The number of connected devices is predicted to rise to more than 420 million across the country within three years
Manufacturers of internet connected devices will be required to build-in security measures to block cyber threats under a new UK government code of practice.
Developed in collaboration with manufacturers, retailers and the National Cyber Security Centre (NCSC), the Government’s Secure by Design review lays out plans to embed security in the design process rather than bolt it on as an afterthought.
The move is in response to recent high-profile breaches putting people’s data and security at risk, including attacks on smart watches, CCTV cameras and children’s dolls.
Estimates show every household in the UK owns at least 10 internet-connected devices and this is expected to increase to 15 devices by 2020, meaning there could be more than 420 million in use across the country within three years.
The Government said it will work with industry to implement the code of practice to improve the cyber-security of consumer internet-connected devices and associated services while continuing to encourage innovation in new technologies.
“We want everyone to benefit from the huge potential of internet-connected devices and it is important they are safe and have a positive impact on people’s lives,” said Margot James, minister for digital and the creative industries.
“We have worked alongside industry to develop a tough new set of rules so strong security measures are built into everyday technology from the moment it is developed.
“This will help ensure that we have the right rules and frameworks in place to protect individuals and that the UK continues to be a world-leading, innovation-friendly digital economy.”
The Secure by Design report outlines practical steps for manufacturers, service providers and developers. This will encourage firms to make sure:
All passwords on new devices and products are unique and not resettable to a factory default, such as ‘admin’;
They have a vulnerability policy and public point of contact so security researchers and others can report issues immediately and they are quickly acted upon;
Sensitive data which is transmitted over apps or products is encrypted;
Software is automatically updated and there is clear guidance on updates to customers;
It is easy for consumers to delete personal data on devices and products;
Installation and maintenance of devices is easy.
Alongside these measures for Internet of Things manufacturers, the report proposes developing a product labelling scheme so consumers are aware of a product’s security features at the point of purchase.
“We are pleased to have worked with DCMS on this vital review and hope its legacy will be a government ‘kitemark’ clearly explaining the security promises and effective lifespan of products,” added Dr Ian Levy, technical director, NCSC.
“Shoppers should be given high-quality information to make choices at the counter. We manage it with fat content of food and this is the start of doing the same for the cyber-security of technology products.”
Matthias Maier, security evangelist at machine data specialist, Splunk, is among those who have welcomed the Government’s move: “The Internet of Things (IoT) presents a significant economic opportunity as well as a number of potential threats that need to be guarded against.
"Whether it’s botnets utilising vulnerable devices to run massive DDOS attacks against businesses or government to bring services down, through to violations of IoT devices to spy on everyone’s private life. Such threats are no longer science fiction in our world of ever increasing IoT devices in the home."
He adds: “We need a mindset change from consumers to shift their purchasing habits from selecting the cheapest device to choosing the most trusted device. This change will happen as consumers become more educated and savvy about what they select and it’s great to see the UK Government pushing understanding further with the launch of this report.”
If you like this, you might be interested in reading the following:
140 million LPWA smart city devices by 2022
Research predicts that in the next five years low power wide area technologies will connect hundreds of millions of smart city sensing devices to networks
IoT connected devices predicted to reach 7 billion
Billions of connected "things" are a reality as wireless sensor networks integrate with massively scaled cloud services
UK government unveils national cyber security plan
Chancellor Philip Hammond sets out a £1.9bn security strategy that aims to strike back at malicious hackers