FYI colleagues, the connect WG is handling a possible RIPE response to this consultation. If you have any comments or insight to contribute, please take them to the connect WG.
On 21 Feb 2019, at 14:28, Marco Hogewoning <marcoh@ripe.net> wrote:
The European Telecommunications Standardisation Institute (ETSI), earlier this week released their initial standard for securing IoT devices. The document is titled ‘Technical specification - Cyber Security for Consumer Internet of Things’ (ETSI TS 103 645), and states that its objective is, “...to support all parties involved in the development and manufacturing of consumer IoT with guidance on securing their products.”
While it remains a very high-level document, containing many recommendations our community probably takes for granted, it could be helpful in guiding newcomers towards a more secure implementation of their IoT services and devices. The recommendations include items like, for instance, using non-default passwords.
Although this is not yet a European Standard (EN) level specification, it is likely that any European standard specification in this area would be developed based on guidance from this document. In this context, a specification like this might also be reflected in product conformity guidelines such as the Radio Equipment Directive, that I posted about last week.
The specification is available at https://www.etsi.org/deliver/etsi_ts/103600_103699/103645/01.01.01_60/ts_103...