ETSI Releases Consumer IoT Security Standard

Smart Blog

ETSI Releases Consumer IoT Security Standard

The ETSI Technical Committee on Cybersecurity just unveiled ETSI EN 303 645, a standard for cyber IoT security standard that establishes a security baseline for connected consumer products and provides a basis for future IoT certification schemes. ETSI is a not-for-profit body with more than 900 member organizations worldwide, drawn from 65 countries and five continents. Based on the ETSI specification TS 103 645, EN 303 645 went through National Standards Organization comments and voting, engaging additional stakeholders in its development and ultimately strengthening the resulting standard. The EN is a result of collaboration and expertise from industry, academics and government. It is designed to prevent large-scale, prevalent attacks against smart devices that cybersecurity experts currently see every day. Compliance with the standard will prevent attackers from controlling devices across the globe through, from launching DDoS attacks, from mining cryptocurrency and from spying on users in their own homes. By preventing these attacks, the EN represents an uplift in baseline security and privacy.
The new standard specifies 13 provisions for the security of Internet-connected consumer devices and their associated services. Among the products in scope are connected children’s toys and baby monitors, connected safety-relevant products like smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g. washing machines, fridges) and smart home assistants.

We launched the Finnish IoT label in November 2019; it was a world first and it attracted a lot of global interest,

says Juhani Eronen from Traficom.

Our labels are awarded to networking smart devices that meet certification criteria based on EN 303 645; this help consumers identify IoT devices that are sufficiently secure. To date we have awarded the labels to several products including fitness watches, home automation devices and smart hubs. Being involved in the development of the ETSI standard from the start helped us a lot in building up our certification scheme. Feedback from companies and hackers has been very positive so far,

he adds.

Legrand is pleased to have contributed to the ETSI EN 303 645 standard. It focuses on the product baseline controls addressing the most common security weaknesses in the IoT ecosystem. Ensuring a better level of security in the IoT Ecosystem can only be achieved if Governments, Industry and Consumers collaborate on a common and reachable goal, and standardization bodies like ETSI have provided the right platform to achieve it for this standard,

says Mahmoud Ghaddar, CISO Standardization.
ETSI EN 303 645 is a cohesive standard that presents an achievable, single target for manufacturers and IoT stakeholders to attain. Many organizations have already based their products and certification schemes around the EN and its predecessor TS. It demonstrates how one standard can underpin many assurance schemes and provide flexibility in certification – whilst maintaining world-leading security.
The ETSI Technical Committee CYBER (TC CYBER) continues its work on IoT security, with the development of a test specification and an implementation guide to complement EN 303 645.

Author: Rainer Claaßen
Image Credit: ETSI

Tags: / / /

Leave a Reply

Your email address will not be published. Required fields are marked *