ETSI global standard for consumer IoT security
February 19, 2019
The ETSI Technical Committee on Cybersecurity (TC CYBER) has just released ETSI TS 103 645, a standard for cybersecurity in the Internet of Things, to establish a security baseline for internet-connected consumer products and provide a basis for future IoT certification schemes.
As more devices in the home connect to the internet, the cyber security of the Internet of Things (IoT) is becoming a growing concern. People entrust their personal data to an increasing number of online devices and services. In addition, products and appliances that have traditionally been offline are now becoming connected and need to be designed to withstand cyber threats. Poorly secured products threaten consumer’s privacy and some devices are exploited to launch large-scale DDoS (Distributed Denial of Service) cyber attacks.
ETSI’s new specification, TS 103 645, addresses this issue and specifies high-level provisions for the security of internet-connected consumer devices and their associated services. IoT products in scope include connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g. washing machines, fridges) or smart home assistants.
“The potential benefits of the IoT will be achieved only if products and services are designed with trust, privacy and security built in, so consumers feel they are secure and safe to use. We are pleased to have contributed to a standard which focuses on the technical and organizational controls that matter most in addressing significant and widespread security-shortcomings. It should be a landmark specification for consumers and industry alike” says Stephen Russell, Secretary-General of ANEC, the organisation representing consumers in standardisation, and an ETSI member.