ETSI Publish Cyber Security Standard for Consumer IoT

21 Feb 2019 02:26 PM

First globally applicable standard for consumer IoT rules out default passwords and requires vulnerability disclosure.

ETSI, the European Standards Organisation have this week released the first globally applicable cyber security standard for consumer IoT devices. The standard, ETSI TS 103 645, establishes a security baseline for internet-connected consumer products and provide a basis for future IoT certification schemes. It builds closely on the UK's Code of Practice for Consumer IoT Security which set out a list of 13 Commitments. The standard focuses on the top three of these which are generally regarded as the highest priority. 

The standard requires implementers to forgo the use of universal default passwords, which have been the source of many security issues. It also requires implementation of a vulnerability disclosure policy to allow security researchers and others to report security issues.

Matt Evans, Director of Market Programmes, yesterday said 

"Our own research shows thatpoor security is a barrier to greater adoption of Connected Home devices and services. If we are to deliver the very real benefits that IoT can make to people's life's we must address these justified concerns and therefore welcome the publication of the ETSI standard. We encourage companies to engage with both the standard and the UK Government's Code of Practice as these are developed further."