What our homes mean to us has been redefined over the COVID era. We now work, rest, and play within its boundaries, not only with family, but also with friends and colleagues in real life or through our computers and connected devices. This "open door" policy, spurred by the pandemic, shows no signs of abating. As a result, our homes are vulnerable in several new ways, and we need to ensure our "new normal" doesn't take advantage of our hospitality.
Homes are also becoming smarter; we're inviting in more technology that is viewing, analyzing, and understanding our daily lives: Think Ring doorbells, Alexas, Zoom, Teams, and banking apps. We are giving technology permission to have some amount of control over and insight into our lives — to do this, they need to be connected and therefore we are introducing more open doors for potentially uninvited guests.
For these reasons, Home Gateways are vital to homes in order to ensure the four walls we live in are protected from digital thieves in the same way that our front doors protect our homes. However, these Home Gateway systems will only work within the Internet of Things (IoT) if the systems and standards that link them enable clarity, comprehension, and collaboration between providers and end users. Unlike our physical homes, there are many ways into our digital home networks, and we only want invited guests.
Building on the Baseline
The growing concern regarding the increasing number of Internet-connected devices prompted a number of ETSI members to bring their experience in national guidance and security development together to develop EN 303 645 to act as a baseline for all IoT devices. The aim was to bring all IoT devices to the market with a level of security that started to take away uncertainty for the end user, to offer a device that provides a level of security and helps police the open doors.
However, as our homes become a more complex environment, which moves beyond the IoT, this baseline needs to be built upon. This is why ETSI created TS 103 848 to provide the opportunity to build higher and deeper defenses for now and in the future. Developed by the CYBER Technical Committee, it builds out guidance and examples of the application of the baseline and beyond, most recently encouraging a formal template to make it clear where the baseline is extended or, in rare cases, where it doesn't apply. The first related standard addressed smartphones and was released at the end of last year; the next one will focus on smart door locks. The technical specifications will secure physical devices between the in-home network and the public network, as well as the traffic between these networks, which is vital to home security.
What has been developed with this new Home Gateway security document is important in that it makes it possible to achieve a high level of baseline security at the border of the Internet and home, which is integral to our new digital homes staying secure. It also strengthens the idea that simple security models developed to be universal can be extended and applied to vertical domains without invalidating the universal model. During the entire development of the Home Gateway requirements, and continuing in the development of test and validation of the requirements, there has been involvement from all parts of the stakeholder community. This means developers, manufacturers, operators, regulators, and testers have all come together to make the common baseline and set up for the future.
Home Gateways are the first line of security defense for connected IoT and other home devices. While a secure Home Gateway does not remove the need for strong security of local devices connected to the gateway, it can provide protection against vulnerability for legacy devices or for those devices that cannot otherwise be secured. A secure Home Gateway is therefore a key security layer of the connected home. In a world where IoT devices are in every room of our households, measures to secure them and protect citizens from malicious attacks are of the essence.
Protecting our home is something we can never be complacent about and the Home Gateway addresses and keeps secure the gateways and windows into our lives that the digital world offers. Thus, the age-old promise of the ideal work-life balance has been brought closer with the hybrid of work from home, the occasional commute, flexible working hours, and a secure Internet starting with the basics of a secure Home Gateway.
The ETSI consumer cybersecurity standard is supplemented by a test specification to help manufacturers pass certification schemes, a guide to facilitate implementation, and a template to better develop future vertical standards, within the committee or other standardization bodies.
- To help manufacturers and other stakeholders, the ETSI CYBER technical committee has also released a Technical Report, ETSI TR 103 621 [Note: PDF download], to provide guidance to implement the provisions in ETSI EN 303 645.
- To help develop other vertical standards, ETSI has created a template [Note: Word doc download] providing a structured way to extend EN 303 645 for the vertical domain.