ETSI is scheduled to release on 17 February a standard for consumer IoT security, based on the recently released UK standard.
According to the ETSI website, the standard is aimed primarily at those developing, producing and selling consumer IoT products, and will “contain around a dozen high-level outcome-focused requirements, which bring together what is widely considered good practice in IoT security.”
ETSI says the standard “will balance the goal of achieving good security outcomes with the need of it being implementable by even small businesses.”
The initial draft of the ETSI standard was based on the “Code of Practice for Security in Consumer IoT Products and Associated Services” published in draft by the UK Government department for Digital, Culture, Media and Sport (DCMS) in March 2018 as part of its “Secure by Design” report.
A final version of the UK’s consumer IoT standard was published in October 2018. It sets out 13 practical steps for IoT manufacturers and other industry stakeholders to improve the security of consumer IoT products and associated services.
“Implementing its thirteen guidelines will contribute to protecting consumers’ privacy and safety, whilst making it easier for them to use their products securely, DCMS said. “It will also mitigate against the threat of distributed denial of service (DDoS) attacks that are launched from poorly secured IoT devices and services.”
Global reachout
According to Jamie Humphreys and Evangelia Nitti, from law firm Cooley LLP in a post on the Lexology legal blog (registration required) the standard has been translated into French, German, Spanish, Korean, Japanese and Mandarin in a bid to get the standard adopted by manufacturers outside the UK.,
Also, the UK government has initiated global outreach and collaboration with its counterparts and standards institutions in the US, Canada, France, New Zealand and Australia.
They add: “The Commonwealth Cyber Declaration, agreed by 53 nations in April 2018, also focuses on boosting user security by default, which is another milestone that signals worldwide commitment towards the convergence of approaches.”
The Commonwealth hailed the declaration as “the world’s largest and most geographically diverse inter-governmental commitment on cybersecurity cooperation.”
It followed an announcement by the UK government to pledge up to £15 million to help Commonwealth countries strengthen their cybersecurity capabilities and ‘tackle criminal groups and hostile state actors who pose a global threat to security, including in the UK’.
