Department for Digital, Culture, Media and Sport
Margot James speech at the IET Conference
Margot James' “Living in the internet of things” speech to the IET conference.
It is a pleasure to be here to launch this important piece of work.
When you look at what makes a world leading digital economy then cyber security is a crucial component of this.
And as data driven technologies become more and more widely adopted, cyber security is an issue that should concern policymakers all across the world.
Because the consequences of a major breach could be catastrophic.
Not just to our physical infrastructure, but also to the confidence that is needed to encourage the adoption of exciting new technologies.
Simple measures can form the best protection against cyber attacks.
Which means that the solutions are in our grasp.
And that the Government can have a key role to play here too.
The Internet of Things represents a new chapter of how technology becomes more common in our homes, making people’s lives easier and more enjoyable.
Forecasts vary, but some suggest that by next year, there will be an estimated twenty billion internet connected devices worldwide.
In the UK alone, it is estimated that ownership of smart devices could rise to 15 devices per household within the next twelve months.
The cyber security of these products is now as important as the physical security of our homes. Secure by design Organisations need to be taking care of their customers.
And the most effective way to do this is to make sure the products that they produce are secure by design.
Because security should no longer be an afterthought but should be embedded within everything. Last year we published the Code of Practice for Consumer IoT Security to support all parties involved in the development, manufacturing and retail of consumer IoT products.
Companies such as HP, Centrica Hive, Panasonic and Green Energy Options have all pledged their public support for the Code and we encourage other manufacturers and retailers to follow suit.
But many of the internet-connected devices currently on the market still lack even the most basic cyber security provisions.
This is unacceptable. The Government has a duty of care to its citizens, to help make sure they can access and use the internet safely.
Whilst Government have previously encouraged industry to adopt a voluntary approach, it is now clear that decisive action is needed to ensure that strong cyber security is built into these products by design.
So today we are launching our consultation on regulatory next steps for consumer IoT, which builds on the extensive work that we have done to date with industry.
The proposals within this consultation focus on ensuring that baseline cyber security is being built into these products by design.
This is why the basis of the proposals centres around the following top three guidelines of the Code of Practice.
First forbidding the use of universal default passwords in consumer IoT products,
Second, manufacturers must ensure that there is a contact point for security researchers to report vulnerabilities
And finally, consumers must be informed of the minimum length of time for which security updates are provided for their devices.
We are advocating a staged approach to regulation which will increase the baseline level of security within products whilst also providing manufacturers with sufficient time to implement the proposals.
But mandating security requirements based on the code’s top three guidelines is just the first step in the legislative journey.
As part of our commitment to review the code every two years, we will examine whether further guidelines will need to be mandated at a later date.
We know that consumers already care a great deal about security when buying an internet connected products, but there is still much more to be done to provide consumers with easy access to important information so that they can make more informed decisions when purchasing these products.
This is why we are also consulting on a voluntary labelling scheme to help consumers do just this.
The label will highlight compliance with the above mentioned aspects of the top three guidelines of the Code of Practice and will help consumers differentiate between products that have basic security provisions and those that do not.
Ultimately, the security of the Internet of Things is a global challenge, and so requires a global effort to get it right.
Our proposals are consistent with the Code of Practice and recently published industry standards on consumer IoT security.
We are working with stakeholders in Europe and internationally to drive forward a harmonised approach to securing consumer smart devices across international supply chains.
We hope the publication of this consultation will be the start of a longer conversation about how best to approach the regulation of consumer IoT products.
We want to hear your views, along with views from those outside this room.
My officials will be holding roundtables to gather stakeholders’ views and outlined in the report are a variety of mechanisms for providing feedback.
Please take advantage of them before the 5th June deadline.
I would like to take this opportunity to thank PETRAS, NCSC, industry and the various IoT security professionals involved, including David Rogers, for supporting the Government with developing these proposals.
We look forward to continuing to work with you all to achieve this secure by design vision over the coming months
Before I go, the message I want to leave you all with is this; we don’t have to choose between innovation and security.
The two are not mutually exclusive. In fact, good security gives the stability and the certainty that businesses need to thrive.
Well thought-out and flexible regulation in this space is so critical to the health of our economic success.
Latest News from
Department for Digital, Culture, Media and Sport
Confronting cyber threats to businesses and personal data18/10/2019 12:12:00
British businesses and the public are set to be better protected from hostile cyber-attacks and online threats like disinformation and cyber-bullying
Sandie Dawe appointed to the Historic England board16/10/2019 15:10:00
The Secretary of State has appointed Sandie Dawe as a Commissioners on the Historic England board for four years from 1 January 2020 to 31 December 2023.
Two members appointed to the Reviewing Committee on the Export of Works of Art16/10/2019 13:37:00
The Secretary of State has appointed Christober Baker and Stuart Lochead as Members of the Reviewing Committee on the Export of Works of Art for four years from 1 October 2019 to 30 September 2023.
Antonio Horta-Osorio reappointed as Chair of Wallace Collection16/10/2019 10:43:00
The Prime Minister has reappointed Antonio Horta-Osorio as Chair of the Wallace Collection for two years from 1 January 2020 to 31 December 2021.
New fund for frontline organisations tackling loneliness16/10/2019 08:10:00
A new £2 million fund is being launched to help organisations at the frontline of tackling loneliness across the country, Minister for Civil Society Baroness Barran yesterday announced.
Speech by Andrew Stephenson, Minister for Africa, to FT Africa Summit, October 201915/10/2019 12:10:00
Andrew Stephenson yesterday spoke at the event about delivering on the UK’s new approach to long-term economic partnerships with African countries, businesses and civil society.
New £250 million Culture Investment Fund launched14/10/2019 14:20:00
Investment will drive local growth, support young people, and reinforce culture’s role at the heart of communities.
Millions set to benefit from faster broadband with new plans to tackle rogue landlords10/10/2019 15:10:00
A new law will mean an extra 3,000 residential buildings a year will be connected to gigabit speeds. This part of the Prime Minister’s plan to level up the country and deliver nationwide coverage of fast broadband