Lat year, the UK government conducted a review on the issue of securing IoT devices, seeking input from industry leaders, academic figures, and other stakeholders. It then gathered the responses to help identify what the rights and responsibilities of consumers and businesses regarding IoT security should be. The result of the review led to the government publishing the Code of Practice for Consumer IoT Security to set out some guidelines to all interested parties involved in the development, manufacturing and retail of consumer connected devices.
This code was developed to help to promote a sense of confidence among businesses and consumers, but this is only a guide and not set in law, meaning manufacturers could and do continue to ignore it. Because of this, the UK government recently published a new statement in which it said that “despite providing industry with these tools to help address security in IoT, we continue to see significant shortcomings in many products on the market.”
To reduce this problem the government now intends to make three security requirements mandatory. These include:
- Providing unique passwords at sale that are not resettable to any universal factory setting
- Ensuring there’s a public point of contact for cybersecurity issues relating to the device
- Stating clearly via labels how secure the device is and for how long security updates would be made available
The advantage of this approach is that they are easy to implement and enforce and would protect consumers and businesses from the security risks associated with these devices. These small changes can make a big difference in protecting devices. The UK government is also looking at creating a compulsory labeling system to tell the consumer exactly how secure the device is. But, the onus of this would be on the manufacturer providing the relevant label and it is currently not clear how many of the Code of Practice guidelines a device would have to conform to in order to be sold.
IoT Security is crucial to gain consumer confidence and keep it, to fulfill the full potential of the IoT promise.
IoT as a technology is still relatively new and needs to be recognised as a weak area when it comes to connected devices.
But with this legislation the UK government is encouraging manufacturers to consider security from the start to finish when designing their products.
With these positive steps taken, hopefully this will encourage other government institutions to consider similar steps to help protect the consumer and businesses across the world.