Under the new rules, the government will consult on a series of measures to ensure that devices have basic cybersecurity features.
The law is being consulted on, but one of the options that the government is considering is a new mandatory labelling scheme.
The label would need to clearly tell customers how secure their products are. Those products include smart TVs, toys, and other connected appliances.
“The move means that retailers will only be able to sell products with an Internet of Things (IoT) security label,” said the government.
Other strategies include ensuring IoT devices have unique passwords and setting up vulnerability disclosure policies for manufacturers.
Internet of Things proposal
The new proposal comes as the UK prepares for the expansion of the IoT, which will see a rise in the number of household devices that are connected to the internet.
“Many consumer products that are connected to the internet are often found to be insecure, putting consumers privacy and security at risk,” said digital minister Margot James. “These new proposals will help to improve the safety of internet-connected devices and is another milestone in our bid to be a global leader in online safety.”
Julian David, CEO of TechUK, welcomed the consultation into cybersecurity for consumer IoT.
“The proposals set out have the potential to positively impact the security of devices made across the world, and it is good to see the government is working with international partners to ensure a consistent approach to IoT security.”
Peter Carlisle, the Vice President at nCipher Security, commented on the proposal, by saying: “Consumers and businesses are discovering and benefiting from the opportunities of the IoT provides each day.
“Yet, IoT devices have also become one of the most vulnerable entry points for attackers. The IoT exposes consumers and businesses to new security vulnerabilities due to its increased network connectivity and the devices within it not being secured by design,” he added.
“It is so vast and complex that finding data protection solutions which can span across the entire network, providing scalable encryption key management and not impeding data analytics can be a serious challenge.
“By encouraging ‘Security by Design’ and introducing a new labelling system to tell users whether an IoT device can be trusted, the proposed legislation signals a positive step in the right direction. It could ensure that security is baked into IoT devices, protecting both businesses and consumers from the offset and going a step further than the voluntary “code of practice” announced last year.
“After all, when it comes to cybersecurity prevention is always better than a cure.”