UK Government publish cyber security code of practice for connected devices

15 October 2018

Credit: Shutterstock
Credit: Shutterstock

The UK government has for the first time published new measures to help manufacturers boost the security of internet-connected devices, including home alarm systems.

Despite some estimates predicting there will be over 420 million internet-connected devices in use across the UK within the next three years, poorly protected devices such as virtual assistants, toys and smartwatches can leave people exposed to security issues and even large-scale cyberattacks.

To combat this, the Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC) set out plans, in a ‘Secure by Design’ review, to embed security in the design process of new technology – rather than implementing it as an afterthought.

Resultantly, a new Code of Practice has been developed with industry to improve the cyber security of devices, encourage innovation in new technologies, and ultimately keep consumers safe.

To quote Margot James, who is minister for digital matters: “From smartwatches to children’s toys, internet-connected devices have positively impacted our lives; but it is crucial they have the best possible security to keep us safe from invasions of privacy or cyber-attacks.

“The UK is taking the lead globally on product safety and shifting the burden away from consumers having to secure their devices.

“The pledges by HP Inc. and Centrica Hive Ltd are a welcome first step, but it is vital other manufacturers follow their lead to ensure strong security measures are built into everyday technology from the moment it is designed.”

Said Chancellor of the Duchy of Lancaster and minister for the Cabinet Office, David Lidington:

“Our National Cyber Security Strategy sets out our ambitious proposals to defend our people, deter our adversaries and develop our capabilities to ensure the UK remains the safest place to live and do business online…

"I am proud to say the UK is leading the way internationally with our new Code of Practice, to deliver consumer devices and associated services that are Secure by Design.”

Poorly secured devices can threaten individuals’ privacy, compromise their network security, their personal safety and could be exploited as part of large-scale cyber-attacks. Recent high-profile breaches that have put people’s data and security at risk include attacks on smart watches, CCTV cameras and children's toys.

To make sure consumers are protected when using internet-connected devices and while manufacturers implement stronger security measures, the Government and NCSC have worked closely with consumer groups and industry to develop guidance on smart devices in the home.

The new Code of Practice outlines thirteen guidelines that manufacturers of consumer devices should implement into their product’s design to keep consumers safe. Such guidelines include secure storage of personal data, regular software updates to make sure devices are protected against emerging security threats, no default passwords, and making it easier for users to delete their personal data off the product.

The Government has also published a mapping document to make it easier for other manufacturers to follow in HP Inc.’s and Centrica Hive’s footsteps. Further work is underway to develop regulation that will strengthen the security of internet-connected consumer products.  

The overall initiative is a key part of the Government’s five-year, £1.9 billion National Cyber Security Strategy that is making the UK the most secure place in the world to live and do business online.

Contact Details and Archive...

Print this page | E-mail this page