ETSI releases IoT security standard
The European Telecommunications Standardisation Institute (ETSI) has released their initial standard for securing IoT devices. The document titled ‘Technical specification - Cyber Security for Consumer Internet of Things’ (ETSI TS 103 645), states that its objective is, “...to support all parties involved in the development and manufacturing of consumer IoT with guidance on securing their products.”
IoT Security and a 'cybersecurity certification framework'
With the growing use of IoT-based solutions, some IoT vendors appear to favour usability over IT security. The question for security specialists is therefore what the correct level of acceptable risk should be. This document contains helpful recommendations to guide businesses towards establishing a more secure implementation of their IoT services and devices.
Although it is not a European Standard (EN) level specification yet, it is likely that a European standard specification in the IoT Security area will be developed based on this document. As stated in the document, it ‘can also help organizations implement a future EU common cybersecurity certification framework’, which was proposed in the Cybersecurity Act in December last year and as proposed in the IoT Cybersecurity Improvement Act in the United States.