The exponential increased number of connected IoT assets is creating new a paradigm where more powerful threats are emerging in numbers. Cybersecurity issues related cost has become one of the obstacles restricting the widespread deployment of IoT services and the main concern for manufacturers and vendors. National governments in various regions across the world are formulating and promulgating new IoT security regulations such as ETSI EN 303 645.
The European Telecommunications Standards Institute, or ETSI standard released a new standard ETSI EN 303 645 in 2019, which brings together widely considered good practice in security for Internet-connected consumer devices in a set of high-level outcome-focused provisions. This standard is to support all parties involved in the development and manufacturing of consumer IoT with guidance on securing their products. Its focus is on the technical controls and organizational policies that matter most in addressing the most significant and widespread security shortcomings. Overall, a baseline level of security is considered; this is intended to protect against elementary attacks on fundamental design weaknesses such as the use of easily guessable passwords.
Our ETSI EN 303 645 testing experts are intimately familiar with the cyber fraud and data privacy regulations in specific markets and a deep understanding of the cyber threat field, working with customers around the world to fully unlock the potential of the digital future. Cyber security and data protection are one of our core capabilities. From product design, manufacturing to operations, we provide you with intimate support at every step to reduce the cybersecurity and data privacy disclosure risk.
Below is a quick overview of the services that TÜV SÜD provides:
This is a non-exhaustive list of examples of consumer IoT devices that we can do ETSI cyber security testing for:
ETSI EN 303 645 is one of the first cohesive global standard for IoT cybersecurity. The standard presents an achievable, single target for manufacturers and IoT stakeholders to attain. The ETSI EN 303 645 also helps with consumer confidence in the security of everyday products that connect to the internet. As consumers are unlikely to understand the technicalities of their connected wearables or connected products, having products comply to ETSI EN 303 635 is an indicator that the product has meet some cybersecurity standards to ensure a degree of safety from cyber threats.
HOW DOES ETSI EN 303 645 TESTING BENEFIT BUSINESSES?
ETSI EN 303 645 is a cybersecurity standard for consumer IoT (CIoT) products, ensuring device security, communication integrity, and personal data privacy. This standard enables businesses to conduct precise assessments and testing for product conformance, providing several key benefits:
TÜV SÜD has multiple information security testing centers around the world to provide customers with optimized information security testing solutions and information security certifications. Our cyber security expert team is constantly learning the latest network security vulnerabilities and defense technologies. Senior experts play an active role in the standardization committee and international industry activities, understand the latest industry development trends, provide enterprises with more information security related tests services to reduce the risk of business information technology systems.
TÜV SÜD is recognised by IECEE CB to conduct testing for consumer-connected products against ETSI EN 303 645, to issue CB-type test reports and CB certificates for compliance with this standard.
The ETSI EN 303 645 security framework is a globally accepted standard for consumer IoT devices. It defines a security baseline to safeguard IoT devices from common cyber threats and large-scale malicious attacks such as DDoS and spying of individuals personal lives.
This framework provides 13 recommendations for IoT certification programs and recommends building security into the design itself.
The key elements of ETSI cyber security for consumer IoT devices are:
1. No default and universal passwords
2. Report device vulnerabilities to the OEM
3. Keep the device software updated
4. Protect the sensitive security parameters
5. Secure communications
6. Minimise exposed attack surfaces
7. Uphold software integrity
8. Secure the consumer’s personal data
9. Design systems that are resilient to outages
10. Examine the telemetry data of the system
11. Allow users to delete personal data
12. Easily install and maintain IoT devices
13. Validate all input data
Consumer trust is key when you manufacture or retail products that are part of everyone’s daily life
Learn more
Site Selector
Global
Americas
Asia
Europe
Middle East and Africa