Saturday, 29 February 2020

“Bad news for hackers”: UK govt announces new IoT cybersecurity law

by Harry Baldock, Total Telecom
Monday 27 January 20

Under the new law, smart devices would have to adhere to three new requirements designed to increase security

The commercial market for connected devices is booming, with new variations of IoT technology arriving on the market every day. The scale of this market is truly enormous, with research suggesting there will be 75 billion connected devices in homes by 2025.   But, beside the smart thermostat creating the perfect temperature and the smart TV adjusting the programme’s audio, there is an elephant in the room: security.    “Over the past five years, there has been a great deal of concern expressed toward vulnerable consumers and inadequate cybersecurity protection…

The commercial market for connected devices is booming, with new variations of IoT technology arriving on the market every day. The scale of this market is truly enormous, with research suggesting there will be 75 billion connected devices in homes by 2025.
 
But, beside the smart thermostat creating the perfect temperature and the smart TV adjusting the programme’s audio, there is an elephant in the room: security. 
 
“Over the past five years, there has been a great deal of concern expressed toward vulnerable consumers and inadequate cybersecurity protection,” explained John Moor, the managing director of the IoT Security Foundation. “Understanding the complex nature of IoT security and determining the minimum requirements has been a challenge.”
 
Now, the UK government is moving to legislate new requirements for IoT device manufactures in an effort to improve consumer data security.  
 
The three central tenants of this new law are: 
All devices must have a unique password and not be resettable to a universal factory setting
Manufacturers must provide a public point of contact so that vulnerabilities can be reported quickly and easily
Manufacturers must state the minimum length of time for which a device will receive security updates, whether in-store or online
 
The proposed requirements have been developed following a consultation with industry representatives and the National Cyber Security Centre, as the government tries to balance an increasing need for security with potentially stifling innovation and development.
 
“We want to make the UK the safest place to be online with pro-innovation regulation that breeds confidence in modern technology,” said digital minister Matt Warman. “Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety.”
 
Devices that do not measure up to this proposed war would find themselves banned from sale in the UK.
 
Protection from cyber attacks is a hot topic across the world, with the US government looking to regulate IoT, as is the EU’s cybersecurity agency ENISA. The UK is something of a leader in this field, with the UK Government’s Code of Practice forming the basis for the EU’s first industry standard for consumer IoT security, published last year.
 
By drawing up this new law, the UK is looking to remain at the forefront of smart tech security. 
 
“The IoT Security Foundation welcomes the results of the consultation as it not only provides clarity for industry, it is great news for consumers and bad news for hackers,” concluded Moor.
 
For some, however, this legislation does not go far enough, arguing that the onus should be on manufacturers to ensure their devices are secure before sale.

“No other manufacturing industry is permitted to ship known vulnerable or defective parts in their products, so why should the software components in connected devices be any different?" said Ilkka Turunen, global director of solutions architecture at Sonatype. "Instead, manufacturers should be able to certify that their software, and their devices, are secure at the time of shipping, and should ensure their security updates last for the mandated time. These devices are far more personal than anything else in the market, potentially putting privacy or lives at risk. Therefore, the standards governing their manufacturing should be set at a strict level."
 
The government has taken the first steps towards regulating this industry, but it seems there is a long journey ahead.
 
 
To explore all elements of the burgeoning IoT ecosystem, help us #make5Glive
 
 
Also in the news:

 

Since you're here...

...the Telecoms industry is characterised by constant change and evolution. That's why it's crucial for telecoms professionals to keep up-to-date with what is happening. Join 35,000+ of your peers and sign up to our free newsletter service today, to be in the know about what is going on. PLUS, as a member you can submit your own press releases!

See all membership options

Please enable JavaScript to view the comments powered by Disqus.

Newsletter signup

Quickly get on board and up to date with the telecoms industry