Government launches internet of things code of practice
The UK government has launched a new voluntary internet of things code of practice to help manufacturers boost the security of Internet-connected devices such as virtual assistants, connected home devices, smartwatches and toys.
Leading tech companies have voiced their support for the new IoT code and the importance of strengthened security practices in internet-connected devices, HP Inc. and Centrica Hive Ltd being the first to sign up to commit to the code.
The internet of things code of practice will ensure that businesses continue to strengthen the cyber security of their products at the design stage.
The UK is leading global efforts to strengthen the security of smart devices and products.
In a world first, the UK government has published new measures to help manufacturers boost the security of internet-connected devices.
Within the next three years, there are expected to be more than 420 million internet connected devices in use across the UK, and poorly secured devices such as virtual assistants, fridges and home alarm systems can leave people exposed to security issues and even as part of a larger scale cyber attacks.
To combat this, the Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC) set out plans in a ‘Secure by Design’ review to embed security in the design process of new technology rather than bolt it on as an afterthought.
As a result, a new internet of things code of practice has been developed with industry to improve the cyber security of devices, encourage innovation in new technologies and keep consumers safe.
Margot James, minister for digital, said: “From smartwatches to children’s toys, internet-connected devices have positively impacted our lives but it is crucial they have the best possible security to keep us safe from invasions of privacy or cyber attacks. The UK is taking the lead globally on product safety and shifting the burden away from consumers having to secure their devices.
“The pledges by HP Inc. and Centrica Hive Ltd are a welcome first step but it is vital other manufacturers follow their lead to ensure strong security measures are built into everyday technology from the moment it is designed.
“Poorly secured devices can threaten individuals’ privacy, compromise their network security, their personal safety and could be exploited as part of large-scale cyber attacks. Recent high-profile breaches putting people’s data and security at risk include attacks on smart watches, CCTV cameras and childrens’ toys.
“To make sure consumers are protected when using internet-connected devices and while manufacturers implement stronger security measures, Government and NCSC have worked closely with consumer groups and industry to develop guidance on smart devices in the home.
“The new Code of Practice outlines thirteen guidelines that manufacturers of consumer devices should implement into their product’s design to keep consumers safe.
“This includes secure storage of personal data, regular software updates to make sure devices are protected against emerging security threats, no default passwords and making it easier for users to delete their personal data off the product.”