The Cyber Secure Challenge

As connected products and devices are becoming mainstay technologies in our daily lives, cyber security has quickly become one of the biggest threats to our society. The risks posed by cyber attacks launched by criminals and other parties with malicious intent extend from disruption of critical infrastructure operations and services to the manipulation and outright theft of financial assets, to the release of sensitive personal and confidential information. Today, no one is beyond the reach of a potential cyber catastrophe.

Regulators and industry are actively working to stem this growing threat by developing standards, protocols and best practices to help defend against cyber attacks.  In the interim, developers of connecting technologies and equipment must work proactively to assess the risks unique to their products and to implement robust designs and safeguards that can help mitigate the potential risk of current and future threats.

Although cyber threats vary in their design and intent, there are several elements that are fundamental to any effective effort to thwart their impact. These include:

  • Information Technology  Equipment (ITE) and systems that can be quickly and easily updated against new and emerging threats
  • Similarly, connected products and devices that have been designed with security as a foremost consideration
  • A management system that upholds an organization's commitment to the security of its products, its assets and all stakeholders 
  • Employees, suppliers and vendors who are knowledgeable about the potential risks that cyber attacks can present, and how their efforts can help ward off the threat.

How Nemko Can Help

Nemko is at the forefront of efforts to assist developers of ITE and connected technologies to address cyber security risks. Our cyber security offerings include:

  • Evaluation and Testing of IoT Systems and Devices—Most systems and devices that operate on the Internet of Things (IoT) provide little protection against unprovoked hacking and interference. Nemko offers testing of IoT systems and devices in accordance with the requirements of the standard, ETSI/EN 303 645. For more information, click here.
  • Common Criteria Evaluation and Certification—Common Criteria security evaluation and certification is among the most widely used IT security certification schemes available and is recognized by regulatory authorities worldwide. Systemsikkerhet, a Nemko company, is accredited to conduct Common Criteria evaluation and certification services in compliance with IEC/ISO 17025. For more information, click here.
  • Guidance and Consultancy Support—For makers and distributors of ITE products and services not requiring formal certification, Nemko provides comprehensive advisory and guidance in identifying and evaluating cyber security considerations. We also offer organizations comprehensive training for key personnel on cyber security issues and risks. For more information, click here.
  • ISO/IEC 27001, Information Security Management Systems Certification—Certification to the requirements of ISO/IEC 27001, "Information Security Management," provides assurances regarding an organization's commitment to the security of all types of information assets. Nemko is accredited to conduct audits and issue certifications in accordance with the requirements of this standard. For more information, click here.

The Benefits of Working with Nemko

Your partnership with Nemko can provide your organization with several important advantages in your efforts to address the challenges of today's cyber security landscape. These benefits include:

  • Recognized Cyber Security Expertise—Acquired by Nemko in 2020, Systemsikkerhet is Norway's very first information security consultancy and is one of four information security testing laboratories recognized by the Norwegian National Security Authority.
  • Active Involvement in Standards Development and Implementation—Nemko technical professionals are active participants in efforts to develop state-of-the-art cyber security standards and protocols and are knowledgeable about new and emerging requirements that can help to improve security.
  • Single Source Solution—With its combined expertise in cyber security, product safety, Radio/Telecom and electromagnetic compatibility (EMC), Nemko represents a robust single source for manufacturers seeking comprehensive testing and certification services for their IT systems and devices.
  • Global Support—With nearly 30 locations on six continents around the world, Nemko is well-positioned to support your efforts to achieve global market access for your products, regardless of your location or target market.   

For more information about how Nemko can help your organization meet current and emerging cyber security challenges, contact us



Research firm Statista estimates that the total installed base of systems and devices connected through the Internet of Things (IoT) will surpass 21 billion units worldwide by 2025. But the growing IoT footprint has also become a prime target for cyber attacks by hackers and criminals. 

ISO/IEC 15408-1:2009, "Information technology – Security techniques – Evaluation criteria for IT security – Part 1: Introduction and general model," provides an internationally-accepted framework for evaluating the security of information technology equipment (ITE) Also widely known as the "Common Criteria," the standard details commonly accepted criteria for the design, development and evaluation of IT equipment with regard to cyber security considerations. 

Navigating today's dynamic and ever-changing cyber threat landscape is a challenge, even for the most technically knowledgeable organizations. New cyber threats emerge every day, and few organizations have the requisite expertise or resources to assess the potential risk of each threat and take the steps necessary to secure their products and systems. 

ISO/IEC 27001:2017 is the information security management system standard designed to specify the requirements for the implementation of security controls within an individual organization. It also covers physical control and IT security issues.

All development follows the same steps, design – production– testing.
And for connected IT products, the testing part includes penetration testing, also known as pen-testing, where the system is scanned for known vulnerabilities as well as exposed to more sophisticated «attacks».