Cyber Security for Consumer IoT: the connection with the European Cybersecurity Act

  • Home
  • Cyber Security for Consumer IoT: the connection with the European Cybersecurity Act

Error message

User warning: The following module is missing from the file system: cascading_grants_services. For information about how to fix this, see the documentation page. in _drupal_trigger_error_with_delayed_logging() (line 1184 of /var/www/html/web/includes/bootstrap.inc).
25 Jun

Cyber Security for Consumer IoT: the connection with the European Cybersecurity Act

The SDOs / SSOs you are working with at the moment

ETSI, ISO, CEN-CENELEC

Your main field(s) of activity

Personal data protection and cybersecurity

What ICT Challenges are you addressing in the ICT standardisation area?

Personal data protection and cybersecurity.

How, if implemented will this make a difference in a specific context ?

The potential benefits of the IoT and other digital services and systems will be achieved only if products and services are designed with trust, privacy and security built in, so consumers feel they are secure and safe to use.

Are there any best practices that you are aware of that put into practice these challenges described ?

We supported the approval of ETSI TS 103 645 ‘Cyber Security for Consumer Internet of Things‘. It is proposed to transpose TS 103 645 on consumer IoT security into an EN. We agree with the proposal but we suggest that several existing requirements are made normative (mandatory). For example the consumer should be informed by the appropriate entity, such as the manufacturer or service provider, that an update is required. Also, devices and services should be configured such that personal data can easily be removed from them when there is a transfer of ownership, when the consumer wishes to delete it, when the consumer wishes to remove a service from the device and/or when the consumer wishes to dispose of the device. For us it is essential that the standard respect the European rules on personal data protection and the security. It is possible that the standard will be used in the context of the European Cybersecurity Act.

What future actions or further specifications work would be necessary to undertake within an ICT Standards context?

We hope the Stand ICT project can continue to support the participation of European experts in international standardisation. We are considering now to follow the ISO/IEC work on Artificial Intelligence and robots and we would be grateful to count on the project funding.