Better Cyber Security For Smart Devices

Uploaded on 2021-04-28 in TECHNOLOGY-Key Areas-Internet of Things, TECHNOLOGY--Resilience, TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-Law

In the future makers of smart devices including phones, speakers, and doorbells will need to tell customers upfront how long a product will be guaranteed to receive vital security updates under groundbreaking plans to protect people from cyber attacks. This comes as the UK government has revealed details of its proposals to improve the security of most smart devices. 
 
The legislation aims to ban easy-to-guess default passwords, make it easier to report bugs, and force manufacturers to say when their devices will stop receiving security updates.
 
The UK Department for Digital, Culture, Media & Sport ('DCMS') announced, on 21 April 2021, Government plans for a new cyber security law to protect smart devices from cyber-attacks, as part of releasing results of the Government public consultation on smart device cyber security.  In particular, the Government outlined that it is planning to change the law to make smart products, such as televisions, cameras, and household appliances which connect to the internet, more secure for individuals to use.
 
Research commissioned by the UK government show almost half (49%) of UK residents have purchased at least one smart device since the start of the coronavirus pandemic. These everyday products, such as smart watches, TVs and cameras, offer a huge range of benefits, yet many remain vulnerable to cyber attacks. Just one vulnerable device can put a user’s network at risk. 
 
To counter these threat, the government is planning a new law to make sure virtually all smart devices meet new requirements: 
 
  • Customers must be informed at the point of sale the duration of time for which a smart device will receive security software updates.
  • A ban on manufacturers using universal default passwords, such as ‘password’ or ‘admin’, that are often preset in a device’s factory settings and are easily guessable.
  • Manufacturers will be required to provide a public point of contact to make it simpler for anyone to report a vulnerability.
Mobile phones and other smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems. The DCMS propose legislation to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords. Requiring unique passwords, operating a vulnerability disclosure program, and informing consumers on the length of time products will be supported is a minimum that any manufacturer should provide.
 
These measures are all included in the international Internet of Secure Things (IoXT) Alliance Compliance Programme and have been well received by manufacturers around the world.
 
The UK government has played an important  vital role in developing the first major international standard for consumer device cyber security to help manufacturers protect consumers around the world from falling victim to cyber attacks. Consumers are increasingly reliant on connected products at work and at home. "The Covid-19 pandemic has only accelerated this trend and while manufacturers of these devices are improving security practices gradually, it is not yet good enough." according to National Cyber Security Centre Technical Director Dr Ian Levy.
 
GovUK:    DCMS:     Data Guidance:      Computer Weekly:     E&T:       Public Service Executive:    Image: Unsplash
 
You Might Also Read:
 
Looking For Vulnerable IoT Devices:
 
 
« Two-Factor Authentication Matters More Than Ever
SolarWinds Campaign Even Wider Than First Thought »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cysec Resource Co (CRC)

Cysec Resource Co (CRC)

We offer expertise in information and cyber security, sourcing individuals and teams who provide information security expertise to the public and private sector.

ISO Quality Services Ltd

ISO Quality Services Ltd

ISO Quality Services is an independent organisation that specialises in the implementation, certification and continued auditing of ISO and BS EN Management Standards including ISO 27001..

Research Institute in Trustworthy Industrial Control Systems (RITICS)

Research Institute in Trustworthy Industrial Control Systems (RITICS)

RITICS is one of three Research Institutes formed as part of the UK National Cyber Security Strategy.

Insta Group

Insta Group

Insta are a trusted cyber security partner for security-critical companies and organizations.

National Association of State Chief Information Officers (NASCIO)

National Association of State Chief Information Officers (NASCIO)

NASCIO's Cybersecurity Committee focuses helps state CIOs to formulate high-level security and data protection policies and technical controls.

Leibniz-Rechenzentrum (LRZ)

Leibniz-Rechenzentrum (LRZ)

The LRZ supports ground-breaking research and teaching in a wide range of scientific disciplines including information security and data protection.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Sistem Integra (SISB)

Sistem Integra (SISB)

SISB provide IT Security Infrastructure & Development, Mechanical & Electrical Services, Fire Safety & Detection Services, Facilities Management & Application Development.

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau is the national accreditation body for Lithuania. The directory of members provides details of organisations offering certification services for ISO 27001.

Huntress Labs

Huntress Labs

Huntress provides managed threat detection and response services to uncover and address malicious footholds that slip past your preventive defenses.

Consistec Engineering & Consulting

Consistec Engineering & Consulting

Consistec Engineering & Consulting GmbH is an information technology and services company offering solutions for monitoring the security of IT and OT infrastructure.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

Allentis

Allentis

Allentis provide adapted solutions to ensure the security and performance of your information system.

Sotero

Sotero

Sotero is the first cloud-native, zero trust data security platform that consolidates your entire security stack into one easy-to-manage environment.

BlueSteel Cybersecurity

BlueSteel Cybersecurity

BlueSteel is a compliance consulting firm that leverages deep system, data and application expertise to build sustainable cybersecurity solutions.

Sirti

Sirti

Sirti is Italy's leading technology company in the design and production of network infrastructures and telecoms system integration.