Review on IoT Cybersecurity Standards: Design security tests for IoT devices based on the ETSI framework standards

Achieving the security in IoT is one of the biggest challenges since these devices frequently perform a series of collect, exchange, process, and react to data tasks. Thus the impact of IoT failures can be serious. IoT security is the practices to keep our system safe by protecting from breaches and threats, identify and monitor the risks and observe the vulnerabilities in the system to fix and avoid them. The main goal of IoT security is to ensure data privacy, con- fidentiality, ensure the security of the users, infrastructures and all IoT system components and guarantee the availability and integrity of our IoT ecosystem and the services offered by it. Recently, many widely organizations have issued IoT Security guide best practices and ‘baseline’ or ‘core’ requirements for IoT devices security. In this thesis we will analyze and review the main IoT security regulations and standards which have been published by for- mal standardisation organisations to date. First we will have a comparison between some of the IoT security standards in EU and US and we will discuss the role of the interest alliances and industry associations in contributing to these standards, and we will do a summarizing and critical analysis of these requirements. Then we will create a test card for IoT products stating that if the IoT product is compliant with the chosen standard, we will discuss how the security requirements and standards can be technically implemented on an actual IoT product. Finally we will address the challenges in creating a harmonized security standards for all IoT devices and the difficulties that will face both the manufactures and the standard organizations.