NCC Group hails global advances in IOT security standards
Four months after the UK’s Department for Digital, Culture, Media and Sport finalised its Secure by Design Code of Practice, the global standards body, European Telecommunications Standards Institute (ETSI) has today (19 February) published its industry standard ‘Cyber Security for Consumer Internet of Things’.
Technical Specification 103 645 is the first globally applicable IOT security standard, that brings together widely considered good practice – including the UK’s Secure by Design Code – in outcome-focused high-level provisions, covering the most important technical and organisational measures to secure consumer IOT products.
From foregoing the use of universal default passwords, to encouraging product manufacturers to allow security researchers effective means to report vulnerabilities, to keeping software updated and making it easy for consumers to delete personal data, ETSI’s standard establishes an international security baseline for internet-connected consumer products, from children’s toys to smart door locks, wearable health trackers to smart home assistants.
Commenting, Ollie Whitehouse, Global CTO at NCC Group, said:
“It is incredibly encouraging to see the UK’s expertise in securing IOT devices globally come to fruition. The publication of ETSI’s IOT cyber security standard is testament to the international consensus on what needs to be done to ensure consumers all around the world can feel their internet-connected devices are safe and secure to use.
We have long held the view that some market failures can only be addressed through the right regulatory frameworks and incentives. It is welcome that ETSI’s standard reflects how the adoption of its principles can help organisations achieve compliance with global regulatory regimes, from GDPR and cyber security certification in Europe to the IOT Cyber Security Improvement Act in the US.
As global standardisation moves ahead, manufacturers in every country need to understand that an international supply chain is no longer an excuse to ignore good security practice. Manufacturers around the world should take the right steps now to build an appropriate level of security into their products.”
About NCC Group
NCC Group exists to make the world safer and more secure.
As global experts in cyber security and risk mitigation, NCC Group is trusted by over 15,000 clients worldwide to protect their most critical assets from the ever-changing threat landscape.
With the company’s knowledge, experience and global footprint, it is best placed to help businesses identify, assess, mitigate and respond to the evolving cyber risks they face.
To support its mission, NCC Group continually invests in research and innovation, and is passionate about developing the next generation of cyber scientists.
With over 1,800 colleagues in 12 countries, NCC Group has a significant market presence in North America, continental Europe and the UK, and a rapidly growing footprint in Asia Pacific with offices in Australia and Singapore.