The government has today published proposals for a new law that will help protect millions of smart device users from cybercriminals.
The proposals, drawn up by the Department for Digital, Culture, Media and Sport (DCMS) and supported by the technical expertise of the National Cyber Security Centre (NCSC), detail the government’s plans to raise the security standard for all consumer smart products sold in the UK.
As a first step the standard will make sure they adhere to three important requirements, which may be expanded on over time in consultation with stakeholders. The three requirements are:
- Device passwords must be unique and not resettable to any universal factory setting;
- Manufacturers must provide a public point of contact so anyone can report a vulnerability;
- Information stating the minimum length of time for which the device will receive security updates must be provided to customers.
This latest move by government is a significant step towards bringing robust security requirements for consumer smart products, such as smart speakers, kitchen appliances or cameras, into law as part of its ambition to make the UK the safest place to be online.
Research suggests there are now 20 billion smart devices – known as the Internet of Things (IoT) – in use around the world. But with only around 13% of manufacturers embedding even the most basic approaches to cybersecurity in their products, people’s privacy and security is at risk.
The government is already taking world-leading steps to tackle the problem and published a code of practice for consumer IoT security for manufacturers in 2018. Last month DCMS and the NCSC also played a vital role collaborating with global standards body European Telecommunications Standards Institute (ETSI) to develop the first major international standard for the security of smart devices, which will help protect consumers around the world from falling victim to cyber hacks through security vulnerabilities in devices bought on the global market.
Digital Infrastructure Minister Matt Warman said: “This is a significant step forward in our plans to help make sure smart products are secure and people’s privacy is protected. I urge organisations to respond to these proposals so we can make the UK the safest place to be online with pro-innovation regulation that inspires consumer confidence in our tech products. People should continue to change default passwords on their smart devices and regularly update software to help protect themselves from cyber criminals.”