Eseye has become the first IoT connectivity provider to earn IASME certification to assist with PSTI compliance.

The UK company, a specialist in integrated cellular IoT connectivity and an accredited IASME partner, has highlighted the implications of the recent Product Security & Telecommunications Infrastructure (PSTI) Act and regulations, which came into force at the end of April 2024.

Eseye is the first IoT connectivity provider to be accredited as a certifying body on IASME’s IoT cyber-assurance scheme. The act will impose significant compliance costs and potential market disruptions for tech manufacturers, requiring their immediate action. Yet, despite the initial difficulties, it is important these regulations enhance IoT security and device connectivity, driving long-term benefits for businesses.

The PSTI Act mandates stringent security measures to protect consumer-connectable devices, aiming to bolster the UK’s defences against cyber attacks and enhance individual privacy. While this legislation may mean adapting development processes to embed enhanced security features from the outset, this shift could significantly delay product launches and escalate costs for businesses. However, it does present an opportunity for tech manufacturers to enhance their products’ security and gain a competitive edge.

The act now covers a wide array of internet-connected smart devices used in everyday life, including consumer electronics such as TVs, home security systems and smart-home appliances.

This legislation not only compels all tech manufacturers to adhere to strict security protocols but will bring benefits to both providers and end users. Not only will the shift enhance the safety of device data, but will safeguard user privacy, including the eradication of generic default passwords often provided with a new device. Each device must have a unique password or require users to set a new, secure one during setup, ensuring a higher level of end user security.

At the same time, manufacturers must implement secure methods for software updates and be transparent in their communication regarding length of time for which security support is provided for each device. This includes specifying an accurate timeline for such updates. This commitment will not only strengthen the security of all devices but also build greater consumer trust in IoT technologies, providing protection against cyber-security threats, meaning users can confidently use their devices without fear of data breaches or privacy invasions.

The act will require realignments of development processes to incorporate these security features, which will impact product design and market release timing. Users can expect better communications from manufacturers about how to report product security problems. While these changes pose significant time and cost difficulties to providers, they ultimately lead to more secure and reliable consumer technology products, which is a boon for manufacturers and end users.

As an IASME accredited partner, Eseye is at the forefront, providing a reassuring hand to manufacturers in navigating these changes:

• Secure boot processes and vulnerability management: Eseye offers testing and consultancy to ensure devices comply with Etsi standards.
• Complex password requirements implementation: Eseye aids businesses in setting up robust password protocols to enhance device security immediately.

“Eseye has consistently prioritised security in our IoT options, and the PSTI Act’s emphasis on security by design aligns seamlessly with our ethos,” said Nick Earle, CEO of Eseye. “We are committed to aiding our customers through this transition, ensuring they meet the new rigorous standards effectively.”

IASME (iasme.co.uk) is a cyber-security certification company that works with a network of more than 900 cyber-security experts to help organisations of all sizes improve and demonstrate their cyber security.

The IASME IoT Cyber Scheme provides manufacturers with support to improve the security of their connected devices and then certify their achievement. Certification demonstrates compliance with UK legislation and a commitment to best-practice security.

“Eseye’s commitment to these standards not only demonstrates our leadership in IoT security but also reinforces our dedication to supporting our customers’ needs in this evolving digital landscape,” said Eseye’s technical and PSTI lead consultant Kamran Jehangir. “Eseye is a trusted IASME partner, so our cyber-security professionals can ensure your device is PSTI compliant and meets the Etsi standard. Coupled with our ISO 27001 compliance accreditation, we have a strong commitment to adhering to these robust cyber-security standards.”

Eseye’s deep IoT security expertise positions the company to help businesses adapt to the PSTI Act’s requirements. By offering support from product conception through deployment, Eseye (www.eseye.com) can help its partners achieve and demonstrate compliance.

For information on how Esey can help with PSTI, visit www.eseye.com/resources/whitepapers/navigating-the-psti-act.