Govt to make Britain safest ‘online place’ in the world  

This review focuses on how to ensure that consumer internet connected products and associated services are sufficiently secure. In particular, it looks at the rights and responsibilities of consumers and industry.

The Internet of Things (IoT) brings huge opportunities for citizens as well as the UK’s digital economy; this includes increasing the functionality of many features in the home, such as remotely changing the level of heating and lighting.

According to the report, many internet-connected devices sold to consumers lack even basic cyber security provisions. This, paired with the rapid proliferation of these devices, has led primarily to two risks:

1. Consumer security, privacy and safety is being undermined by the vulnerability of individual devices; and
2. The wider economy faces an increasing threat of large scale cyber-attacks launched from large volumes of insecure IoT devices.

According to the report, these risks need to be addressed through joint government and industry action as a matter of urgency. And the report underlines that the government has a duty of care to UK citizens to help ensure that they can access and use the internet safely.

Consequently, the government has undertaken this review into the cyber security of consumer IoT products and associated services, and this report sets out the need for greater action and proposes a range of measures to better protect citizens and the wider economy.

The paper notes that protecting consumers requires a fundamental shift in industry’s approach to managing cyber risks. There is a need to move away from placing the burden on consumers to securely configure their devices and instead ensure that strong security is built in by design.

The Code of Practice aims primarily at manufacturers 

The central proposal of this report is a draft Code of Practice aimed primarily at manufacturers of consumer IoT products and associated services; it has been developed through extensive engagement with industry and subject matter experts and sets out thirteen practical steps to improve the cyber security of consumer IoT.

The publication of this report, and particularly the draft Code of Practice, is intended to stimulate further dialogue with industry, academic institutions and civil society over the coming months.

The government needs reportedly to collectively balance the need to create effective incentives for manufacturers, the supply chain and retailers, while also continuing to encourage innovation in new technologies.

The government’s preference would be for the market to solve this problem – the clear security guidelines set out will be expected by consumers and delivered by IoT producers, as the report states.

But if this does not happen, and quickly, then reportedly the government’s ‘Department for Digital’ is to look to make these guidelines compulsory through law and it will review progress throughout 2018.