Sophia Antipolis, 31 October 2024
Protect Confidentiality, Integrity and Availability of Data as Smart Devices Proliferate.
In response to the growing concern over cybersecurity and data protection on the Internet of Things (IoT) landscape, ETSI has released a comprehensive document ETSI EN 303 645 V3.1.3 (2024-09) outlining high-level security provisions for consumer IoT devices. As more household devices connect to the internet, safeguarding personal data has become a paramount issue for manufacturers and consumers alike.
The newly introduced guidelines are designed to support stakeholders involved in the development and manufacturing of IoT devices, providing a flexible framework to innovate while ensuring a baseline level of security. The document emphasizes outcome-focused provisions, steering clear of overly prescriptive measures, allowing organizations the freedom to tailor security solutions for specific products.
"Consumers are increasingly dependent on connected devices for secure transactions, making it crucial for manufacturers to earn that trust - prioritizing security by design", said Jan Ellsberger, Director General ETSI. "These guidelines aim to address the most significant vulnerabilities and I am confident that they help create a safer IoT ecosystem, so long as we remain vigilant – knowing full well that this work is never 'done'."
Key features of the document include:
- Baseline Provisions: Establishing fundamental security requirements applicable to all consumer IoT devices.
- Guidance for Implementation: Providing organizations with clear examples and explanatory text on how to apply the provisions.
- Compliance with GDPR: Ensuring that IoT devices processing personal data align with General Data Protection Regulation standards.
- Futureproofing: Anticipating that future revisions will transition current recommendations into mandatory provisions.
The document encompasses a wide array of consumer IoT devices, including smart home assistants, connected appliances, health trackers, and more. It also considers the unique resource constraints that these devices may face, such as limited processing power and energy supply.
ETSI emphasizes that while these guidelines will significantly enhance security measures for consumer IoT devices, they are not a panacea for all cybersecurity challenges. As the landscape of consumer IoT continues to evolve, ETSI remains committed to collaborating with industry partners to refine these guidelines and ensure a safer, more secure experience for all users.
For more information on the guidelines and their implications for the future of consumer IoT, please visit: https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf.
About ETSI
ETSI provides members with an open and inclusive environment to support the timely development, ratification and testing of globally applicable standards for ICT‑enabled systems, applications and services across all sectors of industry and society. We are a not-for-profit body with more than 900 member organizations worldwide, drawn from 64 countries and five continents. Members comprise a diversified pool of large and small private companies, research entities, academia, government and public organizations. ETSI is one of only three bodies officially recognized by the EU as a European Standards Organization (ESO).
For more information please visit us at https://www.etsi.org/
Contact
Email: Press@etsi.org