The government has announced that manufacturers of 'smart' devices will be expected to build-in tough new security measures that last the lifetime of the product, as part of its plans to keep the nation safe from increasing cyber threats.
Estimates show every household in the UK owns at least 10 internet connected devices and this is expected to increase to 15 by 2020, meaning there may be more than 420 million in use across the country within three years.
Poorly secured devices threaten individuals’ online security, privacy, safety, and could be exploited as part of large-scale cyber-attacks. Recent high-profile breaches putting people’s data and security at risk include attacks on smart watches, CCTV cameras and children’s dolls.
Developed in collaboration with manufacturers, retailers and the National Cyber Security Centre, the government’s Secure by Design review lays out plans to embed cyber security in the design process, rather than bolt them on as an afterthought.
The government has said that it will work with industry to implement a rigorous new Code Of Practice to improve the cyber security of consumer internet-connected devices and associated services while continuing to encourage innovation in new technologies.
Margot James, minister for Digital and the Creative Industries, said:” We want everyone to benefit from the huge potential of internet-connected devices and it is important they are safe and have a positive impact on people’s lives.
“We have worked alongside industry to develop a tough new set of rules so strong security measures are built into everyday technology from the moment it is developed.
“This will help ensure that we have the right rules and frameworks in place to protect individuals and that the UK continues to be a world-leading, innovation-friendly digital economy.”
The Secure by Design report outlines practical steps for manufacturers, service providers and developers.
This will encourage firms to make sure:
- All passwords on new devices and products are unique and not resettable to a factory default, such as ‘admin’;
- They have a vulnerability policy and public point of contact so security researchers and others can report issues immediately and they are quickly acted upon;
- Sensitive data which is transmitted over apps or products is encrypted;
- Software is automatically updated and there is clear guidance on updates to customers;
- It is easy for consumers to delete personal data on devices and products;
- Installation and maintenance of devices is easy.
Alongside these measures for Internet of Things manufacturers, the report proposes developing a product labelling scheme so consumers are aware of a product’s security features at the point of purchase.
Dr Ian Levy, the NCSC’s technical director, said: “Shoppers should be given high quality information to make choices at the counter. We manage it with fat content of food and this is the start of doing the same for the cyber security of technology products.”
Get insights like this delivered straight to your inbox
5 Digital Briefings | 5 Front-of-Mind Topics | 5 Days a Week
- Monday: Manufacturing Innovation
- Tuesday: Manufacturing Leadership
- Wednesday: Digital Transformation
- Thursday: Industrial Automation
- Friday: Industrial Internet
Sign up for free here.