The ETSI Technical Committee on Cybersecurity (TC CYBER) unveiled ETSI EN 303 645, a standard for cybersecurity in the Internet of Things that establishes a security baseline for internet-connected consumer products and provides a basis for future IoT certification schemes. Based on the ETSI specification TS 103 645, EN 303 645 went through National Standards Organization comments and voting, engaging even more stakeholders in its development and ultimately strengthening the resulting standard. The EN is a result of collaboration and expertise from industry, academics and government.
ETSI EN 303 645 specifies 13 provisions for the security of Internet-connected consumer devices and their associated services. IoT products in scope include connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g. washing machines, fridges) and smart home assistants. The EN also includes 5 specific data protection provisions for consumer IoT.
ETSI issued New White Paper on Artificial Intelligence
ETSI has unveiled a new White Paper on Artificial Intelligence (AI). This White Paper explores key issues of AI that present both huge opportunities and new challenges for information and communication technologies (ICT). This ETSI White Paper surveys the many technical activities in ETSI that consider AI. They include 5G systems, network optimization, privacy/security, data management, semantic interoperability and testing across all areas. Each area is considering the use of aspects of AI, including Health and Human Factors scenarios. Key references from other bodies are included for global context.
The ETSI virtual Security Week 2020, that took place from 8 June to 23 June, successfully closed with a record audience of more than 4000 viewers joining from over 50 countries. Speakers and moderators comprised a variety of stakeholders ranging from global telco operators, vendors and academia to security organizations and other standards bodies.
The 14 webinars focused four key topics around cybersecurity: how to deploy 5G securely in different market sectors, the Cybersecurity Act and the future European Standard developed by ETSI on security for IoT consumer devices, insights into the new Smart Secure Platform, as well as its requirements and impact on the ecosystem and advanced cryptography with quantum-safe cryptography, the technical evolution of the TETRA standard and fully homomorphic encryption.
Presentations displayed a good balance between high level and technical topics and the content provision and led to high interaction with very dynamic and challenging Q&A and panel sessions.
Please click here to access all recorded presentations. You can also download the PDF slide sets.
International standards initiative oneM2M announced it has welcomed a range of new members as organisations around the world seek to accelerate the development of the Internet of Things (IoT) market through greater interoperability.
A cybersecurity specialist, research institutes, service providers and the Universidad Politécnica de Madrid’s faculty of computer science are among the latest companies to join the organisation. The newest additions to oneM2M’s vast membership come from America, Asia, Europe and Russia, demonstrating the relevance of its standardization efforts across the globe.
“2020 is shaping up to be a year when increased levels of collaboration between global organisations, institutions and companies really accelerate mass adoption of the IoT across a range of sectors,” said oneM2M Steering Committee Chair, Enrico Scarrone. “We are already working in partnership with the IoT Connectivity Alliance (ICA) and have recently set out how we will be collaborating with the Industrial Internet Consortium (IIC). The breadth of expertise and geographic spread of our new members will further add to our global knowledge base and effort as we build the levels of seamless interoperability needed to drive forward a technologically agnostic and secure platform for the IoT.”
ETSI has released its 2020-2021 work programme. In ETSI we are constantly exploring new ways to make the development of standards faster and more efficient. Our FORGE platform, for example, gives developers free access to open-source code produced by our members. And as we have already seen this year, the need for effective virtual collaboration between individuals and teams has never been keener.
At the start of 2020 we had little idea just how abruptly our own operational processes would shift. The devastating societal impact of the coronavirus has imposed profound challenges on every organization. As our own modus operandi evolves, so does the scope of ETSI’s standardization activities.
This Work Programme highlights some of the technical areas attracting the attention of our members with new groups created, including new networking protocols (Non-IP networking), 5th generation fixed networks and the security of Artificial Intelligence-based systems. To help tackle the pandemic, we launched E4P, Europe for Privacy-Preserving Pandemic Protection, an Industry Specification Group initiated to develop specifications that will ensure the interoperability of Covid-19 tracing applications throughout Europe.
The ETSI Technical Committee on Cybersecurity (TC CYBER) unveiled ETSI EN 303 645, a standard for cybersecurity in the Internet of Things that establishes a security baseline for internet-connected consumer products and provides a basis for future IoT certification schemes. Based on the ETSI specification TS 103 645, EN 303 645 went through National Standards Organization comments and voting, engaging even more stakeholders in its development and ultimately strengthening the resulting standard. The EN is a result of collaboration and expertise from industry, academics and government.
ETSI EN 303 645 specifies 13 provisions for the security of Internet-connected consumer devices and their associated services. IoT products in scope include connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g. washing machines, fridges) and smart home assistants. The EN also includes 5 specific data protection provisions for consumer IoT.
In a world increasingly relying on digital technologies and data to function, opportunities go hand in hand with potential risks. For this reason, cybersecurity is at the centre of international efforts, both public and private, to minimise dangers for critical infrastructure and personal data, thus ensuring that the highest number possible of individuals and companies, in all sectors, can benefit from new technologies.
In this context, the standardization community is playing an important role: standards for cybersecurity and data protection are currently being developed both internationally and at the European level to address the risks posed by cyber-attacks and help ensure high levels of protection. As part of this effort, CEN and CENELEC’s JTC 13 ‘Cybersecurity and Data Protection’ just released a series of European Standards (ENs).
The new standards provide a series of guidelines and criteria to assess the security level of IT systems, cryptographic modules and privacy.
- EN ISO/IEC 15408-1:2020 ‘Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model’
- EN ISO/IEC 15408-2:2020 ‘Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional components’
- EN ISO/IEC 15408-3:2020 ‘Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance components’
- EN ISO/IEC 18045:2020 ‘Information technology - Security techniques - Methodology for IT security evaluation’
- EN ISO/IEC 19790:2020 ‘Information technology - Security techniques - Security requirements for cryptographic modules’
- EN ISO/IEC 27019:2020 ‘Information technology - Security techniques - Information security controls for the energy utility industry’
- EN ISO 29134:2020 ‘Information technology - Security techniques - Guidelines for privacy impact assessment’