The UK based IoT Security Foundation (IoTSF) has launched three guides on consumer IoT security designed to help industry comply with voluntary guidelines and legislation being developed by governments.
The guides build upon the recently released ETSI EN 303 645 standard on consumer IoT cyber security published in July 2020. It is the first international standard of its kind and governments are already publishing guidance and preparing legislation based on it.
ETSI released the ETSI EN 303 645 specification in February 2019 and that formed the basis of the UK’s voluntary guidelines for security of consumer IoT devices. The UK Government is now drafting legislation that will make much of this guidance mandatory.
IoTSF says adoptions of ETSI EN 303 645 either in guidance or legislation will impact the IoT producer community — designers, developers, manufacturers and other vendors — and the guides are designed to help global organisations better understand and comply with new international standards, regulations and national guidance on consumer IoT security.
Each focusses on what IoTSF says are the top three cyber security issues for consumer IoT: eliminating universal default passwords, managing vulnerability reports and keeping software updated.
“The Quick Guides demystify specialist terminology, signpost additional information, and suggest additional ways in which to approach consumer IoT cybersecurity,” IoTSF says.
IoTSF is also hosting live webinars on each of the three guides. Details can be found on the guide links above.
Earlier this year IoTSF called for mandatory standards for consumer IoT devices when it released a report disparaging the vulnerability reporting and disclosure practices of consumer IoT devices vendors.
The organisation says consumer IoT has been a priority since its was established in 2015, and it has worked with many stakeholders to improve the status of cybersecurity for consumers.
