Monday 15 Oct 2018 @ 14:25
techUK
Printable version

Secure by Design Code of Practice: Why it is important

Code outlines guidelines that manufacturers of consumer IoT devices should implement into their product’s design to keep consumers safe.

We’ve all heard the stats before. By 2020, over 12bn consumer devices will be internet connected. From your smart meter to your smart TV, these Internet of Things (IoT) devices can bring a range of benefits to consumers such as greater user experience and lower costs.

Concerns, however, have been raised about the poor security inherent within some of the connected consumer devices currently on the market and the lack of incentives for manufacturers to build security into the devices from the outset. Some of this is down to the lack of awareness amongst consumers of security weaknesses when buying devices, whilst others have argued that the multitude of standards and guidelines out there have made things too complicated for those creating IoT products and services.

That is why we at techUK were so keen to support the Department for Digital, Culture, Media and Sport (DCMS) in its ‘Secure by Design’ review, since it sought to address these problems by:

  • Creating a Code of Practice for manufacturers of consumer IoT products and services
  • Mapping guidelines in the Code of Practice to existing UK and international recommendations and standards
  • Issuing consumer guidance on smart devices in the home

The publication of the Code of Practice is a watershed moment for the UK IoT and cyber security community. Developed in consultation with experts in government, industry and academia, the Code of Practice outlines thirteen guidelines that manufacturers of consumer IoT should implement into their product’s design to keep consumers safe and secure, ranging from the removal of default passwords to keeping software updated.

What has been refreshing about the development of the Code of Practice has been the enthusiasm from a range of stakeholders to get this right. From manufacturers and retailers to consumer groups and trade bodies, there has been agreement that we have to move the burden of responsibility for ensuring the security of the devices away from the consumer to one where strong cyber security is built into consumer IoT products by design and consumers can easily set up and manage a device in a secure manner.

The Government has also sought to make it easier for manufacturers to implement the Code by publishing a mapping document which links the thirteen guidelines to existing standards, recommendations and guidance on IoT security and privacy from around the world, representing one of the largest collections of guidance on IoT security and privacy to date.

A key aspect to the Code’s success will be through the international efforts that the Government undertakes, ensuring that guidelines from the Code drive global alignment across the IoT supply chain. Government can also help move the market towards a secure by design approach by ensuring that government departments purchase devices from suppliers that are adopting, or working towards adopting, the Code in a similar way that Cyber Essentials is now slowly being mandated across suppliers to local and central government.

The next step in the process is, of course, getting manufacturers to commit to implementing the Code and giving advice and guidance to consumers in order for them to set up and manage their devices in a secure manner. techUK will be continue supporting the Code, and working with its members as to strengthen consumer trust in the security of IoT products and services.

techUK’s CEO, Julian David, recently said “The Internet of Things (IoT) can benefit consumers by providing them with greater insight and control over their lifestyles. But citizens still have justified concerns about the level of security in IoT devices and we must address these if the IoT is ever to reach its full potential.

“We are pleased to have worked with Government and security experts to develop this Code of Practice and related documents as part of its Secure by Design Project. These offer companies a baseline to build on as they design their products and services with security front of mind. While it might take time for companies to fully align to all of the commitments, working towards achieving this will help strengthen consumer trust in the security of IoT”.

 

Channel website: http://www.techuk.org/

Original article link: http://www.techuk.org/insights/news/item/14125-secure-by-design-code-of-practice-why-it-is-important

Share this article

Latest News from
techUK

Innovate to elevate: Can product design solve the UK's productivity paradox? (Guest blog from Exclaimer)

23/04/2024 11:25:00

Blog posted by: Vicky Wills, Chief Technology Officer, Exclaimer, 22 April 2024.

New National Cyber Security Centre CEO Announced

22/04/2024 11:25:00

Recently, Friday 19 April, the NCSC officially announced Richard Horne as the incoming Chief Executive Officer (CEO), succeeding Lindy Cameron who stepped down earlier this year.

NFCC Data, Digital and Technology Conference 2024

22/04/2024 10:25:00

The Digital, Data, and Technology (DDaT) Conference hosted by the National Fire Chiefs Council is a pivotal event designed to bring together senior leaders and practitioners in the fire service sector.

What the London Marathon can teach us about Open Finance and Digital Identity

19/04/2024 15:25:00

This Sunday 21st April, the 44th London Marathon takes place. With a world record of more than half a million hopefuls that have applied, it has become ever important for participants to share their journey around the city’s landmarks with their friends and family. Of course, just relying on spotting a runner’s face or individual number on their chest amongst this many people would be difficult, so how do the organisers solve this problem?

HMRC Publish Cross Justice Secure Mail PIN

19/04/2024 13:10:00

HMRC has just published a PIN to seek industry guidence to help define the requirements of future market competition.

techUK leads members delegation to the 8th edition of the UK-US SME Dialogue in Belfast

17/04/2024 16:25:00

On 15 and 16 April, techUK organized a members delegation to the 8th edition of the UK-US SME Dialogue in Belfast, Northern Ireland.

techUK announces its first delegation to VivaTech Paris

17/04/2024 13:20:00

techUK is delighted to announce its first-ever delegation to VivaTech on 22-25 May in Paris. VivaTech is France’s biggest technology conference and one of the largest in Europe with over 11,400+ startups and 2600+ investors in attendance covering every tech vertical. The key themes of the conference are AI, Climate Tech, Smart Mobility, Deeptech, Internet & Democracy, the Creative Economy and Gaming & E-Sports. You can see all the sessions here.

AUKUS Trilateral Advanced Capabilities Forum bring industry together for first time

17/04/2024 12:05:00

Four UK trade associations have partnered to form the first Trilateral AUKUS Advanced Capabilities Industry Forum.

The UK's Competition Authority seeks to address concerns in markets for AI Foundation Models

16/04/2024 09:05:00

A summary of the CMA's latest paper on AI Foundation Models (FM), and its plans to help encourage open, fair competition and good consumer outcomes in the FM sector.

Recruiters Handbook: Download now and take the first steps towards developing a more diverse, equitable, and inclusive organisation.