Sophia Antipolis, 6 March 2023
The ETSI group on Encrypted Traffic Integration (ISG ETI) is pleased to announce the release of the group report GR-ETI-002 “Requirements definition and analysis”, the next step for the problems previously outlined in the report GR-ETI-001 “Problem Statement”.
This report aims at making networks more transparent in the way security techniques are deployed. It focuses on the widespread adoption of the Zero Trust model, closely tied to explicit declarations of which specific security functions are being provided. The issue addressed in the ETSI report is part of the wider drive in cybersecurity to understand how the network functions, in a transparent and explicable manner. The report adopts some ongoing work on identity management and discovery for IoT, as well as work on the middlebox security protocols of the ETSI cybersecurity committee.
The work of ETI reinforces the use of encryption technologies as part of the overall arsenal of security capabilities in networks, whilst maintaining the societal responsibility aspects of applying such capabilities. Indeed, encryption, with its ability to keep data private, contributes to the social good. However, it can also be used to hide data in plain sight. ETSI GR-ETI-002 defines the requirements to make it harder to use encryption for illicit purposes.
ETSI is also leading the work on a number of EU legislative requirements arising from the Resolution on Encryption and developments in NIS2 and the CRA (Cyber Resilience Act). The Industry Specification Group will now concentrate on the detailed specification of applying the requirements to networks by working on a specification on "Integration strategies and techniques”.