ETSI 303 645 impact

What’s your take on the new ETSI IOT cyber security standard:

Are you ready for it?

I guess it means the suppliers also need to step up, since now secure boot, secure storage and encryption is mandatory…

I guess it’s just up to enforcement. The article points to UK and Finland being on the verge of making the standard mandatory.

Linked is draft. In mean time, it has been published (v2.1.1). As all ETSI standards, this is available free from their website. Direct link:

On one hand this certainly increases the quality of IoT devices (your fridge-fleet DDoS’ed us), on the other hand, it makes COTS HW less hackable.

Yes, it is published. I linked to the draft, sorry. EN means it will soon be mandatory in EU. US will probably follow soon thereafter.

I guess most serious suppliers (Espressif??) will have it all ready, so your own effort is reduced. The point about a direct contact to the firm in case of hacks etc will probably be difficult for many Chinese firms, where an english manual is not default