Mobile Phone Security
Mobile Phone Consultancy
Mobile Phone Security
Software
Mobile Security Leaflet
InnOvaTe_Launchpad_2016_Prize_Winner_with_pic_v4

ETSI publishes European Standard on Consumer IoT Security


David Rogers writes about the launch of the specification: ‘Cyber Security for Consumer Internet of Things’ from ETSI’s TC Cyber group.

Today the European Telecommunications Standards Institute (ETSI) announced the publication of their ETSI Technical Specification, TS 103 645 (pdf).

This work builds on the UK Code of Practice for IoT Security and has had input from experts around the world. It is great that this work has been elevated up to European level and published as a standard. This means a much wider technical audience and crucially, official endorsement at European level by companies and governments.

The discussions during the specification development were very rational and it also meant that some of the supporting text were promoted into provisions within the specification, making the overall work stronger. For example, wording that could be considered ambiguous from a technical standpoint has been clarified and considered at length by me and others. This means that whilst we still see this as a high level specification, we’ve also tried to further pin down what we’re trying to say, all whilst trying to ensure that we avoid unintended consequences and companies deliberately trying to avoid putting security into their products via loopholes.

These efforts will continue. During the specification process, there were some really good proposals brought forward on some deep technical aspects about IoT security and privacy that we see as being potential spin-off work items in ETSI – I’m keeping track of what those topics were. There are also things that some of us would like to bring into the Code of Practice for future revisions, such as consideration by manufacturers of issues such as coercive or controlling behaviour which can be compounded by IoT in the home. All these things are for the future, but the great thing is the enthusiasm is there from some brilliant minds both in government and industry, so watch this space!

The IoT Security Mapping site has also been updated to reflect how the ETSI specification maps to the UK Code of Practice in order to help implementers understand how it all fits together, including against other recommendations and specifications from around the world.

spacer

Copper Horse specialises in mobile and IoT security, engineering solutions throughout the product lifecycle from requirements to product security investigations. We offer security training and have a huge range of consulting expertise to help you in mobile telecoms and connected products security. If you have an interesting and complex security problem, we are here to help.

Copper Horse Tweets

Follow @copperhorseuk on twitter.

GSMA Associate Member
GSMA Associate Member

Copper Horse is an Associate Member of the GSM Association

IoT Security Foundation
IoT Security Foundation

Copper Horse are Founding and Executive Board member of the IoT Security Foundation.

W3C Member
W3C Member

Copper Horse is a member of the Worldwide Web Consortium, the W3C.

Cyber Essentials Certified
Cyber Essentials Certified