TheDigitalArtist / Pixabay
This move could well mean making the Internet of Things (IoT) a more secure technology. Margot James, United Kingdom Minister of State for Digital and Creative Industries, has outlined the draft of a new law that will ensure that basic cyber security features are built into connected devices.
The UK IoT regulatory proposals aim to protect households and small businesses from “flawed” IoT devices and gadgets. If passed, under this new law, consumers will be able to buy devices that are labelled “Secure by Design,” said James.
According to the UK Government, the move will mean that “retailers will only be able to sell products with an IoT security label.
The Department for Digital, Culture, Media and Sport (DCMS) will now be consulting on these regulatory proposals. Having worked with stakeholders, experts and the National Cyber Security Centre (NCSC), the fresh set of talks will now revolve around proposals for new mandatory industry requirements to ensure consumer smart devices adhere to a basic level of security. The proposals set out in this consultation seek to better protect consumers’ privacy and online security which can be put at risk by insecure devices.
The consultation, according to this release by the UK govt., also reinforces the main security requirements set out in the government’s ‘Secure by Design’ code of practice, including:
- IoT device passwords must be unique and not resettable to any universal factory setting;
- Manufacturers of IoT products provide a public point of contact as part of a vulnerability disclosure policy;
- Manufacturers explicitly state the minimum length of time for which the device will receive security updates through an end of life policy.