To address the concern over the rising number of devices at home being connected to the Internet, the European Telecommunications Standards Institute (ETSI) launched a new cybersecurity standard (ETSI EN 303 645) to establish a security baseline. From large scale to prevalent attacks, this cybersecurity standard for Internet of Things (IoT) devices is an attempt to cover them all with 13 new provisions.
The Cybersecurity Standard for IoT Devices
Work from home has seen a major shift in the number of home devices connected to the internet. This has challenged the very fabric of traditional cybersecurity measures as they often do not cover the home periphery. To address these issues, ETSI sought help from industry experts, academics and the government to define a standard that aims to restrict the ability of cybercriminals to control devices across the globe.
ETSI EN 303 645 includes the security of a wide range of IoT consumer devices and their associated services, including:
- Connected children’s toys and baby monitors
- Connected home safety products such as smoke detectors and window sensors
- Smart cameras, TVs, and speakers
- Wearable health trackers
- Connected home automation and alarm systems
- Connected appliances such as washing machines, and fridges
- Smart home assistants
13 cybersecurity measures for consumer IoT devices listed under this standard:
- No universal default passwords
- Implement a means to manage reports of vulnerabilities
- Keep software updated
- Securely store sensitive security parameters
- Communicate securely
- Minimize exposed attack surfaces
- Ensure software integrity
- Ensure that personal data is secure
- Make systems resilient to outages
- Examine system telemetry data
- Make it easy for users to delete user data
- Make installation and maintenance of devices easy
- Validate input data
It is a known fact that many IoT devices store and process users’ personal data. IoT manufacturers are expected to provide security features to these devices for the protection of such personal user data. Apart from these 13 new cybersecurity measures and already defined GDPR compliance policies for data protection, the ETSI EN 303 645 standard provides five specific data protection provisions for consumer IoT devices.
IoT Devices to Dominate the Market
Earlier, research by Transforma Insights revealed that the number of active IoT devices globally is expected to grow from 7.6 billion in 2019 to 24.1 billion in 2030, thereby generating revenue of more than $1.5 trillion, at 11% CAGR. The findings also stated that North America, China, and Europe are expected to have a lion’s share in this growth of IoT devices with 26%, 24%, and 23% respectively of the total value.
