Webinar
Date: 12th May 2022,
Time: 14:00 – 17:00 Hrs. (IST) / 10:30 – 13:30 Hrs. (CEST),
Venue: Zoom
Connected devices have become an integral part of our lives. Although they help us in our daily routine, their design and how they comply to security standards may affect our privacy and even our safety. The Internet of Things (IoT) devices bring comfort to our lives, but our home and offices can be exposed to countless security threats if the IoT devices in use are not protected and prepared to face cyber-attacks.
The European Standard EN 303 645, developed by ETSI, is specifically designed for consumer IoT devices and specifies high-level security and data protection guidelines for consumer IoT devices that are connected to a network infrastructure and for their interactions with the associated services.
ETSI EN 303 645 intends to prepare the consumer IoT devices to be protected against the most common cybersecurity threats. To do so, it lists a set of security and privacy requirements and recommendations for manufacturers to implement in their products. These provisions cover different areas and are divided into 13 categories. Additionally, the ETSI EN 303 645 includes a data protection provision to help manufacturers to implement the necessary features to ensure privacy and integrity of data in their IoT products. This also means that compliance to relevant data protection regulation may have to be demonstrated (e.g., General Data Protection Regulation (GDPR) in Europe).
ETSI EN 303 645 is not only important as the first globally relevant cybersecurity standard for IoT consumer devices, but also because it provides the foundation for a basic level assurance for this type of devices as well as the baseline for possible future IoT certification schemes, such as foreseen by the EU Cybersecurity Act (CSA).
In India as per the National Digital Communication Policy (NDCP) 2018 released by Department of Telecommunications (DoT), it is it is estimated that more than 3 billion connected devices may exist in India by 2022. Telecom Engineering Centre (TEC), the technical wing of DoT has been working on Security by design principles and National Trust Centre (NTC) for IoT in a multi-stakeholders Working Group and the draft document under development is incorporating the standards & best practices being used across the globe. TEC has published a “Code of Practice for consumer IoT security” and it provides baseline requirements as a basis for the implementation of the recommendations from EN 303 645. It is also foreseen that the ETSI TS 103 701 (Cybersecurity assessment for consumer IoT products) will help in verifying compliance with the provisions available in the Code of Practice for consumer IoT security.
The topics will be explored by representatives of India and Europe in an online webinar that will allow exchange of updates around “IoT Security: Policy Prospective, Legislation & Standards”, “M2M/IoT Testing & Certification: Global, Regional & Local Framework” leading to identification of the next steps for the ongoing cooperation in this area.