ETSI Blog

Mitigating the Cybersecurity Threats Which e-Voting Faces

2020-07-10 Posted by Tony Rutkowski, e-Voting Cybersecurity Group Technical Lead, ETSI 5065 Hits

Over the past few decades, many different kinds of electronic voting systems have emerged to assist elections workers and voters in making elections systems easier and faster.  Trusted, paper-based voting system modules for keeping pollbooks, authenticating voters, receiving elections notices and ballots, and casting and counting them have been in many places around the world been augmented with computer-based systems. In a few places, some experiments with network-based balloting have also occurred.

The experiences with these electronic augmentations have also revealed their substantial vulnerabilities and attack vectors that place the integrity of voting systems at risk, and a newfound realization that paper-based systems have enduring value. The ETSI e-Voting cybersecurity work item is intended to develop a framework for understanding and assessing the use of these electronic augments, the associated treats and risks, and provide best-practice guidelines for reducing those risks. A common consensus at the outset is that significant, enduring risks and corruptibility of network based or connected e-Voting exist, and its use should not be encouraged for anything with legal significance. 

How to secure consumer IoT devices: and why it matters

2019-08-15 Posted by Alex Leadbeater, ETSI TC CYBER Chair 6641 Hits

More and more consumer products contain wireless network connectivity either providing local short range connectivity to other devices or are directly connected to the internet – raising the risk of hacks or personal data breaches. Smart speakers, connected toys, domestic appliances and smart locks are all potentially vulnerable if not adequately secured by design and during their expected lifespan. As an example the Furby Connect doll with Bluetooth connectivity, enabled anyone within 100 feet to hack its wireless connection and access its microphone. Given that this product was intended for use by children, such a fundamental security flaw was especially unfortunate.

Everyone recognises there’s a problem, but exactly how to solve it isn’t yet well-defined. Governments are still developing legislation to improve security and product labelling, and to protect personal data. However, given the poor security of many current and historic IoT products regulation alone is not going to solve the problem overnight.

This leaves product vendors in a difficult position, with a need for clear direction in consumer IoT security. To fill this gap, ETSI recently announced ETSI TS 103 645, the first worldwide standard for consumer IoT security. This sets a benchmark for how to secure consumer products connected to the internet, and aims to promote best practice.

Why We Must Act Now to Establish Standards for Quantum Security

2019-04-15 Posted by Andrew Shields, Chair of ETSI Industry Specification Group in Quantum Key Distribution (ISG QKD) 5342 Hits

Quantum computing could soon emerge from research labs to handle practical workloads such as simulating complex processes or performing cryptographic calculations that are beyond the reach of current supercomputers. While this is all very exciting it poses serious issues for the security of many systems. Quantum computers could easily break current state of the art cryptography, so data encrypted today will become an easy target for quantum hackers of the future.

Cheap mass storage enables cyber criminals to harvest vast quantities of encrypted data and simply wait until they have the firepower to expose its secrets. Data protection regulations require organisations to maintain data confidentiality for periods of several years, so this is a serious threat.