The ETSI Technical Committee on Cybersecurity (TC CYBER) unveiled ETSI EN 303 645, a standard for cybersecurity in the Internet of Things that establishes a security baseline for internet-connected consumer products and provides a basis for future IoT certification schemes. Based on the ETSI specification TS 103 645, EN 303 645 went through National Standards Organization comments and voting, engaging even more stakeholders in its development and ultimately strengthening the resulting standard. The EN is a result of collaboration and expertise from industry, academics and government.
ETSI EN 303 645 specifies 13 provisions for the security of Internet-connected consumer devices and their associated services. IoT products in scope include connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g. washing machines, fridges) and smart home assistants. The EN also includes 5 specific data protection provisions for consumer IoT.
The ETSI virtual Security Week 2020, that took place from 8 June to 23 June, successfully closed with a record audience of more than 4000 viewers joining from over 50 countries. Speakers and moderators comprised a variety of stakeholders ranging from global telco operators, vendors and academia to security organizations and other standards bodies.
The 14 webinars focused four key topics around cybersecurity: how to deploy 5G securely in different market sectors, the Cybersecurity Act and the future European Standard developed by ETSI on security for IoT consumer devices, insights into the new Smart Secure Platform, as well as its requirements and impact on the ecosystem and advanced cryptography with quantum-safe cryptography, the technical evolution of the TETRA standard and fully homomorphic encryption.
Presentations displayed a good balance between high level and technical topics and the content provision and led to high interaction with very dynamic and challenging Q&A and panel sessions.
Please click here to access all recorded presentations. You can also download the PDF slide sets.
ETSI has released its 2020-2021 work programme. In ETSI we are constantly exploring new ways to make the development of standards faster and more efficient. Our FORGE platform, for example, gives developers free access to open-source code produced by our members. And as we have already seen this year, the need for effective virtual collaboration between individuals and teams has never been keener.
At the start of 2020 we had little idea just how abruptly our own operational processes would shift. The devastating societal impact of the coronavirus has imposed profound challenges on every organization. As our own modus operandi evolves, so does the scope of ETSI’s standardization activities.
This Work Programme highlights some of the technical areas attracting the attention of our members with new groups created, including new networking protocols (Non-IP networking), 5th generation fixed networks and the security of Artificial Intelligence-based systems. To help tackle the pandemic, we launched E4P, Europe for Privacy-Preserving Pandemic Protection, an Industry Specification Group initiated to develop specifications that will ensure the interoperability of Covid-19 tracing applications throughout Europe.
The ETSI Technical Committee on Cybersecurity (TC CYBER) unveiled ETSI EN 303 645, a standard for cybersecurity in the Internet of Things that establishes a security baseline for internet-connected consumer products and provides a basis for future IoT certification schemes. Based on the ETSI specification TS 103 645, EN 303 645 went through National Standards Organization comments and voting, engaging even more stakeholders in its development and ultimately strengthening the resulting standard. The EN is a result of collaboration and expertise from industry, academics and government.
ETSI EN 303 645 specifies 13 provisions for the security of Internet-connected consumer devices and their associated services. IoT products in scope include connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g. washing machines, fridges) and smart home assistants. The EN also includes 5 specific data protection provisions for consumer IoT.
In a world increasingly relying on digital technologies and data to function, opportunities go hand in hand with potential risks. For this reason, cybersecurity is at the centre of international efforts, both public and private, to minimise dangers for critical infrastructure and personal data, thus ensuring that the highest number possible of individuals and companies, in all sectors, can benefit from new technologies.
In this context, the standardization community is playing an important role: standards for cybersecurity and data protection are currently being developed both internationally and at the European level to address the risks posed by cyber-attacks and help ensure high levels of protection. As part of this effort, CEN and CENELEC’s JTC 13 ‘Cybersecurity and Data Protection’ just released a series of European Standards (ENs).
The new standards provide a series of guidelines and criteria to assess the security level of IT systems, cryptographic modules and privacy.
- EN ISO/IEC 15408-1:2020 ‘Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model’
- EN ISO/IEC 15408-2:2020 ‘Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional components’
- EN ISO/IEC 15408-3:2020 ‘Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance components’
- EN ISO/IEC 18045:2020 ‘Information technology - Security techniques - Methodology for IT security evaluation’
- EN ISO/IEC 19790:2020 ‘Information technology - Security techniques - Security requirements for cryptographic modules’
- EN ISO/IEC 27019:2020 ‘Information technology - Security techniques - Information security controls for the energy utility industry’
- EN ISO 29134:2020 ‘Information technology - Security techniques - Guidelines for privacy impact assessment’