ETSI has released its 2020-2021 work programme. In ETSI we are constantly exploring new ways to make the development of standards faster and more efficient. Our FORGE platform, for example, gives developers free access to open-source code produced by our members. And as we have already seen this year, the need for effective virtual collaboration between individuals and teams has never been keener.
At the start of 2020 we had little idea just how abruptly our own operational processes would shift. The devastating societal impact of the coronavirus has imposed profound challenges on every organization. As our own modus operandi evolves, so does the scope of ETSI’s standardization activities.
This Work Programme highlights some of the technical areas attracting the attention of our members with new groups created, including new networking protocols (Non-IP networking), 5th generation fixed networks and the security of Artificial Intelligence-based systems. To help tackle the pandemic, we launched E4P, Europe for Privacy-Preserving Pandemic Protection, an Industry Specification Group initiated to develop specifications that will ensure the interoperability of Covid-19 tracing applications throughout Europe.
CEN and CENELEC have published Annual Reports for 2019. The Annual Reports consist of three parts: the joint CEN and CENELEC activities and one each individual report for CEN and CENELEC. Taken together, they present the main achievements accomplished in 2019 in European standardization.
Indeed, 2019 was an impactful year: the renewed EU institutional setting, the whirling trade discussions and Brexit have presented all organisations and businesses with new challenges and opportunities. Digitalisation and innovation have imposed themselves as a new constant in our daily lives. Furthermore, the global coronavirus pandemic has shown how urgent it is for all organisations to become resilient and adaptable to sudden changes. This situation provided even more evidence of the essential role that standards play in protecting citizens and providing safe and innovative market solutions.
The ETSI Technical Committee on Cybersecurity (TC CYBER) unveiled ETSI EN 303 645, a standard for cybersecurity in the Internet of Things that establishes a security baseline for internet-connected consumer products and provides a basis for future IoT certification schemes. Based on the ETSI specification TS 103 645, EN 303 645 went through National Standards Organization comments and voting, engaging even more stakeholders in its development and ultimately strengthening the resulting standard. The EN is a result of collaboration and expertise from industry, academics and government.
ETSI EN 303 645 specifies 13 provisions for the security of Internet-connected consumer devices and their associated services. IoT products in scope include connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g. washing machines, fridges) and smart home assistants. The EN also includes 5 specific data protection provisions for consumer IoT.
In a world increasingly relying on digital technologies and data to function, opportunities go hand in hand with potential risks. For this reason, cybersecurity is at the centre of international efforts, both public and private, to minimise dangers for critical infrastructure and personal data, thus ensuring that the highest number possible of individuals and companies, in all sectors, can benefit from new technologies.
In this context, the standardization community is playing an important role: standards for cybersecurity and data protection are currently being developed both internationally and at the European level to address the risks posed by cyber-attacks and help ensure high levels of protection. As part of this effort, CEN and CENELEC’s JTC 13 ‘Cybersecurity and Data Protection’ just released a series of European Standards (ENs).
The new standards provide a series of guidelines and criteria to assess the security level of IT systems, cryptographic modules and privacy.
- EN ISO/IEC 15408-1:2020 ‘Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model’
- EN ISO/IEC 15408-2:2020 ‘Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional components’
- EN ISO/IEC 15408-3:2020 ‘Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance components’
- EN ISO/IEC 18045:2020 ‘Information technology - Security techniques - Methodology for IT security evaluation’
- EN ISO/IEC 19790:2020 ‘Information technology - Security techniques - Security requirements for cryptographic modules’
- EN ISO/IEC 27019:2020 ‘Information technology - Security techniques - Information security controls for the energy utility industry’
- EN ISO 29134:2020 ‘Information technology - Security techniques - Guidelines for privacy impact assessment’