP)
    • FIPS 140-3, through the Cryptographic Module Validation Program (CMVP)
    • UL’s IoT Security Rating


This list is merely the tip of the iceberg when it comes to IoT end-to-end security requirements.  In addition to the above, customers also have to address the actual and material cybersecurity threats against their products as evident from the increasing volume, frequency, and severity of security incidents and attacks resulting in compromised devices, stolen/lost data, and disrupted applications and critical systems in many publicized incidents of IoT security breaches.

Given the level of complexity and expertise in security that is required to begin tackling these requirements, how do you get started?

The first step is to perform security assessments and survey the threat landscape to get an increasingly more clear and coherent picture of the risks and vulnerabilities impacting the customer IoT products at every level. Indeed, the first step is to assess and uncover the specific threats using threat modeling and hands-on penetration (pen) testing. The threat assessment and vulnerability testing should ideally be performed not just at the device level but should also include the network layer (e.g., wireless mesh networks, RF protocols, and mobile device connectivity). It should also cover any security and controls that exist in the customer’s cloud, data, and application layer and should also cover privacy issues surrounding machine learning, data management, analytics, and automation. The test should be holistic and specialized to ensure the customer fully understands the scope and details of security requirements they need to address as part of their design, production, and device life-cycle process implementation.

IBM X-Force Red provides the subject matter experts as well as pen testers that can work with our customers to do exactly what is described above. Starting with a focused threat modeling workshop, they can explore the specific regulatory needs, privacy concerns, standards, and certification requirements. They can also discuss the specific threat models and scenarios the customer should be considering and designing mitigation for. Following this workshop, the customer will be provided a high-level action roadmap that may include additional activities such as specific pen testing on some or all the above areas mentioned. Customers can then work directly with IBM to perform the assessments and get more details. Also, customers can use the outputs of these assessment activities to inform them about the ways in which they should utilize our product security features, Secure Vault, and CPMS as well as other capabilities in IoT security that will be offerred going forward.

Click here to visit our IBM’s Technology Partner Page 

Silicon Labs

Stay Connected With Us

Plug into the latest on Silicon Labs products, including product releases and resources, documentation updates, PCN notifications, upcoming events, and more.
  • About Us
  • Careers
  • Community
  • Contact Us
  • Cookies
  • Corporate Responsibility
  • Investor Relations
  • Press Room
  • Privacy and Terms
  • Site Feedback
Copyright © Silicon Laboratories. All rights reserved.

Your File Will Start Downloading Shortly

Thank you for downloading .

If you have any issues downloading, please contact sales support or product technical support.

Close
Loading Results
Close

Please select at least one column.

STAGING-PUB1