You are here: Home > Participate > Join a Discussion > RIPE Forum
RIPE Forum v1.4.1

IoT Working Group

Threaded
Collapse

[iot-wg] For information: ETSI releases IoT security standard

Marco Hogewoning

2019-02-21 15:28:01 CET

RIPE NCC staff member

Dear colleagues,

The European Telecommunications Standardisation Institute (ETSI), earlier this week released their initial standard for securing IoT devices. The document is titled ‘Technical specification - Cyber Security for Consumer Internet of Things’ (ETSI TS 103 645), and states that its objective is, “...to support all parties involved in the development and manufacturing of consumer IoT with guidance on securing their products.”

While it remains a very high-level document, containing many recommendations our community probably takes for granted, it could be helpful in guiding newcomers towards a more secure implementation of their IoT services and devices. The recommendations include items like, for instance, using non-default passwords.

Although this is not yet a European Standard (EN) level specification, it is likely that any European standard specification in this area would be developed based on guidance from this document. In this context, a specification like this might also be reflected in product conformity guidelines such as the Radio Equipment Directive, that I posted about last week.

The specification is available at https://www.etsi.org/deliver/etsi_ts/103600_103699/103645/01.01.01_60/ts_103645v010101p.pdf 

Regards,

Marco Hogewoning
RIPE NCC
User Image

Peter Steinhaeuser

2019-02-21 15:33:17 CET

Dear Marco,

thanks a lot!

Best,
Peter

> Am 21.02.2019 um 15:28 schrieb Marco Hogewoning <marcoh _at_ ripe _dot_ net>:
> 
> Dear colleagues,
> 
> The European Telecommunications Standardisation Institute (ETSI), earlier this week released their initial standard for securing IoT devices. The document is titled ‘Technical specification - Cyber Security for Consumer Internet of Things’ (ETSI TS 103 645), and states that its objective is, “...to support all parties involved in the development and manufacturing of consumer IoT with guidance on securing their products.”
> 
> While it remains a very high-level document, containing many recommendations our community probably takes for granted, it could be helpful in guiding newcomers towards a more secure implementation of their IoT services and devices. The recommendations include items like, for instance, using non-default passwords.
> 
> Although this is not yet a European Standard (EN) level specification, it is likely that any European standard specification in this area would be developed based on guidance from this document. In this context, a specification like this might also be reflected in product conformity guidelines such as the Radio Equipment Directive, that I posted about last week.
> 
> The specification is available at https://www.etsi.org/deliver/etsi_ts/103600_103699/103645/01.01.01_60/ts_103645v010101p.pdf 
> 
> Regards,
> 
> Marco Hogewoning
> RIPE NCC
> _______________________________________________
> iot-wg mailing list
> iot-wg _at_ ripe _dot_ net
> https://lists.ripe.net/mailman/listinfo/iot-wg


Peter Steinhäuser, CEO
embeDD GmbH · Alter Postplatz 2 · 6370 Stans · Switzerland
Phone: +41 (41) 784 95 85 · Fax: +41 (41) 784 95 64
 

User Image

Yurii Kargapolov

2019-02-22 10:18:35 CET

Thanks Marco,
It's relevant for business problems

Best,
Yuri
ISOC IoT SIG

Thursday, February 21, 2019, 4:28:01 PM, you wrote:

> Dear colleagues,

> The European Telecommunications Standardisation Institute (ETSI),
> earlier this week released their initial standard for securing IoT
> devices. The document is titled ‘Technical specification - Cyber
> Security for Consumer Internet of Things’ (ETSI TS 103 645), and
> states that its objective is, “...to support all parties involved in
> the development and manufacturing of consumer IoT with guidance on securing their products.”

> While it remains a very high-level document, containing many
> recommendations our community probably takes for granted, it could
> be helpful in guiding newcomers towards a more secure implementation
> of their IoT services and devices. The recommendations include items
> like, for instance, using non-default passwords.

> Although this is not yet a European Standard (EN) level
> specification, it is likely that any European standard specification
> in this area would be developed based on guidance from this
> document. In this context, a specification like this might also be
> reflected in product conformity guidelines such as the Radio
> Equipment Directive, that I posted about last week.

> The specification is available at
> https://www.etsi.org/deliver/etsi_ts/103600_103699/103645/01.01.01_60/ts_103645v010101p.pdf

> Regards,

> Marco Hogewoning
> RIPE NCC
> _______________________________________________
> iot-wg mailing list
> iot-wg _at_ ripe _dot_ net
> https://lists.ripe.net/mailman/listinfo/iot-wg


Jim Reid

2019-10-17 10:36:03 CET

FYI colleagues, the connect WG is handling a possible RIPE response to this consultation. If you have any comments or insight to contribute, please take them to the connect WG.

> On 21 Feb 2019, at 14:28, Marco Hogewoning <marcoh _at_ ripe _dot_ net> wrote:
> 
> The European Telecommunications Standardisation Institute (ETSI), earlier this week released their initial standard for securing IoT devices. The document is titled ‘Technical specification - Cyber Security for Consumer Internet of Things’ (ETSI TS 103 645), and states that its objective is, “...to support all parties involved in the development and manufacturing of consumer IoT with guidance on securing their products.”
> 
> While it remains a very high-level document, containing many recommendations our community probably takes for granted, it could be helpful in guiding newcomers towards a more secure implementation of their IoT services and devices. The recommendations include items like, for instance, using non-default passwords.
> 
> Although this is not yet a European Standard (EN) level specification, it is likely that any European standard specification in this area would be developed based on guidance from this document. In this context, a specification like this might also be reflected in product conformity guidelines such as the Radio Equipment Directive, that I posted about last week.
> 
> The specification is available at https://www.etsi.org/deliver/etsi_ts/103600_103699/103645/01.01.01_60/ts_103645v010101p.pdf 


Marco Hogewoning

2019-10-17 11:08:28 CET

RIPE NCC staff member

Dear colleagues,

Please be aware that the below is a FYI.

The Connect WG is currently looking into submitting a response to a BEREC consultation regarding the definition of the Network Termination Point, as part of implementing the recent European Electronic Communications Code.

The BEREC draft guidelines are available from

https://berec.europa.eu/eng/document_register/subject_matter/berec/regulatory_best_practices/guidelines/8821-berec-guidelines-on-common-approaches-to-the-identification-of-the-network-termination-point-in-different-network-topologies 

And as Jim mentioned, please leave any comments to the Connect WG mailing list, as this working group is trying to reach a consensus opinion to submit into the public consultation process on behalf of the RIPE community.

Best,

Marco Hogewoning
External Relations, RIPE NCC

> On 17 Oct 2019, at 10:36, Jim Reid <jim _at_ rfc1035 _dot_ com> wrote:
> 
> FYI colleagues, the connect WG is handling a possible RIPE response to this consultation. If you have any comments or insight to contribute, please take them to the connect WG.
> 
>> On 21 Feb 2019, at 14:28, Marco Hogewoning <marcoh _at_ ripe _dot_ net> wrote:
>> 
>> The European Telecommunications Standardisation Institute (ETSI), earlier this week released their initial standard for securing IoT devices. The document is titled ‘Technical specification - Cyber Security for Consumer Internet of Things’ (ETSI TS 103 645), and states that its objective is, “...to support all parties involved in the development and manufacturing of consumer IoT with guidance on securing their products.”
>> 
>> While it remains a very high-level document, containing many recommendations our community probably takes for granted, it could be helpful in guiding newcomers towards a more secure implementation of their IoT services and devices. The recommendations include items like, for instance, using non-default passwords.
>> 
>> Although this is not yet a European Standard (EN) level specification, it is likely that any European standard specification in this area would be developed based on guidance from this document. In this context, a specification like this might also be reflected in product conformity guidelines such as the Radio Equipment Directive, that I posted about last week.
>> 
>> The specification is available at https://www.etsi.org/deliver/etsi_ts/103600_103699/103645/01.01.01_60/ts_103645v010101p.pdf 
>