|Step one to secure IoT devices; Change the manufacturer’s default password|
As part of the Singapore-UK Strategic Partnership, it was agreed that the two countries would work together improving the security of internet-connected devices (IoT).
The following op-ed, written by the NCSC CEO Ciaran Martin, was first published in GovInsider (02/10/19):
……. Since setting up in London three years ago, the NCSC and the UK’s DCMS have led the programme to make Internet of Things (IoT) devices to be ‘Secure by Design’. This means security should be built into a product before devices are taken home, rather than putting the burden of expectation on the general public to bolt on measures to make it safe to use.
This is needed because a worrying number of people do not change the manufacturer’s default password. Not only are these passwords often universal, they are easily guessed because of how obvious they are. The password ‘password’ is one such amusing but also troubling example. Our analysis has found that 23.2m accounts that have been breached had been ‘protected’ with that easy-to-guess password.
The growth of internet enabled devices poses a serious security risk. Without a way for consumers to judge the security of the products they buy, millions of inter-connected devices and the data they contain could be vulnerable to cyber attacks. The Security-by-Design UK-Singapore IoT Statement will drive improvements in the security of smart consumer products.