This will allow supplier organizations such as manufacturers, vendors and distributers to assess the compliance of their devices against ETSI ETSI EN 303 645 in self-assessments or via testing labs. User organizations can also apply the test specification for in-house testing.
ETSI EN 303 645, released in June 2020, involved all stakeholders of the IoT cybersecurity landscape and was developed with industry, academics, testing institutes and international government bodies. As more consumer devices connect to the internet, the cybersecurity of the IoT has become a growing concern. The EN is designed to prevent large-scale, prevalent attacks against smart devices that cybersecurity experts see every day.
Compliance with the standard restricts the ability of attackers to control devices across the globe – known as botnets – to launch DDoS attacks, mine cryptocurrency and spy on users in their own homes.
This standard has become a reference for securing IoT devices all over the world and is already used by several cybersecurity regulations. Today fitness watches, home automation devices, smart hubs, robot vacuum cleaners, dishwashers and more devices are already compliant with the ETSI standard.
As multiple public and private sector organizations are developing certification and labelling schemes for consumer IoT security, a test specification was required to accelerate market adoption. Such schemes can qualify products for security labels to be visually attached. This enables consumers to select more secure products over less secure ones. The test specification ETSI TS 103 701 will help harmonize evaluation methodologies and support manufacturers, suppliers and implementers for their internal security processes.