National Cyber Security Centre
UK and Singapore sign IoT security pledge
Ciaran Martin explains why he is so pleased to have signed an agreement to strengthen the partnership between the UK and Singapore on the security of internet-connected devices.
As part of the Singapore-UK Strategic Partnership, it was agreed that the two countries would work together improving the security of internet-connected devices.
Read the joint statement here on GOV.UK.
The following op-ed, written by the NCSC CEO Ciaran Martin, was first published in GovInsider (02/10/19):
We’ve all seen the Hollywood doomsday scenarios around technology, and understand that for lots of people cyber security can be daunting. But fear should never be a barrier for people using the best technology available – and I’m delighted that yesterday Singapore and the UK took a positive step into improving the security of our nations’ internet-connected devices.
As Chief Executive of the UK’s National Cyber Security Centre (NCSC), I am signing a joint statement with David Koh, Chief Executive of the Cyber Security Agency of Singapore, that we hope will drive improvements in the security of smart consumer products in our respective countries. It is fitting that the joint statement was signed during Singapore International Cyber Week.
Since setting up in London three years ago, the NCSC and the UK’s Department for Digital, Culture, Media and Sport have led the programme to make Internet of Things (IoT) devices to be ‘Secure by Design’. This means security should be built into a product before devices are taken home, rather than putting the burden of expectation on the general public to bolt on measures to make it safe to use.
This is needed because a worrying number of people do not change the manufacturer’s default password. Not only are these passwords often universal, they are easily guessed because of how obvious they are. The password ‘password’ is one such amusing but also troubling example. Our analysis has found that 23.2 million accounts that have been breached had been ‘protected’ with that easy-to-guess password.
The growth of internet enabled devices poses a serious security risk. Without a way for consumers to judge the security of the products they buy, millions of inter-connected devices and the data they contain could be vulnerable to cyber attacks.
The Security-by-Design UK-Singapore IoT Statement will drive improvements in the security of smart consumer products.
Together, we are recommending that manufacturers implement industry best practices such as:
- Discontinuing the most blatant security short comings, such as the use of universal default passwords.
- Making vulnerability disclosure processes across the IoT industry become the norm. If it becomes standard to report security vulnerabilities, manufacturers can respond accordingly. The challenges faced are not specific to a device or a manufacturer so this sharing of knowledge and problem solving expertise will benefit everyone.
- Encouraging the development and deployment of software security updates for the entire lifetime of IoT products so that consumers and the wider technical ecosystem are protected today and into the future. All devices need to have a defined support period within which the manufacture guarantees they will fix the problems.
Together, we endeavour to take a leading role in driving improvements in the security of smart consumer products. We want to ensure that internet-connected devices have security built in by design and the public and industry are protected against related security threats, such as cyber attacks, theft of personal data and risks to physical safety.
At the same time, we will ensure the IoT industry can continue to grow and innovate and the public can fully benefit from these products and services. We will work together to explore ways to help consumers gain confidence in the security of the products they choose.
Singapore and the UK have a shared interest in enhancing our cooperation in cybersecurity as we develop our national approaches. We are committed to strengthening our dynamic partnership for the 21st Century and will continue to work together closely to ultimately make the internet easier to use safely.
Latest News from
National Cyber Security Centre
Registration opens for CYBERUK 202027/02/2020 09:10:00
The UK Government’s flagship cyber security event CYBERUK 2020 has opened its doors for registration.
UK cyber entrepreneurs to meet world's experts in Silicon Valley25/02/2020 11:15:00
Seven companies from the NCSC's Cyber Accelerator programme to pitch to prospective clients at the IT security conference.
Foreign Secretary condemns Russia's GRU after NCSC assessment of Georgian cyber attacks21/02/2020 16:15:00
The UK, Georgia and international partners have today exposed the GRU’s responsibility for a number of significant cyber attacks against Georgia last year.
UK condemns Russia's GRU over Georgia cyber-attacks21/02/2020 11:17:00
Foreign Secretary Dominic Raab calls out Russian campaign of unacceptable cyber-attacks against Georgia.
NCSC supports Northern Ireland’s push to strengthen cyber security capabilities19/02/2020 12:05:00
The Northern Ireland Cyber Security Centre is open and will work closely with the NCSC going forward.
Girlguiding take on cyber security challenges19/02/2020 10:15:00
The NCSC partners with Girlguiding South West England, as part of the drive to increase female representation in cyber security.
Advisory: Trickbot17/02/2020 10:10:00
How organisations can protect their networks from the ‘Trickbot’ banking trojan.
Schoolgirls across the UK show their cyber skills12/02/2020 16:15:00
Hundreds demonstrated their cyber security know-how during the co-ordinated series of competitions across the UK.