NCC Group hails global advances in IOT security standards
Four months after the UK’s Department for Digital, Culture, Media and Sport finalised its Secure by Design Code of Practice, the global standards body, European Telecommunications Standards Institute (ETSI) has today (19 February) published its industry standard ‘Cyber Security for Consumer Internet of Things’.
Technical Specification 103 645 is the first globally applicable IOT security standard, that brings together widely considered good practice – including the UK’s Secure by Design Code – in outcome-focused high-level provisions, covering the most important technical and organisational measures to secure consumer IOT products.
From foregoing the use of universal default passwords, to encouraging product manufacturers to allow security researchers effective means to report vulnerabilities, to keeping software updated and making it easy for consumers to delete personal data, ETSI’s standard establishes an international security baseline for internet-connected consumer products, from children’s toys to smart door locks, wearable health trackers to smart home assistants.
Commenting, Ollie Whitehouse, Global CTO at NCC Group, said:
“It is incredibly encouraging to see the UK’s expertise in securing IOT devices globally come to fruition. The publication of ETSI’s IOT cyber security standard is testament to the international consensus on what needs to be done to ensure consumers all around the world can feel their internet-connected devices are safe and secure to use.
We have long held the view that some market failures can only be addressed through the right regulatory frameworks and incentives. It is welcome that ETSI’s standard reflects how the adoption of its principles can help organisations achieve compliance with global regulatory regimes, from GDPR and cyber security certification in Europe to the IOT Cyber Security Improvement Act in the US.
As global standardisation moves ahead, manufacturers in every country need to understand that an international supply chain is no longer an excuse to ignore good security practice. Manufacturers around the world should take the right steps now to build an appropriate level of security into their products.”