In a recent interview with SafetyDetectives, Roland Atoui, founder of Red Alert Labs (RAL), shared insights into the company’s mission and innovations in IoT cybersecurity. Established in 2017, RAL focuses on building trust in connected devices through consultation, evaluation, and certification services. Atoui highlighted CyberPass, their unique certification platform, which sets new standards in managing cybersecurity risks for IoT products. He also discussed the importance of “Security by Design” and the role of AI and machine learning in enhancing IoT security, offering practical advice for startups to secure their products efficiently.
Can you introduce Red Alert Labs and explain the core mission of your company?
In order to tackle the cybersecurity issues of the Internet of Things (IoT) era, I established the creative French startup Red Alert Labs (RAL) in 2017. Building confidence in connected devices is RAL’s primary goal, and it does this by offering cybersecurity consultation, evaluation, and certification services and an associated SaaS platform. By providing impartial and cutting-edge laboratory services that assist businesses in creating their own cyber threat prevention plans, RAL became the industry’s most reliable partner in IoT cybersecurity. RAL actively participates in the development of cybersecurity certification programs in coordination with European and national cybersecurity organizations. The business also makes investments in R&D and innovation to produce cutting-edge instruments, strategies, and processes for successfully tackling IoT cybersecurity issues.
CyberPass is heralded as the first worldwide product security certification platform. Can you explain what sets it apart from other security solutions?
CyberPass stands out due to its distinct method of evaluating and controlling the cybersecurity compliance risks associated with devices connected to third parties. CyberPass provides accredited evaluations and practical improvement plans that are in line with the main international and EU cybersecurity standards, in contrast to other platforms. It encourages direct communication between suppliers and manufacturers and results in an esteemed certification that is akin to a “ISO certification” for Internet of Things cybersecurity. The platform’s user-friendly architecture makes it simple to include into the procurement process, allowing providers to raise their marketability and cybersecurity maturity level. Furthermore, CyberPass’s revenue strategy, which combines certification services with subscription fees to guarantee financial sustainability, establishes the company as a trailblazer in the development of new IoT security standards.
What are the most common vulnerabilities you find in IoT products today, and how can manufacturers address these issues early in the design phase?
The most common flaws in IoT devices are weak or default passwords, unencrypted data transmission, insecure interfaces, and infrequent software upgrades. By employing a “Security by Design” methodology, manufacturers can tackle these issues at an early stage of the design process. This means building robust cybersecurity protections in from the start, such making sure each device has a unique, strong password, encrypting data in transit and at rest, limiting access to device interfaces, and putting secure authentication techniques in place. It also entails scheduling routine software patches and upgrades to fix vulnerabilities as they are found.
For example, the recent 2022 Verkada breach emphasizes the crucial requirement for strong, unique passwords and robust authentication procedures. Because of weak default passwords and lax security measures, hackers were able to view live footage from 150,000 security cameras. Comparably, a Palo Alto Networks analysis from 2023 discovered that 98% of IoT device traffic is not encrypted, leaving private information vulnerable to theft and interception.
The danger of security breaches can be considerably decreased by implementing these security measures at the beginning of the design process. Manufacturers might refer to standards such as the ETSI EN 303 645 standard, which offers recommendations for data protection, vulnerability reporting, and password management on consumer IoT devices. They could also implement secure automated onboarding mechanisms for their industrial IoT devices following the FIDO Device Onboarding standard. CyberPass and other automated solutions can assist manufacturers in monitoring and evaluating their adherence to these criteria, guaranteeing the security of their products from the start.
By considering these aspects during the initial design phase, manufacturers can build more secure IoT products and protect their users from potential cyber threats. This proactive approach not only enhances the security of the devices but also builds consumer trust and meets regulatory requirements.
The concept of “Security by Design” is crucial for IoT. Can you provide insights into how companies can embed this principle from the outset?
In order to guarantee that security is incorporated into the product development process from the beginning, integrating “Security by Design” requires a number of crucial measures. To find potential security threats and weaknesses early on, a thorough risk assessment is the first step. By taking a proactive stance, developers can resolve problems before they become serious. The design specs should then include security elements like encryption, secure boot procedures, and access control techniques. This guarantees that the product has strong protections against data breaches and unauthorized access.
It is also essential to develop a cybersecurity culture within the company. In their workflows, all team members—from engineers to management—must give security first priority. Regular training and unambiguous communication about the significance of cybersecurity can help achieve this. Furthermore, the firm can stay current on security standards and best practices by working with outside experts and cybersecurity organizations. This partnership may yield insightful information and resources that improve the product’s security.
It is crucial to regularly verify and validate the security of the product through stringent evaluations and certifications. These tests make that the product is capable of withstanding potential cyber threats and complies with strict security requirements. Businesses may guarantee that security is taken into account early in the product development process and produce more resilient and secure products by implementing these measures. By including these procedures into the development lifecycle, you can show stakeholders and customers that you are committed to security while also protecting the product.
How do you see the role of artificial intelligence and machine learning evolving in the field of IoT security?
IoT security is expected to be greatly improved by AI and ML in a number of ways. These technologies enable faster responses to assaults by detecting possible threats in real-time by analyzing massive volumes of data to find unexpected patterns. AI-driven solutions can help expedite mitigation efforts by automating reactions to specific security issues, which eliminates the need for manual intervention. Furthermore, by evaluating past data, ML algorithms may forecast possible vulnerabilities and attack vectors, allowing businesses to proactively address security flaws. By adding behavioral analysis and biometric data, AI can enhance authentication systems and make it harder for attackers to get illegal access.
Furthermore, as demonstrated by technologies like as CyberPass, artificial intelligence is essential in automating cybersecurity compliance. IoT devices can be continuously monitored by AI-driven compliance solutions to make sure they adhere to the most recent cybersecurity standards and laws. These platforms automatically identify risks, put in place the required security measures, and confirm compliance—all while using artificial intelligence (AI) to speed the assessment and certification processes. By doing this, the time and effort needed for manual compliance checks are decreased, and the assessments’ correctness and dependability are improved. Businesses can keep ahead of emerging cyberthreats, uphold a high standard of cybersecurity compliance, and cultivate customer trust by utilizing AI. In general, more dynamic and adaptable defenses against changing cyber threats will be made possible by the incorporation of AI and ML into IoT security frameworks.
What advice would you give to startups and smaller companies regarding securing their IoT products on a limited budget?
Start-ups and smaller businesses can protect their IoT goods in a number of ways that are affordable, starting with automated solutions like CyberPass and reliable baseline standards like the ETSI EN 303 645. First, start the product development process with a focus on security and invest in fundamental security mechanisms like safe authentication, encryption, and strong passwords. Make use of affordable and extensively supported open-source security frameworks and solutions within the cybersecurity community. To make sure that the most important safeguards are in place, prioritize the implementation of the security measures that are most important for your product.
Even in cases where comprehensive evaluations are not practical, work together with cybersecurity specialists and certification authorities to acquire knowledge and direction on optimal procedures. To make sure that your security procedures are still applicable and efficient, keep up with the most recent developments in cybersecurity trends and threats. To reduce mistakes made by team members and insider threats, make sure everyone is knowledgeable about fundamental cybersecurity concepts and procedures. Startups and smaller businesses can affordably establish a robust security foundation for their IoT products by utilizing automated tools and standards in conjunction with these processes.