The exponential increased number of connected IoT assets is creating new a paradigm where more powerful threats are emerging in numbers. Cybersecurity issues related cost has become one of the obstacles restricting the widespread deployment of IoT services and the main concern for manufacturers and vendors. National governments in various regions across the world are formulating and promulgating new IoT security regulations such as ETSI EN 303 645.
The European Telecommunications Standards Institute, or ETSI standard released a new standard ETSI EN 303 645 in 2019, which brings together widely considered good practice in security for Internet-connected consumer devices in a set of high-level outcome-focused provisions. This standard is to support all parties involved in the development and manufacturing of consumer IoT with guidance on securing their products. Its focus is on the technical controls and organizational policies that matter most in addressing the most significant and widespread security shortcomings. Overall, a baseline level of security is considered; this is intended to protect against elementary attacks on fundamental design weaknesses such as the use of easily guessable passwords.
Our ETSI EN 303 645 testing experts are intimately familiar with the cyber fraud and data privacy regulations in specific markets and a deep understanding of the cyber threat field, working with customers around the world to fully unlock the potential of the digital future. Cyber security and data protection are one of our core capabilities. From product design, manufacturing to operations, we provide you with intimate support at every step to reduce the cybersecurity and data privacy disclosure risk.
Below is a quick overview of the services that TÜV SÜD provides:
This is a non-exhaustive list of examples of consumer IoT devices that we can do ETSI cyber security testing for:
ETSI EN 303 645 is one of the first cohesive global standard for IoT cybersecurity. The standard presents an achievable, single target for manufacturers and IoT stakeholders to attain. The ETSI EN 303 645 also helps with consumer confidence in the security of everyday products that connect to the internet. As consumers are unlikely to understand the technicalities of their connected wearables or connected products, having products comply to ETSI EN 303 635 is an indicator that the product has meet some cybersecurity standards to ensure a degree of safety from cyber threats.
TÜV SÜD has multiple information security testing centers around the world to provide customers with optimized information security testing solutions and information security certifications. Our cyber security expert team is constantly learning the latest network security vulnerabilities and defense technologies. Senior experts play an active role in the standardization committee and international industry activities, understand the latest industry development trends, provide enterprises with more information security related tests services to reduce the risk of business information technology systems.
The ETSI EN 303 645 security framework is a globally accepted standard for consumer IoT devices. It defines a security baseline to safeguard IoT devices from common cyber threats and large-scale malicious attacks such as DDoS and spying of individuals personal lives.
This framework provides 13 recommendations for IoT certification programs and recommends building security into the design itself.
The key elements of ETSI cyber security for consumer IoT devices are:
1. No default and universal passwords
2. Report device vulnerabilities to the OEM
3. Keep the device software updated
4. Protect the sensitive security parameters
5. Secure communications
6. Minimise exposed attack surfaces
7. Uphold software integrity
8. Secure the consumer’s personal data
9. Design systems that are resilient to outages
10. Examine the telemetry data of the system
11. Allow users to delete personal data
12. Easily install and maintain IoT devices
13. Validate all input data
Consumer trust is key when you manufacture or retail products that are part of everyone’s daily life
How can we ready ourselves in the face of cyber attacks?
Middle East and Africa