|
European Standardisation organisations and Consumer IoT devices
The European Standardisation Organisations (ESOs) are mandated to draft and provide lists of standards to cover the New legislative framework’s domains. This framework includes the rules for EU safety conformity assessment. More specifically, DG Grow intends to enhance the directive on Radio Equipment directive with specific security requirements for internet-connected radio equipment. This category covers a large part of the landscape of consumer IoT products.
ETSI New Work Item
ETSI is working on a document to specify provisions for assessing and testing consumer IoT products against the provisions of draft EN 303 645 / TS 103 645 v1.1.1 on Security requirements for Consumer IoT (UK led).
This work intends to specify test scenarios for assessing consumer IoT products against the provisions of EN 303 645/TS 103 645. It is to set out mandatory and recommended assessments, as well as guidance and examples to support their implementation. A document is being written to be used by testing labs and certifying bodies that provide assurance on the security of relevant products, as well as manufacturers that wish to carry out a self-assessment.
The document won’t set out detailed testing protocols. However, it is intended as input to a potential EU cybersecurity certification scheme as proposed in the Cybersecurity Act.
Current Supporters are BMWi, ANEC, Huawei Tech. UK Co. Ltd, KAT, NCSC, CIS, DCMS and Eurosmart. The representative of Eurosmart is the rapporteur for this ETSI work item
A CEN/CENELEC ETSI joint working group
A joint working group between with CEN/CENELEC JTC 13 and ETSI TC CYBER is to be set up. Its objective will be to produce joint publications (Technical Reports, Technical Specifications, European Norms etc.) on Consumer IoT Security and to ensure that they are consistent and appropriate, and to meet any requirements of the EU Cybersecurity Act and other.
The joint WG will collect cybersecurity requirements for Consumer IoT from relevant stakeholders and identify gaps where existing standards do not fulfil the requirements and provide publications to address these gaps, avoiding duplication of work done by other committees and partnership projects.
The definition of IoT would be the one found in the latest version of ISO/IEC 20924:2018.
“Internet of Things (IoT) : an infrastructure of interconnected objects, people, systems and information resources together with149intelligent services to allow them to process information of the physical and the virtual world and react »
The upcoming requirements may include the Radio Equipment Directive (RED) and additional areas determined jointly by TC CYBER and JTC13 in the future. Eurosmart is a member of both working groups.
European Commission’s Group of Experts on Radio Equipment Directive
Article 45 of the RED establishes the telecommunication conformity assessment and market surveillance Committee (TCAM). It gives its opinion on proposed implementing acts under the RED. TCAM will impact the work of ESO to reference appropriate standards within the Radio Equipment directive for product safety and software upload. Eurosmart is a member of this Group of Experts and will carefully liaise with the ESOs.
DIN NIA 41 "Security Requirements for Smart home IoT devices "
The German national level, DIN will mirror the activity of ESO. The Eurosmart IoT certification scheme and its set of requirements (General Security Profile, and ESTI security profiles) has been presented and was welcomed by the members during the first discussions.
Next steps
It will be proposed at the next council to be organised on the 20th of November to set up a dedicated task force to gather members inputs and to contribute to these activities. |
