Experts have welcomed the introduction of a new globally applicable European standard designed to drive improvements in baseline security for consumer-grade IoT products.
Introduced today by the European Telecommunications Standards Institute (ETSI), the standard will hopefully encourage manufacturers to improve built-in privacy and security protections whilst providing consumers with a way of differentiating between products on the market.
The ETSI TS 103 645 standard came from a UK government proposal based on a code of practice it introduced last year. It also comes a year after the British Standards Institution (BSI) introduced a kitemark for consumer and business-grade IoT devices.
Among the requirements for IoT manufacturers keen to gain accreditation with the ETSI standard include implementation of a vulnerability disclosure policy and prohibition of any universal default passwords.
However, ETSI director-general, Luis Jorge Romero, clarified that the specification “was outcome-focused, rather than prescriptive, giving organizations the flexibility to innovate and implement security solutions appropriate for their products.”
Ollie Whitehouse, global CTO at NCC Group, welcomed the UK’s leadership role in helping to make the European standard a reality.
“We have long held the view that some market failures can only be addressed through the right regulatory frameworks and incentives. It is welcome that ETSI’s standard reflects how the adoption of its principles can help organizations achieve compliance with global regulatory regimes, from GDPR and cybersecurity certification in Europe to the IoT Cyber Security Improvement Act in the US,” he added.
“As global standardization moves ahead, manufacturers in every country need to understand that an international supply chain is no longer an excuse to ignore good security practice. Manufacturers around the world should take the right steps now to build an appropriate level of security into their products.”