European standards body releases IoT security specifications
ETSI said the new standard establishes a security baseline for internet-connected consumer products
The European Telecommunications Standards Institute (ETSI) has released what it claims to be the first globally-acceptable security standard for consumer IoT devices.
The ETSI Technical Committee on Cybersecurity (TC CYBER) said that the standard establishes a security baseline for internet-connected consumer products and provides a basis for future IoT certification programs.
IoT products covered under the scope of the standard include things such as connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected home appliances or smart home assistants.
“The potential benefits of the IoT will be achieved only if products and services are designed with trust, privacy and security built in, so consumers feel they are secure and safe to use. We are pleased to have contributed to a standard which focuses on the technical and organizational controls that matter most in addressing significant and widespread security-shortcomings. It should be a landmark specification for consumers and industry alike,” said Stephen Russell, secretary-general of ANEC, the organization representing consumers in standardization, and an ETSI member.
The new ETSI specifications require implementers to forgo the use of universal default passwords, which have been the source of many security issues. It also requires implementation of a vulnerability disclosure policy to allow security researchers and others to report security issues, according to ETSI.
“Stakeholders at all levels have worked together to make sure the specification was outcome-focused, rather than prescriptive, giving organizations the flexibility to innovate and implement security solutions appropriate for their products” said Luis Jorge Romero, ETSI’s director general. “We’re really proud to release a standard that was highly needed for consumers and society at large.”