National Cyber Security Centre
UK and Singapore sign IoT security pledge
Ciaran Martin explains why he is so pleased to have signed an agreement to strengthen the partnership between the UK and Singapore on the security of internet-connected devices.
As part of the Singapore-UK Strategic Partnership, it was agreed that the two countries would work together improving the security of internet-connected devices.
Read the joint statement here on GOV.UK.
The following op-ed, written by the NCSC CEO Ciaran Martin, was first published in GovInsider (02/10/19):
We’ve all seen the Hollywood doomsday scenarios around technology, and understand that for lots of people cyber security can be daunting. But fear should never be a barrier for people using the best technology available – and I’m delighted that yesterday Singapore and the UK took a positive step into improving the security of our nations’ internet-connected devices.
As Chief Executive of the UK’s National Cyber Security Centre (NCSC), I am signing a joint statement with David Koh, Chief Executive of the Cyber Security Agency of Singapore, that we hope will drive improvements in the security of smart consumer products in our respective countries. It is fitting that the joint statement was signed during Singapore International Cyber Week.
Since setting up in London three years ago, the NCSC and the UK’s Department for Digital, Culture, Media and Sport have led the programme to make Internet of Things (IoT) devices to be ‘Secure by Design’. This means security should be built into a product before devices are taken home, rather than putting the burden of expectation on the general public to bolt on measures to make it safe to use.
This is needed because a worrying number of people do not change the manufacturer’s default password. Not only are these passwords often universal, they are easily guessed because of how obvious they are. The password ‘password’ is one such amusing but also troubling example. Our analysis has found that 23.2 million accounts that have been breached had been ‘protected’ with that easy-to-guess password.
The growth of internet enabled devices poses a serious security risk. Without a way for consumers to judge the security of the products they buy, millions of inter-connected devices and the data they contain could be vulnerable to cyber attacks.
The Security-by-Design UK-Singapore IoT Statement will drive improvements in the security of smart consumer products.
Together, we are recommending that manufacturers implement industry best practices such as:
- Discontinuing the most blatant security short comings, such as the use of universal default passwords.
- Making vulnerability disclosure processes across the IoT industry become the norm. If it becomes standard to report security vulnerabilities, manufacturers can respond accordingly. The challenges faced are not specific to a device or a manufacturer so this sharing of knowledge and problem solving expertise will benefit everyone.
- Encouraging the development and deployment of software security updates for the entire lifetime of IoT products so that consumers and the wider technical ecosystem are protected today and into the future. All devices need to have a defined support period within which the manufacture guarantees they will fix the problems.
Together, we endeavour to take a leading role in driving improvements in the security of smart consumer products. We want to ensure that internet-connected devices have security built in by design and the public and industry are protected against related security threats, such as cyber attacks, theft of personal data and risks to physical safety.
At the same time, we will ensure the IoT industry can continue to grow and innovate and the public can fully benefit from these products and services. We will work together to explore ways to help consumers gain confidence in the security of the products they choose.
Singapore and the UK have a shared interest in enhancing our cooperation in cybersecurity as we develop our national approaches. We are committed to strengthening our dynamic partnership for the 21st Century and will continue to work together closely to ultimately make the internet easier to use safely.
Latest News from
National Cyber Security Centre
Neurodiversity and disability to be captured in second survey on diversity of UK cyber sector14/05/2021 16:15:00
NCSC and KPMG UK launch second survey to help improve diversity in the cyber security industry.
New tool launched to support organisations achieve Cyber Essentials certification12/05/2021 16:05:00
Cyber Essentials Readiness Tool asks organisations questions related to the main Cyber Essentials criteria to help prepare them for certification.
British tech startups offered help to keep innovations secure12/05/2021 15:05:00
New guidance from the NCSC and the Centre for the Protection of National Infrastructure (CPNI) to help fledgling technical companies consider key questions around security.
Large UK organisations offered ten steps to stay ahead of cyber threat12/05/2021 10:15:00
Refreshed 10 Steps to Cyber Security guidance released for cyber security professionals in large and medium sized organisations.
Fifteen times more online scams stamped out as cyber experts moved to protect UK during pandemic10/05/2021 16:15:00
The fourth annual report on the NCSC’s Active Cyber Defence (ACD) programme is released.
Cyber experts set out blueprint to secure smart cities of the future10/05/2021 09:15:00
The NCSC has published a set of principles outlining how to securely design, manage and build smart cities.
New cyber security training package launched for charities and small businesses07/05/2021 11:15:00
Free e-learning package to support small organisations released.
Leading figures from UK politics to appear at CYBERUK06/05/2021 09:15:00
CYBERUK is a key date for cyber security professionals, where thought leaders and technical professionals come together and exchange ideas.