The ETSI Technical Committee on Cybersecurity has recently unveiled a new standard, ETSI EN 303 645 (EN) for cybersecurity in the Internet of Things (IoT).
As more devices in the home connect to the internet, the cybersecurity of the IoT has become a growing concern. The EN is designed to prevent large-scale, prevalent attacks against smart devices that cybersecurity experts see every day.
Compliance with the standard will restrict the ability of attackers to control devices across the globe – known as botnets – to launch DDoS attacks, mine cryptocurrency and spy on users in their own homes. By preventing these attacks, the EN represents a huge uplift in baseline security and privacy.
The EN specifies 13 provisions for the security of Internet-connected consumer devices and their associated services. IoT products in scope include connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g. washing machines, fridges) and smart home assistants. The EN also includes 5 specific data protection provisions for consumer IoT.
The EN is a cohesive standard that presents an achievable, single target for manufacturers and IoT stakeholders to attain. Many organizations have already based their products and certification schemes around the EN and its predecessor TS. It demonstrates how one standard can underpin many assurance schemes and provide flexibility in certification – whilst maintaining world-leading security.