The ETSI (European Telecommunications Standards Institute) Technical Committee on Cybersecurity (TC CYBER) released a cybersecurity standard for Internet of things (IoT) products. The aim of the standard is to establish a security baseline for IoT consumer devices and to provide a basis for future IoT systems. Implementing this standard will require manufacturers to cease using universal default passwords and to implement a vulnerability disclosure policy that will enable to report about security issues. The initial draft of the standard was based on the ‘Code of Practice for Security in Consumer IoT Products and Associated Services’ which was published by the UK Government department for Digital, Culture, Media and Sport in March 2018.
The Internet of Things (IoT) includes a wide range of Internet-connected devices, from highly digitalised cars, home appliances (e.g. fridges), and smart watches, to digitalised clothes that can monitor health. IoT devices are often connected in wide-systems, typically described as 'smart houses' or 'smart cities'.
Cybersecurity is among the main concerns of governments, Internet users, technical and business communities. Cyberthreats and cyberattacks are on the increase, and so is the extent of the financial loss.
Yet, when the Internet was first invented, security was not a concern for the inventors. In fact, the Internet was originally designed for use by a closed circle of (mainly) academics. Communication among its users was open.
Cybersecurity came into sharper focus with the Internet expansion beyond the circle of the Internet pioneers. The Internet reiterated the old truism that technology can be both enabling and threatening. What can be used to the advantage of society can also be used to its disadvantage.