Brian Sims
Editor |
Home> | Security | >IT Security | >Government to strengthen security of internet-connected products |
Government to strengthen security of internet-connected products
30 January 2020
A new law will protect millions of users of internet-connected household items from the threat of cyber hacks, Digital Minister Matt Warman has announced.
The plans, drawn up by the Department for Digital, Culture, Media and Sport (DCMS), will make sure all consumer smart devices sold in the UK adhere to the three rigorous security requirements for the Internet of Things (IoT).
These are:
-
All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting
-
Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner
-
Manufacturers of consumer IoT devices must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online
The sale of connected devices is on the rise. Research suggests there will be 75 billion internet connected devices, such as televisions, cameras, home assistants and their associated services, in homes around the world by the end of 2025.
Digital Minister Matt Warman said: "Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety.
"It will mean robust security standards are built in from the design stage and not bolted on as an afterthought."
The measures were developed in conjunction with the business industry and the National Cyber Security Centre (NCSC) and set a new standard for best practice requirements for companies that manufacture and sell consumer smart devices or products.
Following on from the consultation, Government’s ambition is to further develop legislation that effectively protects consumers, is implementable by industry and supports the long term growth of the IoT. Government aims to deliver this legislation as soon as possible.
Nicola Hudson, Policy and Communications Director at the NCSC, said: "Smart technology is increasingly central to the way we live our lives, so the development of this legislation to ensure that we are better protected is hugely welcomed.
"It will give shoppers increased peace of mind that the technology they are bringing into their homes is safe, and that issues such as pre-set passwords and sudden discontinuation of security updates are a thing of the past."
This follows the government’s voluntary Secure by Design Code of Practice for consumer IoT security launched in 2018. The Code advocates for stronger cyber security measures to be built into smart products at the design stage, and has already been backed by Centrica Hive, HP Inc Geo and more recently Panasonic.
The Government is working with international partners to ensure that the guidelines drive a consistent, global approach to IoT security. This includes a partnership with standards bodies. In February 2019 the European Standards organisation published the first globally-applicable industry standard on consumer IoT security, which is based on the UK Government’s Code of Practice.
- London Borough of Lewisham fails to meet consumer standards on fire safety
- Drama for IFE
- Natural progression
- LFB urges public not to light fireworks
- Hyfire protects legendary Irish pub
- Andrew Sharrad points to “rewarding” presidential term of office at IFE
- Landlord pleads guilty to fire safety breaches
- “Three-quarters of fire doors failed inspections in 2019” states FDIS
- Schneider Electric finalises sale of Pelco
- Firefighters urgent warning after London’s ‘biggest ever grass fire’
- From the editor
- Blog for FSM website
- Information Commissioner makes key appointments
- BSIA forges closer American links ahead of Brexit
- Fire and Security Association names new chair
- Government wants mergers regime update to protect national security
- Chain wrestling
- Intersec 2018 preview
- Leading brands supporting new Security Event at NEC
- Leading security companies support launch of new security event at the NEC