ETSI Releases Cybersecurity Standard for Consumer IoT Products

ETSI, a Europe-based tech standards organization, has released a cybersecurity spec for consumer Internet of Things (IoT) products.

Called ETSI TS 103 645, the standard seeks to provide a baseline for Internet-connected consumer devices while at the same time establishing a basis for future IoT certification initiatives.

Targeting the consumer -- as opposed to industrial -- space, the standard's scope includes devices such as: children’s toys and baby monitors; connected safety-relevant products such as smoke detectors and door locks; smart cameras, TVs and speakers; wearable health trackers; connected home automation and alarm systems; connected washing machines, refrigerators and other appliances; and smart home assistants.

The nonprofit ETSI, which describes itself as a leading standardization organization for Information and Communication Technology (ICT) standards, is based in Europe and originally had a distinct European focus, though it now says it has a global perspective and sees its standards used around the world. Thus the organization describes its newly released standard as "the first globally applicable standard for consumer IoT security."

While the standard is full of technical jargon, a couple of easily explained aspects call for implementers to stop using universal default passwords and implement a vulnerability disclosure policy to help security researchers and others report security issues they have discovered.

Other guidance includes details on how to:

  • Keep software updated
  • Securely store credentials and security-sensitive data
  • Communicate securely
  • Minimize exposed attack surfaces
  • Ensure software integrity
  • Ensure that personal data is protected
  • Make systems resilient to outages
  • Examine system telemetry data
  • Make it easy for consumers to delete personal data
  • Make installation and maintenance of devices easy
  • Validate input data

"As more devices in the home connect to the Internet, the cyber security of the Internet of Things (IoT) is becoming a growing concern," ETSI said in a news release yesterday (Feb. 19). "People entrust their personal data to an increasing number of online devices and services. In addition, products and appliances that have traditionally been offline are now becoming connected and need to be designed to withstand cyber threats. Poorly secured products threaten consumer’s privacy and some devices are exploited to launch large-scale DDoS (Distributed Denial of Service) cyber attacks."

About the Author

David Ramel is an editor and writer for Converge360.


  • HPE and Cumulus Bolster Datacenters for AI, IoT and 5G

    In a bid to deliver "a flexible networking fabric that is predictable, scalable and reliable," Hewlett-Packard Enterprise's StoreFabric M-Series Ethernet Switches will now run Cumulus Networks' Linux OS and NetQ management software.

  • Robot Maker Launches Open Source App Templates for Devs

    Misty Robotics, creator of the Misty platform robot, recently announced the availability of new Misty as Concierge application templates for its Misty II machine.

  • Qualcomm Blends AI and Silicon for New Autonomous Driving Platform

    Qualcomm wowed CES attendees with its new Snapdragon Ride Platform, an autonomous driving solution that combines the Snapdragon family of automotive systems-on-chip (SoCs) with a purpose-built software stack.

  • Humanoid Chatbots Take the Stage at CES 2020

    One of the buzziest announcements at this year's Consumer Electronics Show was Samsung's much anticipated Neon project, which generates realistic, human-like digital avatars.