ETSI releases test specification to comply Consumer IoT Security standard

1 min read

ETSI has released the test specification for the existing ETSI EN 303 645, the world leading consumer IoT security standard.

This test specification, ETSI TS 103 701, describes how a conformity assessment is performed in a structured and comprehensive way allowing a supplier organisation such as manufacturer, vendor or distributer to assess the compliance of their devices against ETSI EN 303 645 in self-assessments or via testing labs. User organisations can also apply the test specification for in-house testing.

ETSI EN 303 645, released in June 2020, involved all stakeholders of the IoT cybersecurity landscape and was developed with industry, academics, testing institutes and international government bodies.

As more consumer devices connect to the internet, the cybersecurity of the Internet of Things (IoT) has become a growing concern. The EN is designed to prevent large-scale, prevalent attacks against smart devices that cybersecurity experts see every day.

IoT products in scope include connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g. washing machines, fridges) and smart home assistants.

Compliance with the standard restricts the ability of attackers to control devices across the globe - known as botnets - to launch DDoS attacks, mine cryptocurrency and spy on users in their own homes.

This standard has become a reference for securing IoT devices all over the world and is already used by several cybersecurity regulations. Today fitness watches, home automation devices, smart hubs, robot vacuum cleaners, dishwashers and more devices are already compliant with the ETSI standard.

As multiple public and private sector organisations are developing certification and labelling schemes for consumer IoT security, a test specification was required to accelerate market adoption.

Such schemes can qualify products for security labels to be visually attached. This enables consumers to select more secure products over less secure ones. The test specification ETSI TS 103 701 will help harmonise evaluation methodologies and support manufacturers, suppliers and implementers for their internal security processes.