The UK Government has expressed concern over the security of so-called Internet of Things (IoT) products and services, releasing a 'Secure by Design' review detailing plans to improve 'cyber security' in the nation.
'We want everyone to benefit from the huge potential of internet-connected devices and it is important they are safe and have a positive impact on people's lives. We have worked alongside industry to develop a tough new set of rules so strong security measures are built into everyday technology from the moment it is developed,' says Margot James, Minister for Digital and the Creative Industries, of the 'Secure by Design' report. 'This will help ensure that we have the right rules and frameworks in place to protect individuals and that the UK continues to be a world-leading, innovation-friendly digital economy.'
'The NCSC is committed to ensuring the UK has the best security it can, and stop people being expected to make impossible safety judgements with no useful information,' adds National Cyber Security Centre (NCSC) technical director Dr. Ian Levy. 'We are pleased to have worked with DCMS on this vital review, and hope its legacy will be a government "kitemark" clearly explaining the security promises and effective lifespan of products. Shoppers should be given high quality information to make choices at the counter. We manage it with fat content of food and this is the start of doing the same for the cyber security of technology products.'
The report, aimed primarily at manufacturers and retailers, outlines a series of steps which are, at present, recommendations rather than legislation: that all new devices should come with unique passwords which cannot be set to a generic factory default such as 'admin'; that all companies have a vulnerability policy and public point of contact for security issues; that sensitive data transmitted by or received by applications or products is encrypted; that software is automatically updated and customers are given clear guidance on said updates; that it is easy for consumers to delete personal data from devices and platforms; and that the installation and maintenance of all devices is as easy as possible. For retailers, a product labelling scheme is proposed to highlight a product's security features at the point of purchase.
'With connected devices becoming increasingly popular, it’s vital that consumers are not exposed to the risk of cyber-attacks through products that are left vulnerable through manufacturers' poor design and production,' says Alex Neill, managing director of home products and services at Which?, of the need for the report. 'Companies must ensure that the safety of their customers is the absolute priority when "smart" products are designed. If strong security standards are not already in place when these products hit the shelves, then they should not be sold.'
The report is available in full on the official government website.
February 27 2020 | 11:00