Team Lead Security Compliance and Certifications, Secura B.V.
Razvan Venter works as a Senior Certification Specialist and has multiple years of experience in IT security evaluation and certification for leading international laboratories. Within Secura, Razvan leads the IoT Security Lab group, focused on compliance and certification services across the IoT landscape.
“ETSI EN 303 645 – the ultimate IoT testing baseline. Lessons learned and way forward.”
Efficient security evaluation of consumer IoT products has been an increasing issue during the last years. This is due to the highly increasing market of connected consumer products, while on the other hand the need for efficient, quick, but also sufficient testing frameworks. With these constraints in mind, the ETSI EN 303 645 standard has been drafted in order to address specifically the security validation needs of consumer IoT products. Inspired from the UK Code of Practice for consumer IoT devices, as well as the joint contribution of international experts, the final version of the standard is currently published and ready to be applied internationally. The claimed efficiency of the standard has been assessed in practice by the experts of Secura on several target consumer products, such as for example smart cameras. The lessons learned from these pilots will be shared during the talk, summarizing the pro’s, limitations and other aspects that need to be considered in the practical usage of the standard.
Furthermore, the current European cybersecurity regulatory landscape is asking for harmonized security testing and certification frameworks for consumer products. The feasibility of ETSI EN 303 645 as a baseline for such an international testing and certification scheme is being promoted, while several countries have already worked on implementing such local schemes. This state of the art will be discussed, together with prospects for the next years