ETSI Releases Cybersecurity Standard for Consumer IoT Products

ETSI, a Europe-based tech standards organization, has released a cybersecurity spec for consumer Internet of Things (IoT) products.

Called ETSI TS 103 645, the standard seeks to provide a baseline for Internet-connected consumer devices while at the same time establishing a basis for future IoT certification initiatives.

Targeting the consumer -- as opposed to industrial -- space, the standard's scope includes devices such as: children’s toys and baby monitors; connected safety-relevant products such as smoke detectors and door locks; smart cameras, TVs and speakers; wearable health trackers; connected home automation and alarm systems; connected washing machines, refrigerators and other appliances; and smart home assistants.

The nonprofit ETSI, which describes itself as a leading standardization organization for Information and Communication Technology (ICT) standards, is based in Europe and originally had a distinct European focus, though it now says it has a global perspective and sees its standards used around the world. Thus the organization describes its newly released standard as "the first globally applicable standard for consumer IoT security."

While the standard is full of technical jargon, a couple of easily explained aspects call for implementers to stop using universal default passwords and implement a vulnerability disclosure policy to help security researchers and others report security issues they have discovered.

Other guidance includes details on how to:

  • Keep software updated
  • Securely store credentials and security-sensitive data
  • Communicate securely
  • Minimize exposed attack surfaces
  • Ensure software integrity
  • Ensure that personal data is protected
  • Make systems resilient to outages
  • Examine system telemetry data
  • Make it easy for consumers to delete personal data
  • Make installation and maintenance of devices easy
  • Validate input data

"As more devices in the home connect to the Internet, the cyber security of the Internet of Things (IoT) is becoming a growing concern," ETSI said in a news release yesterday (Feb. 19). "People entrust their personal data to an increasing number of online devices and services. In addition, products and appliances that have traditionally been offline are now becoming connected and need to be designed to withstand cyber threats. Poorly secured products threaten consumer’s privacy and some devices are exploited to launch large-scale DDoS (Distributed Denial of Service) cyber attacks."

About the Author

David Ramel is an editor and writer for Converge360.


  • Architecture Small Graphic

    5G Mobile Tech Highlights Cisco Internet Report

    Blazing mobile connectivity speeds provided by next-gen 5G technology -- up to 13x more than today's average -- are highlighted in Cisco's big new Annual Internet Report, which also warns of bigger and more frequent distributed denial-of-service (DDoS) attacks.

  • EU Proposes Strict Regulations for AI

    The European Union this week unveiled its first proposed regulations for artificial intelligence technology, along with a strategy for handling personal digital data.

  • Google Optical Sensor Algorithm Helps Robots See Clear Objects

    Google's AI group collaborated with researchers at Columbia University and computer vision company Synthesis AI to create ClearGrasp, a machine learning algorithm capable of estimating accurate 3-D data of transparent objects.

  • Eclipse Foundation and IOTA Launch Working Group for Open Source Distributed Ledger Tech

    The Eclipse Foundation has partnered with the IOTA Foundation to form a new Eclipse working group to promote IOTA's open source distributed ledger technology, called the Tangle.