UK Plans Stronger IoT Security Rules
Government proposes legislation for connected things
Government proposes legislation for connected things
Last week, the UK government announced plans to introduce legislation designed to improve the security standards of consumer-level Internet of things (IoT) products. The legislation stipulates that all consumer smart devices sold in the UK, such as security cameras, TVs, wearable health trackers and connected appliances, adhere to some basic security requirements. The proposed measures from the Department for Digital, Culture, Media & Sport have been developed in conjunction with the UK’s National Cyber Security Centre and follow a period of consultation with information security experts, product manufacturers, retailers and others.
Until now, the government has encouraged industry to adopt a voluntary approach to security, but has now shifted its stance, saying that more decisive action is needed to ensure that strong cybersecurity is built into these products. Manufacturers haven’t built basic security requirements into their products, leading to frequent breaches involving their devices.
As smart products have become an integral part of our daily lives, there’s a risk that any compromised vulnerability within a device could result in real harm to all networked devices. In other words, a chain is only as strong as its weakest link. This calls for urgent joint government and industry action. With the UK government taking consumer IoT security very seriously, it wants to move the expectation away from consumers and instead ensure that strong cybersecurity is built into these products by design.
In early 2019, the UK government began an exercise to identify the best options to beef up cybersecurity for consumer IoT by exploring the potential impact of the growing popularity of connected devices and their lack of basic security features. After the initial review, the UK government stipulated that manufacturers adopt some basic tenets for these devices:
There are many estimates for the number of connected devices worldwide as the market grows, with numbers as high as 75 billion by 2025. The UK expects to have 10 to 15 devices per household in 2020. As these products become more popular, achieving full market compliance with these three guidelines will ensure consumers are given protection against the most basic vulnerabilities, such as those that resulted in the Mirai distributed denial-of-service attack in October 2016.
The UK isn’t alone in attempting to secure IoT devices. The European Union Agency for Cybersecurity is working toward legislation in this area, and the US government is also looking to regulate IoT in an effort to protect against cyberattacks. From a manufacturer’s point of view, it would be costly if each country implemented its own regulations in this area, as there would be a patchwork of different rules around the globe. So, it’s good news that the UK government is also working with other international agencies to develop a global approach. However, it hasn’t yet stipulated a timeline for its own regulations to be implemented.
Of course, the new regulations only apply to products going on sale from now. Many consumers have already invested significant sums in connected things and suppliers will, as part of their compliance approach, do well to let existing users know whether and how they plan to make their products more secure. The current spate of security problems with Amazon Ring devices will be a good and high-profile test case.
Make sure you don’t miss out on our fresh insights on topical news in the connected world.
This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.
OKLearn moreWe may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, refuseing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.
We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Google reCaptcha Settings:
Vimeo and Youtube video embeds:
Leave a Reply
Want to join the discussion?Feel free to contribute!