The European Telecommunications Standards Institute (ETSI) released what it described as the first globally-acceptable security standard for consumer IoT devices.

ETSI said security of IoT devices was becoming a growing concern and the standards, set out by its technical committee on cybersecurity, created a “security baseline” for devices.

To meet the specification, devices must adhere to 13 rules including by allowing: secure credential storage; updatable software; the ability to easily delete personal data; reporting of vulnerabilities; and avoiding universal passwords.

The standard has been designed to be suitable for a range of consumer-facing devices. These include: children’s toys and baby monitors; safety systems; TVs and speakers; wearable health trackers; connected home automation systems; and connected appliances.

Trust
In a statement, ETSI said: “People entrust their personal data to an increasing number of online devices and services. In addition, products and appliances that have traditionally been offline are now becoming connected and need to be designed to withstand cyber threats. Poorly secured products threaten consumer’s privacy and some devices are exploited to launch large-scale Distributed Denial of Service cyber attacks.”

Specifications related to data storage and privacy were partly designed to also ensure devices conform to the European Union’s General Data Protection Regulation.

ETSI is an EU-recognised standards agency which counts divisions of Microsoft; Google; Facebook; Huawei; LG; Motorola; Nokia; Qualcomm; Samsung; Telenor; Telefonica; Vodafone; and Ericsson as members.

The body is not the only organisation to outline standards for IoT devices. At MWC Shanghai 2018, mobile operators from across the globe committed to the GSMA’s IoT Security Guidelines. US industry group CTIA offers a similar initiative.