Three features that IoT smart devices must have to be secured
By MYBRANDBOOK
All Internet of Things and consumer smart devices will need to adhere to specific security requirements, under new government proposals.
The aim of the legislation is to help protect UK citizens and businesses from the threats posed by cyber criminals increasingly targeting Internet of Things devices.
By hacking IoT devices, cyber criminals can build an army of devices that can be used to conduct DDoS attacks to take down online services, while poorly-secured IoT devices can also serve as an easy way for hackers to get into networks and other systems across a network.
The proposed measures from the Department for Culture, Media and Sport (DCMS) have been developed in conjunction with the UK's National Cyber Security Centre (NCSC) and come following a consultation period with information security experts, product manufacturers and retailers and others.
"Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people's privacy and safety," said Matt Warman, minister for digital and broadband at DCMS.
They also follow on from the previously suggested voluntary best practice requirements, but the legislation would require that IoT devices sold in the UK must follow three particular rules to be allowed to sell products in the UK. They are:
All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting.
Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner
Manufacturers of consumer IoT devices must explicitly state the minimum length of time that the device will receive security updates at the point of sale, either in store or online
It is currently unclear how these rules will be enforced under any future law. While the government has said that its "ambition" is to introduce legislation in this area, and said this would be done "as soon as possible", there is no detail on when this would take place. A DCMS spokesperson told ZDNet that the department will be working with retailers and manufacturers as the proposals move forward.
Many connected devices are shipped with simple, default passwords that in many cases can't be changed, while some IoT product manufacturers often lack a means of being contacted to report vulnerabilities – especially if that device is produced on the other side of the world.
In addition to this, it's been known for IoT products to suddenly stop receiving support from manufacturers, and providing an exact length of time that devices will be supported will allow users to think about how secure the product will be in the long term.
If products don't follow these rules, the new law proposes that these devices could potentially be banned from sale in the UK.
"Whilst the UK Government has previously encouraged industry to adopt a voluntary approach, it is now clear that decisive action is needed to ensure that strong cybersecurity is built into these products by design," said Warman.
"Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people's privacy and safety. It will mean robust security standards are built in from the design stage and not bolted on as an afterthought," he added.
"Smart technology is increasingly central to the way we live our lives, so the development of this legislation to ensure that we are better protected is hugely welcomed," said Nicola Hudson, policy and communications director at the NCSC.
"It will give shoppers increased peace of mind that the technology they are bringing into their homes are safe, and that issues such as pre-set passwords and sudden discontinuation of security updates are a thing of the past."
The UK isn't alone in attempting to secure the Internet of Things -- ENISA, the European Union's cybersecurity agency, is also working towards legislation in this area, while the US government is also looking to regulate IoT in an effort to protect against cyberattacks.
(The article was first published in ZDNET and is authored by Danny Palmer)
"
Nazara and ONDC set to transform in-game monetization with ‘
Nazara Technologies has teamed up with the Open Network for Digital Comme...
Jio Platforms and NICSI to offer cloud services to government
In a collaborative initiative, the National Informatics Centre Services In...
BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium
A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...
Pinterest tracks users without consent, alleges complaint
A recent complaint alleges that Pinterest, the popular image-sharing platf...
TP-LINK INDIA PVT. LTD.
LUMINOUS POWER TECHNOLOGIES PVT. LTD.
ADITYA INFOTECH LTD.
WIPRO LTD.
ICONS OF INDIA : VINAY SINHA
Vinay Sinha is the Managing Director of Sales for the India Mega Regio...
Icons Of India : MUKESH D. AMBANI
Mukesh Dhirubhai Ambani is an Indian businessman and the chairman and ...
Icons Of India : Anil Kumar Lahoti
Anil Kumar Lahoti, Chairman, Telecom Regulatory Authority of India (TR...
GeM - Government e Marketplace
GeM is to facilitate the procurement of goods and services by various ...
STPI - Software Technology Parks of India
STPI promotes and facilitates the growth of the IT and ITES industry i...
HPCL - Hindustan Petroleum Corporation Ltd.
HPCL is an integrated oil and gas company involved in refining, market...
Indian Tech Talent Excelling The Tech World - JAY CHAUDHRY, CEO – Zscaler
Jay Chaudhry, an Indian-American technology entrepreneur, is the CEO a...
Indian Tech Talent Excelling The Tech World - Satya Nadella, Chairman & CEO- Microsoft
Satya Nadella, the Chairman and CEO of Microsoft, recently emphasized ...
Indian Tech Talent Excelling The Tech World - REVATHI ADVAITHI, CEO- Flex
Revathi Advaithi, the CEO of Flex, is a dynamic leader driving growth ...