Data protection is very important at VDE
Glebstock / stock.adobe.com
2018-08-15 681 0

Information Security/Cyber Security – Testing and Certification at the VDE Institute

Information is highly valuable for companies, authorities and private persons and must therefore be reasonably protected. Handling this information in a trustworthy manner and protecting it are the fundamental goals of information security. The VDE Institute helps you achieve these goals.

Contact

Dr. Siegfried Pongratz
Links

Information security, IT security or cyber security?

Information security is protecting sensitive information from loss and manipulation
bluebay2014 / Fotolia

Personal and sensitive data can be saved both on paper, computers or even in minds. Information security primarily deals with protecting and processing electronically saved information. Information security is also the state in which the confidentiality, integrity and availability of information and information technology are protected by reasonable measures.

The term information security is more comprehensive than IT security and therefore sees increased use. However, the term “IT Security” continues to be used in some publications like “IT Baseline Protection” (IT Sicherheit). Nevertheless, different texts and the standardization are becoming increasingly more tailored to examining information security. Cyber security, cybersecurity, IT safety or information security are terms that are also used very frequently, mainly when companies operate at an international level.

Protecting against cyber attacks with VDE certification

Guaranteed data protection thanks to VDE tests and certifications
Creativa Images / Fotolia

The expansion of digitization and the accompanying progress of intelligent networking in one’s own home as well as in industry have seen an increased risk in data theft and manipulation. Many cases show how easy it is for hackers to penetrate smart homes and management systems.

In addition to implementing uniform testing standards and the interoperability of systems and technologies, the VDE Institute’s tasks include testing and certifying security in the field of data protection, cyber security, and functional safety. Interoperability guarantees communication between different manufacturers, devices and technologies. The BSI Common Criteria security standard and the BSI IT Baseline Protection (IT-Grundschutz) serve as a foundation for our VDE testing regulation. These standards were fleshed out for the requirements of smart home solutions and expanded with data protection aspects. As such, the tests can be used for the entire smart home field, e.g. for energy, comfort, multimedia, security or AAL.

The testing of information security is divided into the following areas:

  • Testing the devices (communication devices and gateways)
  • Testing the backend and cloud systems
  • Testing the apps for smartphones and tablets
  • Security software systems (for a secure electronic identity for authentication purposes)

During these processes, the security goals for cyber security in the product, system design and in the implementation undergo testing.  User documentation and the technical aspects of privacy are part of the testing.

Security goals include the following:

  • Protecting communication from eavesdropping and manipulation
  • Protecting the systems from unauthorized infiltration,
    -Unauthorized use, manipulation
    -And data loss
  • Protecting personal data
  • Protected security updates for the system

We protect your smart home products from cyber attacks by using ultra-modern technology

Smart Home products protected from hacker attacks
iconimage / Fotolia

The information security test

1. Confirmation of the basic implementation of an IT security concept.
2. Confirmation of the effective implementation of IT security.
3. Confirmation of the completeness of IT security documentation.

Testing data protection

1. Identifying the importance of data protection
2. Testing data protection in accordance with
3. European Guidelines (DGPR General Data Protection Regulation)

Functional safety for the connected home

Are there further hazards due to the system’s additional communication capabilities?

Functional safety according to DIN EN 61508-4:2011 and functional safety in product standards (e.g. household devices) provide information about it. We also help you with this challenge in order to complete the security examination. Learn more about our services in functional safety.

What separates functional safety from information security?

The VDE Institute tests and certifies functional safety
Ryan McVay / Photodisc

Functional safety is using automated technology to ensure that no device or system poses a hazard to people or the environment. This type of safety is to some extent tailored “from the device to the outside”.

Information security deals with fending off hazards that affect the system from the outside. It relates to matters such as malware or unauthorized system access. In both cases, system functionality may be affected or it can even be made to do nothing or do something improperly.

As such, the connection between both topics has been established: If, for instance, the examined system is a safety-related control system or a field device in safety equipment, then anything that affects its functionality simultaneously affects its (functional) safety.

Protect your smart factory with VDE certification

In the office IT and operations OT areas, we test the interfaces between machines, management, office systems and to the internet. While doing so, it is irrelevant if the network is only operated inside a factory or if external communications partners such as branch offices are connected to this network over the internet. Testing also includes assessing the risk analysis related to information security as per IEC 62443. After a successful test, the network operator receives the VDE Certificate for information security.

The tested network is classified using a four-level scale. According to the existing IEC 62443 outlines, the use and certainty with which the attack is expected is described using this scale; they are called security levels (SL).

  • Security Level 1: Protection against undesired, casual violation.
  • Security Level 2: Protection against intentional violation using simple means with low resources, generic skills and low motivation.
  • Security Level 3: Protection against intentional violation using sophisticated means with moderate resources, IACS-specific skills and moderate motivation.
  • Security Level 4: Protection against intentional violation using sophisticated means with extended resources, IACS-specific skills and high motivation.

We offer the following VDE certificates in information security, among others:

You may also be interested in this