UK: New Laws for Internet Connected Devices

Smart Blog

UK: New Laws for Internet Connected Devices

UK Digital Minister Margot James launched plans to ensure that millions of household items that are connected to the internet are better protected from cyber-attacks. Options that the British Government will be consulting on include a mandatory new labeling scheme for Internet Connected Devices. The label would tell consumers how secure their products such as Smart-TVs, toys and appliances are. Retailers will only be able to sell products with an Internet of Things (IoT) security label.

The consultation focuses on mandating the top three security requirements that are set out in the current ‘Secure by Design’ code of practice:

  • IoT device passwords must be unique and not resettable to any universal factory setting.
  • Manufacturers of IoT products provide a public point of contact as part of a vulnerability disclosure policy.
  • Manufacturers explicitly state the minimum length of time for which the device will receive security updates through an end of life policy.

Following the consultation, the security label will initially be launched as a voluntary scheme to help consumers identify products that have basic security features and those that don’t.
Digital Minister Margot James said:

Many consumer products that are connected to the internet are often found to be insecure, putting consumers privacy and security at risk. Our Code of Practice was the first step towards making sure that products have security features built in from the design stage and not bolted on as an afterthought. These new proposals will help to improve the safety of Internet connected devices and is another milestone in our bid to be a global leader in online safety.

National Cyber Security Centre (NCSC) Technical Director, Dr Ian Levy said:

Serious security problems in consumer IoT devices, such as pre-set unchangeable passwords, continue to be discovered and it’s unacceptable that these are not being fixed by manufacturers. This innovative labelling scheme is good news for consumers, empowering them to make informed decisions about the technology they are bringing into their homes.

The CEO of techUK – the UK trade association for the technology industry – Julian David welcomed the publication of the Government’s consultation on regulatory next steps for consumer IoT. He said, the Code advocates for stronger cyber security measures to be built into smart products right from the design stage. The proposals came a day after Margot James held a roundtable on IoT security with global technology companies. As a result Amazon, Philips, Panasonic, Samsung, Miele, Yale and Legrand affirmed their commitment to taking steps to ensure that effective security solutions are being implemented across IoT products on the market. The consultation document is be available on the UK-Government’s Secure by Design pages and is open for 5 weeks.

Author: Tim Cole
Image Credit: Pixabay

Leave a Reply

Your email address will not be published. Required fields are marked *

*