What are IoT devices?
IoT devices are the nonstandard computing devices that connect wirelessly to a network and have the ability to collect, store and transmit data. Embedded with technology, these devices can communicate and interact over the internet. They can also be remotely monitored and controlled.
As technology continues to advance, anything can be turned into part of the IoT. There are many different types of IoT devices, some examples include
Computers: Desktop computers, laptops, tablets, and smartphones
Consumer Electronics: televisions, DVD players, and video game consoles
Communication devices: telephones, cell phones, and radios.
Smart Home appliances: washing machines, refrigerators, and air conditioners.
IoMT devices: Electronic devices worn on the body, such as smartwatches, fitness trackers, and smart glasses.
IIoT devices: some of the connected devices are used to control Industrial Automation and Control systems. These devices are devices used in factories and industrial settings to automate and control processes, such as programmable logic controllers (PLCs) and sensors.
Automotive Electronics: Electronic devices used in vehicles, including navigation systems, engine control units, and collision avoidance systems.
What types of IoT products can we differentiate?
A large percentage of electrical and electronic devices that surround us are connected (IoT) devices.
When the IoT technology is intended for individuals, rather than organizations, these devices are called consumer IoT products.
A wide range of devices and systems can collect, store and transfer health-related data. They are called IoMT devices, which can either be used by individuals or organizations.
IIoT devices refer to a wide range of devices and systems including products and machinery used for industrial or manufacturing environments.
Why is cybersecurity of IoT devices important?
One of the key challenges in the IoT device market is cybersecurity. Because IoT devices are connected to a network, they are vulnerable to cyber attacks that can compromise the confidentiality, integrity, and availability of the device, and the information it processes. This can have serious consequences, especially for devices that handle sensitive information or are critical to the operation of a system.
To address these challenges, it is important for manufacturers and other stakeholders to implement robust cybersecurity measures and follow relevant regulations and standards. This can help to reduce the risk of cyber-attacks and ensure the security of IoT devices.
What is ETSI 303 645?
ETSI EN 303 645 is a technical specification developed by the European Telecommunications Standards Institute (ETSI) that provides guidelines for the security of Internet of Things (IoT) devices. ETSI EN 303 645 is the first globally applicable Cybersecurity Standard for Consumer IoT Devices.
This standard covers consumer IoT devices that are connected to network infrastructure and their interactions with associated services, like smart TVs, CCTV cameras, speakers, connected home automation devices, IoT gateways, base stations, HUBs, wearable health trackers, baby monitors, IoMT devices, connected home appliances like smart refrigerators and washing machines, or connected alarm systems, door locks, smoke detectors, among many others.
ETSI EN 303 645 contains a set of 13 cybersecurity categories and some provisions specifically focused on Data Protection.
In addition to providing guidelines for device security, ETSI EN 303 645 also includes recommendations for the management of security risks, including the identification and assessment of risks, the implementation of controls to mitigate those risks, and the ongoing monitoring of risks.
How can QIMA support the evaluation of consumer IoT devices?
QIMA provides consultation, testing, and certification services for Consumer IoT devices.
Training/Consultancy: We offer workshops to guide developers on their journey to ETSI EN 303 645 compliance. We provide insights and document templates for preparing the ICS, IXIT, and additional documentation needed for an evaluation.
GAP Analysis: We assess the products to determine the differences between the current security implementation and the provisions defined in ETSI EN 303 645.
Product Evaluation: We evaluate the product based on the applicable provisions of the ETSI EN 303 645 and will issue a conformance evaluation report as well as the identified security gaps.
Statement of Conformity: QIMA issues a Statement of Conformity when the evaluated product meets the requirements defined in ETSI EN 303 645.