SESIP embraced as European IoT security evaluation standard

Ryan Daws is a senior editor at TechForge Media with over a decade of experience in crafting compelling narratives and making complex topics accessible. His articles and interviews with industry leaders have earned him recognition as a key influencer by organisations like Onalytica. Under his leadership, publications have been praised by analyst firms such as Forrester for their excellence and performance. Connect with him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)


GlobalPlatform’s Security Evaluation Standard for IoT Platforms (SESIP) has been embraced as the foundation for a European Standard (EN). 

This milestone decision aims to streamline the IoT ecosystem’s approach to regulatory challenges and facilitate a comprehensive understanding, deployment, and explanation of security measures.

“This is all about raising the bar for IoT security,” commented Eve Atallah, the chair of GlobalPlatform’s SESIP sub-task force.

Atallah highlighted the complex scenario faced by device manufacturers and non-security experts due to the many national and regional regulations that have emerged in recent years.

The SESIP methodology offers a standardised framework for evaluating IoT security implementations, specifically tailored to address the unique requirements and challenges posed by the evolving IoT ecosystem.

The World Economic Forum has reported a 358 percent increase in cybersecurity threats in recent years, outpacing societies’ ability to prevent or respond to them effectively. 

The adoption of SESIP as a European Standard helps to address this pressing issue, providing a unified reference point for assessing IoT cybersecurity in alignment with various regulatory and industry requirements—including those outlined by leading organisations such as ENISA, ETSI, IEC, and NIST.

One of the notable advantages of SESIP is its support for the composition and reuse of certificates. This innovative feature enables previously certified components to be utilised in building devices with embedded security assurances, eliminating the need for a complete reevaluation of the same component in different markets. This not only enhances efficiency but also promotes innovation and cost-savings across the certification process.

The impact of SESIP’s adoption extends globally, with both national and private certification bodies developing schemes based on this methodology. For instance, Taiwan’s Institute for Information & Industry is assessing the SESIP methodology; demonstrating its international recognition and applicability.

“CEN and CENELEC, as two of the officially recognised European Standardization Organisations (ESOs), have a strong commitment to making the digital transition in Europe a reality, working together with all relevant stakeholders to ensure that new technologies are safe, trustworthy and beneficial for all,” said Cinzia Missiroli, Director for Standardization and Digital Solution at CENELEC.

“In this context, our collaboration with GlobalPlatform is key. The work on the European standard based on their SESIP methodology is a good example of what can be achieved in working together for an inclusive and safe digital society for Europe.”

By providing a centralised and standardised approach to cybersecurity evaluations, SESIP addresses the challenges posed by regulatory fragmentation, complexity, and escalating cybersecurity threats.

(Photo by Sara Kurfeß on Unsplash)

Want to learn about the IoT from industry leaders? Check out IoT Tech Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with Cyber Security & Cloud Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *