Introducing… ETSI’s Technical Committee: CYBER

The world has never been more connected than it is today. The Internet has become critical to our everyday lives, for businesses and individuals, and so too has its security. With our growing dependence on networked digital systems comes an increase in the variety and scale of threats and cyber attacks.

A variety in the protective methods used by countries or organizations can make it difficult to assess risk systematically and to ensure consistent, adequate security. Therefore, standards have a key role to play in improving cybersecurity – protecting the Internet and IoT, securing communications and providing security tools for businesses that need them. ETSI TC CYBER is making these standards for today and for the future.

ETSI TC CYBER is recognized as a major trusted centre of expertise offering market-driven cybersecurity standardization solutions, advice and guidance to users, manufacturers, network, infrastructure and service operators and regulators. ETSI TC CYBER works closely with stakeholders to develop standards that increase privacy and security for organizations and citizens across Europe and worldwide. We provide standards that are applicable across different domains, for the security of infrastructures, devices, services, protocols, and to create security tools and techniques.

TC CYBER is the most security-focused technical committee in ETSI, and we have many strands of work. This roadmap describes each of TC CYBER's key areas where standardisation can help on the journey to better security.

Our work

Our work is split across 9 key areas: understanding the cybersecurity ecosystem, IoT security and privacy, cybersecurity for critical national infrastructures, protection of personal data and communication, enterprise and individual cybersecurity, cybersecurity tools, support to EU legislation, forensics, and quantum-safe cryptography. You can find out more about each area below.

globe    Understanding the cybersecurity ecosystem

TC CYBER created a Technical Report on the Global cybersecurity Ecosystem (TR 103 306), to discover and assemble lists of global cybersecurity constituents. We believe this knowledge is important, as we need to find where TC CYBER can best contribute to the global security landscape. It attempts to be as inclusive as possible to expand our collective insight into the extent and diversity of the ecosystem, including:

  • forums that develop techniques, technical standards and operational practices
  • major IT developer forums affecting cybersecurity
  • activities for continuous information exchange
  • global and national centres of excellence
  • reference libraries, conferences, and publications
  • heritage sites and historical collections

This area of work is all about creating a common cybersecurity ecosystem, but it also shows TC CYBER’s reach both in Europe and globally.

House protecting peopleProtection of personal data and communication

Protecting personal data has become a hot topic, especially since publication of the GDPR, and with ePrivacy on the horizon, TC CYBER is doing the work to match.

TS 103 458 describes high-level requirements for Attribute-Based Encryption (ABE). One objective is to provide user identity protection, preventing disclosure to an unauthorized entity. It defines personal data protection on IoT devices, WLAN, cloud and mobile services, where secure access to data has to be given to multiple parties, according to who that party is. ABE lets you define user access based on attributes – for employees in a company, this could be the department they work in, or if they are in a probation period – restricting access to data to those who are allowed to view it.

TS 103 532 focuses on Attribute-Based Encryption to control access to data, aiming to provide user identity protection whilst preventing disclosure of data to an unauthorized entity.

Recent work focuses on protecting identity of devices and users, inspired by industry’s need for GDPR compliance. Much connectivity currently operates on all-or-nothing trust; you connect your device to a network and it has to be trusted completely, or not at all (and then it doesn’t work!) TS 103 486 describes how devices can be discovered pseudonymously and builds a more nuanced trust establishment mechanism.

TR 103 370 focuses on technical standards that can be used for data protection according to GDPR, which centres around personally identifying information. TC CYBER recognizes its role in supporting European regulation and legislation.

Many red dots in white space    IoT security and privacy

As more devices in our homes connect to the internet and as people entrust their personal data to an increasing number of services, the cybersecurity of the Internet of Things is becoming a growing concern. Poorly secured products threaten consumer’s privacy and some devices are exploited to launch large-scale DDoS cyber attacks. 

The first globally applicable standard for consumer IoT was released by TC CYBER in 2019: TS 103 645. “Cybersecurity in the Internet of Things” is a technical specification that describes building security into IoT products from their design, rather than bolting security measures on at the end – which is less effective and more prone to retrofitting awkward security measures, or security being left out entirely.

TS 103 645 supports a good security baseline for internet-connected consumer products, provisioning a set of 13 recommendations, with the top three being: no default passwords, implement a vulnerability disclosure policy, and keep software updated.

Other IoT work in TC CYBER includes a report on Critical Security Controls (TR 103 305-3), which is applicable to IoT. ETSI hosts an annual IoT Week in October too; you can find out more about this on the IoT events page.

Medical sign, windmill, plane and bank combinedCybersecurity for critical national infrastructures

Critical infrastructure is defined in TR 103 303 as: “any infrastructure for which loss or damage in whole or in part will lead to significant negative impact on one or more of the economic activity of the stakeholders, the safety, security or health of the population”. Examples include power plants, drinking water, hospitals and train lines.

TR 103 303 reviews roles and subsequent measures for the protection of Critical Infrastructure, where the Critical Infrastructure in whole or in part is composed of technologies using cybersecurity mechanisms. The resulting measures and processes for Critical Infrastructure Protection (CIP) are defined and relevant mechanisms to be implemented are identified.

This technical report inspired the creation of a new work item – to create and standardize metrics for supporting CI. This is often the way with ETSI work – a TR might identify gaps and then we move to standardise those vacant spaces, to ensure a consistent approach to cybersecurity.

Another current work item aims to improve smart meter security; this was originally a project from H2020, a set of EU-instigated research projects. Research projects like this are welcomed in TC CYBER and, like many TC CYBER pieces of work, this particular project could be considered to interact with IoT security.

Buildings in circle    Enterprise/organization and individual cybersecurity

ETSI creates standards that are driven by industry need. In 2017, ETSI published a Technical Report (ETSI TR 103 421) that recommended providing standards-based solutions to the evolving needs of industry, networks and middleboxes. Middleboxes are a crucial part of network function and defence today, whether you call them proxies, middleboxes, firewalls or intrusion detection systems.

This recommendation led to the creation of the Middlebox Security Protocol, or MSP – which is being delivered in parts, so as to be extensible where necessary – as the TS 103 523 series.

MSP allows proxies access to only the parts of the data that they need, controls whether the data can be modified or not, gives the client and server visibility of what the proxies are doing, and protects proxies from malicious clients or servers. MSP gives improvements to overall system security compared to usage of a traditional MITM proxy and enables new scenarios to be supported that were traditionally unavailable.

MSP is more widely applicable than traditional MITM proxies, as it facilitates similar functions but does so more securely and with more control. It can be used to:

  • enable data centre operations, such as: load-balancing, troubleshooting, malware detection, investigation of network attacks, and more, on encrypted networks
  • restrict access of data on a fine-grained scale, protecting privacy for users
  • specify required security properties of middleboxes and their visibility to endpoints

The Critical Security Controls (TR 103 305) are a five-part series of pragmatic guidance and advice that are widely applicable to many enterprises - and very understandable. Each part focuses on a separate aspect of enterprise security.

Customs man    Forensics

We have an ongoing work item to provide assurances of digital material that are so strong that they can be used in legal or criminal proceedings. This work item identifies a process of receiving, transforming and outputting material that can be assured digitally – and importantly, the assurance of the material is not dependent on the process having been carried out by a specially-trained human expert. This innovative piece of work shows yet again the forward-leaning nature of TC CYBER and our willingness to embrace new standards that are derived from industry need.

gear symbols    Cybersecurity tools


TC CYBER works on several specific techniques and tools to enhance cybersecurity.

TS 103 457 solves the problem where organizations want to protect customer data whilst still using a cloud that is not under their direct control. TS 103 457 standardizes an interface between a "secure vault" that is trusted and a cloud that could be anywhere, where such sensitive data is stored in the vault. This allows a sensitive function to exist in a lower security environment, with data held securely. This widely applicable; for example, this interface can be used with new NFV technology to allow secure authentication of users for billing purposes. Virtualisation means that processing can happen anywhere and might be untrusted, so these secure vaults are needed to protect sensitive functions and data. This need is more common than ever as NFV technology becomes widespread.

Another technique we're working on is to protect software in a white box model – another growing need in security today, external encodings for the Advanced Encryption Standard (AES) and a guide to Identity-Based Encryption.

We're also updating TS 102 165-2 (Methods and Protocols for Security Part 2: Counter Measures); the original was based on the eEurope 2005 action plan and legislation, which focused on "the widespread availability and use of broadband networks throughout the European Union … and the security of networks and information, eGovernment, eHealth and eBusiness". This requires a truly pan European supporting infrastructure.

Our previous work in this area also includes TR 103 331 (Structured threat information sharing), as cyber threat information sharing - often described as threat intelligence sharing - is one of the most important components of an organization's cybersecurity program. This report provides a survey of ongoing activities and the resulting platforms that are aimed at structuring and exchanging cyber threat information – to inform TC CYBER’s future work.

BalanceDirect support to EU legislation 

We recognize our key role to play in helping stakeholders comply with regulation, such as the NISWe recognize our key role to play in helping stakeholders comply with regulation, such as the NISDirective, ePrivacy, GDPR and the Cybersecurity Act, demonstrated by our publications giving guidance to meet the legal measures and technical requirements of the NIS Directive and GDPR. TC CYBER understands its responsibility in supporting EU legislation.

We issued guidance on implementing the NIS Directive (Networks and Information Systems Directive) in TR 103 456. Its strength results in ETSI's ability, as a regional and global organization, to bring together industry expertise and global cybersecurity knowledge, including its own cybersecurity technical specifications and report.

Our specification TS 103 485 provides a set of considerations for industry and mechanisms to use when aiming to achieve compliance to the requirements in the General Data Protection Regulation (EU) 2016/679 [5] (GDPR). TR 103 370 also provides guidelines and best practices to manage privacy, aiming to help achieve compliance with GDPR.

Lock in a red frame    Quantum-safe cryptography 

The emergence of quantum computing will present a serious challenge to current cryptographic techniques. Previously secure and encrypted information – such as bank account details, identity information and military data – will become subject to discovery and possible misuse. New ‘quantum-safe’ cryptographic techniques have emerged in recent years that provide protection against quantum threats.

We are addressing these security issues by developing recommendations and specifications for the transition to quantum-safe applications in our Working Group on Quantum Safe Cryptography (QSC) within TC CYBER. We aim to standardise methods that mitigate the potentially disruptive technology of quantum computing.

You may have heard of the NIST process to standardize quantum-safe algorithms – ETSI is complementing this approach with practical advice on implementation, integration, migration times and risk assessment – all aimed at industry.

QSC's focus is on the practical implementation of quantum safe primitives, including performance considerations, implementation capabilities, protocols, benchmarking and practical architectural considerations for specific applications. This is exemplified by QSC's recent report on Quantum VPNs, TR 103 617.

ETSI is also working on the related concept of Quantum Key Distribution (QKD).

The most recently published technical report from QSC is on the topic of Quantum-Safe Key Exchanges (TR 103 570).

The future

TC CYBER is an active committee with many work items open at any one time. In late 2019, we are working on topics that include: identity-based cryptography guides for industry, protocols designed for industry use cases, and a test specification for the globally leading consumer IoT security standard TS 103 645.

Click on the bubbles below for more information on what future topics TC CYBER has on its road map...

A list of possibilities

    For AI see also our ISG SAI
Red round circle with text "Identity based encryption" with pop-up including caption text on subject Red round circle with text "Certification" with pop-up including caption text on subject Red round circle with text "Artificial Intelligence" with pop-up including caption text on subject
   Red round circle with text "Network Management" with pop-up including caption text on subject   Red round circle with text "Crypto agility" with pop-up including caption text on subject   Red round circle with text "Crypto agility" with pop-up including caption text on subject

Find out more

For more on ETSI's security work, check out the cybersecurity page on our website.

If you are interested to join ETSI including TC CYBER, please refer to membership information and contacts on the CYBER committee page