UK Government looks to improve IoT security

In a new UK government proposal, the UK is aiming to ensure that IoT devices are secured.  IoT devices, historically have been woefully insecure and have been hard to keep up to date or patch. IoT devices are smart devices which connect to the internet to help our everyday lives, for example, baby monitors, CCTV, TVs and fridges.

The new draft law, which was announced on the 27th January 2020, is made up of three main parts for the manufacturers of these devices. Firstly, it is being proposed that all consumer IoT devices must be configured with unique device passwords (and must not be resettable to a universal default setting).  This will protect against people guessing default passwords which have historically been known.

Manufacturers must also ensure that a public point of contact is made available, so that security researchers (or anyone) can report findings and allow any vulnerabilities to be resolved as quickly as possible.

Lastly, manufactures must also state what the minimum length of time will be for the supported security of devices, this will help to ensure that devices are kept up to date, instead of being sold without any update of maintenance support.

Matt Warman, UK Minister for Digital and Broadband said “Our new law will hold firms manufacturing and selling internet connected devices to account and stop hackers threatening people’s privacy and safety.”

The regulation, which was developed by the Department for Digital, Culture, Media and Sport was released after an extensive consultation period was started in May 2019. DCMS stated that the UK government aims to deliver the legislations as soon as possible.