DCMS launch Secure by Design regulation consultation
Consultation reveals plans to ensure that IoT consumer devices are protected from cyber attacks.
Plans to ensure that millions of household items that are connected to the internet are better protected from cyber attacks have been launched today by Digital Minister Margot James.
The Government will be consulting on options including a mandatory new labelling scheme. The label would tell consumers how secure their products such as ‘smart’ TVs, toys and appliances are. The move means retailers will only be able to sell items with an Internet of Things (IoT) security label.
The consultation focuses on mandating the top three security requirements that are set out in the current ‘Secure by Design’ code of practice. These include that:
IoT device passwords must be unique and not resettable to any universal factory setting.
Manufacturers of IoT products provide a public point of contact as part of a vulnerability disclosure policy.
Manufacturers explicitly state the minimum length of time for which the device will receive security updates through an end of life policy.
Following the consultation, the security label will initially be launched as a voluntary scheme to help consumers identify products that have basic security features and those that don’t.
Digital Minister Margot James said:
“Many consumer products that are connected to the internet are often found to be insecure, putting consumers privacy and security at risk. Our Code of Practice was the first step towards making sure that products have safety features built in from the design stage and not bolted on as an afterthought.
“These new proposals will help to improve the safety of Internet connected devices and is another milestone in our bid to be a global leader in online safety.”
National Cyber Security Centre (NCSC) Technical Director, Dr Ian Levy said:
“Serious security problems in consumer IoT devices, such as pre-set unchangeable passwords, continue to be discovered and it’s unacceptable that these are not being fixed by manufacturers.
“This innovative labelling scheme is good news for consumers, empowering them to make informed decisions about the technology they are bringing into their homes.”
CEO of techUK Julian David said:
“techUK welcomes the publication of the Government's consultation on regulatory next steps for consumer IoT. This follows the Government’s voluntary Secure by Design Code of Practice for consumer IoT security launched last year, which techUK supported. The Code advocates for stronger cyber security measures to be built into smart products right from the design stage.
“We are pleased that the security requirements outlined in the consultation are consistent with the Secure by Design Code of Practice and key industry standards that already exist for consumer IoT devices. This is an important first step in creating flexible and purposeful regulation that stamps out poor security practices, which techUK’s research shows can act as significant barriers on the take-up of consumer IoT devices.
“The proposals set out have the potential to positively impact the security of devices made across the world and it is good to see the Government is working with international partners to ensure a consistent approach to IoT security. techUK looks forward to responding to this consultation on behalf of our members.”
The consultation follows the government’s voluntary Secure by Design Code of Practice for consumer IoT security launched last year. The Code advocates for stronger cyber security measures to be built into smart products right from the design stage, and has already been backed by Centrica Hive, HP Inc Geo and more recently Panasonic.
The proposals come a day after Margot James held a roundtable on IoT security with global technology companies including Amazon, Philips, Panasonic, Samsung, Yale, Legrand and John Lewis.
Latest News from
Call for #CounciloftheFuture guest blogs!15/10/2019 14:25:00
techUK want your guest blogs on what the future of local public services will look like in a digital age #CounciloftheFuture.
techUK Members win at WITSA 2019 Global ICT Excellence Awards15/10/2019 11:25:00
techUK is pleased to announce that our members Yoti and Chipside have pick up awards at the prestigious WITSA 2019 Global ICT Excellence Awards.
How can regulators help the UK achieve net zero?14/10/2019 11:20:00
The National Infrastructure Commission has reported on how regulation needs to shift to meet net-zero.
£13 million announced for new AI conversion courses14/10/2019 10:25:00
DCMS and the Office for AI have announced £13 million for AI and data science conversion courses over the next three years to help encourage a more diverse workforce.
The Schools & Academies Show returns to Birmingham10/10/2019 14:25:00
The event is taking place on the 13 – 14 November at the NEC in Birmingham. With only 34 days to go, register now!
Early Tech Career Network: Intro to Data Ethics10/10/2019 11:25:00
Connect with others who are also new to the tech sector! techUK's next Early Tech Career Network event will provide an introduction to Data Ethics with some great...
World Trade Report 2019 focuses on the future of services trade09/10/2019 16:25:00
Today, in Geneva, the World Trade Organisation has published its latest World Trade Report, focused on the future of services trade.
techUK responds to the release of the No-Deal Readiness Report09/10/2019 11:25:00
The No-Deal Readiness Report details the business conditions UK companies will face in the event of a no deal exit and highlights guidance provided by Government.