Connected devices can create considerable cybersecurity concerns for businesses. Now the UK government is proposing new requirements to minimise the threat.
The Department for Digital, Culture, Media and Sport (DCMS) has developed new cybersecurity guidelines together with the National Cyber Security Centre (NCSC) to ensure that the 75 billion internet of things devices around the world are as safe as possible.
There are three proposed requirements.
The first is that all consumer internet-connected device passwords must be unique and not resettable to any universal factory setting.
The second is that manufacturers of consumer connected devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner.
The third one is that manufacturers must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online.
The new law proposal is the result of a consultation launched in May 2019. The government has stated that it aims to follow up on the three proposed requirements with new legislation “as soon as possible.”
“We want to make the UK the safest place to be online with pro-innovation regulation that breeds confidence in modern technology,” said Matt Warman, digital minister. “Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety. It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.”
Copyright © 2018 RegTech Analyst