ETSI EN 303 645 establishes a baseline security standard for consumer Internet of Things devices, covering 13 technical provisions and five data protection requirements for products ranging from smart home assistants to connected medical devices. Compliance with this standard aims to prevent large-scale botnet attacks, such as DDoS and cryptocurrency mining, by restricting attackers’ ability to control vulnerable smart devices globally. The Finnish IoT label, launched in 2019, serves as a certification scheme based on these criteria to help consumers identify sufficiently secure networking devices. To further support adoption, the ETSI Technical Committee CYBER is developing a test specification and implementation guide to complement the existing EN.
Keywords: IoT security, DDoS prevention, consumer device protection, ETSI EN 303 645, baseline security controls