Consultation opens on new laws for connected devices

A consultation has been opened to gather views on how best to tackle the challenge of protecting internet connected devices in the home. Announcing the plans today, digital minister, Margot James said the government is focused on ensuring that products have security features built in from the design stage and not bolted on retrospectively.

“Many consumer products that are connected to the internet are often found to be insecure, putting consumers privacy and security at risk,” she said. “These new proposals will help to improve the safety of internet connected devices and is another milestone in our bid to be a global leader in online safety.

Options that the government will be consulting on include a mandatory new labelling scheme. The label would tell consumers how secure their smart TVs, toys and appliances are. For retailers, this means they will only be able to sell products with an Internet of Things (IoT) security label.

The consultation focuses on mandating the top three security requirements as defined by the current ‘Secure by Design’ code of practice. These include that:

• IoT device passwords must be unique and not resettable to any universal factory setting;
• manufacturers of IoT products provide a public point of contact as part of a vulnerability disclosure policy; and
• manufacturers explicitly state the minimum length of time for which the device will receive security updates through an end of life policy.

Following the consultation, the security label will initially be launched as a voluntary scheme to help consumers identify products that have basic security features and those that don’t.

National Cyber Security Centre technical director, Dr Ian Levy says serious and unacceptable security problems continue to be discovered in consumer IoT devices, and the fact that they are not being addressed by manufacturers needs to change.
“This innovative labelling scheme is good news for consumers, empowering them to make informed decisions about the technology they are bringing into their homes.”

Companies including Philips, Panasonic, Samsung, Miele, Yale and Legrand have already confirmed their commitment to taking steps to ensure that effective security solutions are being implemented across IoT products on the market.

The consultation is open for five weeks. Industry stakeholders may share their views here:

    Share Story:

Recent Stories