Security report urges IoT manufacturers to ‘get smart’

1 min read

More than 400million smart devices are expected to be in use across the UK within three years and the Department for Culture, Media and Sport (DMCS) believes these could be exploited as part of large-scale cyber attacks. Looking to counter such threats, those developing ‘smart’ devices, such as televisions, toys and speakers, will be expected to build-in tough new security measures that last the lifetime of the product.

According to the Government, it will work with industry to implement a rigorous code of practice to improve the cyber security of consumer internet-connected devices. Margot James, Minister for Digital and the Creative Industries, said: “We have worked alongside industry to develop a tough new set of rules so strong security measures are built into everyday technology from the moment it is developed.

“This will help ensure that we have the right rules and frameworks in place to protect individuals and that the UK continues to be a world-leading, innovation-friendly digital economy.”

The initiative is described as a key part of the Government’s five year, £1.9 billion National Cyber Security Strategy, intended to make the UK the most secure place in the world in which to live and do business online.

The Secure by Design report, developed in conjunction with the National Cyber Security Centre, outlines way to embed security in the design process, rather than ‘bolting’ security on as an afterthought.

Dr Ian Levy, the NCSC’s technical director, said: “We are pleased to have worked with DCMS on this vital review and hope its legacy will be a government ‘kitemark’ clearly explaining the security promises and effective lifespan of products.”

The report outlines practical steps for manufacturers, service providers and developers. This urges firms to make sure:

  • All passwords on new devices and products are unique and not resettable to a factory default, such as ‘admin’;
  • They have a vulnerability policy and public point of contact so security researchers and others can report issues immediately and they are quickly acted upon;
  • Sensitive data which is transmitted over apps or products is encrypted;
  • Software is automatically updated and there is clear guidance on updates to customers;
  • It is easy for consumers to delete personal data on devices and products;
  • Installation and maintenance of devices is easy.

Alongside these measures, the report proposes developing a product labelling scheme so consumers are aware of a product’s security features at the point of purchase. The Government will work closely with retailers and consumer organisations to provide advice and support.