A new standard for cybersecurity in the Internet of Things (IoT) has been unveiled today by the ETSI Technical Committee on Cybersecurity. It establishes a security baseline for internet-connected consumer products and for future IoT certification schemes. It is hoped the standard, titled ETSI EN 303 645, will help prevent large-scale, prevalent attacks taking place against smart devices.
Developed in collaboration with industry, academics and government, the standard aims to restrict the ability of cyber-criminals to control devices across the globe and launch DDoS attacks, mine cryptocurrency and spy on users in their own homes. This has become a major concern for the cybersecurity industry due to the growing prevalence of smart devices in households, many of which have security weaknesses.
Earlier this month, for example, an investigation by Which? found that 3.5 million wireless indoor security cameras across the world potentially have critical security flaws that make them vulnerable to hacking.
ETSI EN 303 645 outlines 13 provisions for the security of a wide range of IoT consumer devices and their associated services. These include children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances and smart home assistants.
Five specific data protection provisions for consumer IoT are also set out in the standard.
Mahmoud Ghaddar, CISO Standardization, commented: “Ensuring a better level of security in the IoT ecosystem can only be achieved if governments, industry and consumers collaborate on a common and reachable goal, and standardization bodies like ETSI have provided the right platform to achieve it for this standard.”
A number of manufacturers and IoT stakeholders have already developed products and certification schemes according to ETSI EN 303 645. Juhani Eronen, chief specialist at Traficom, added: “To date we have awarded the labels to several products including fitness watches, home automation devices and smart hubs. Being involved in the development of the ETSI standard from the start helped us a lot in building up our certification scheme. Feedback from companies and hackers has been very positive so far.”