HomeInsightsGovernment publishes Secure by Design report setting out measures to boost cyber security in internet-connected devices

Article by

The Government says that manufacturers of “smart” devices will be expected to build-in tough new security measures that last the lifetime of the product, as part of plans to keep the nation safe from the increasing cyber threat.

Estimates show that every household in the UK owns at least ten internet-connected devices and this is expected to increase to 15 devices by 2020, meaning there may be more than 420 million devices in use across the country within three years.

The Government explains that poorly secured devices threaten individuals’ online security, privacy and safety, and could be exploited as part of large-scale cyber attacks. Recent high-profile breaches putting people’s data and security at risk include attacks on smart watches, CCTV cameras and children’s dolls.

Developed in collaboration with the National Cyber Security Centre, manufacturers and retailers the Government’s Secure by Design review lays out plans to embed security in the design process rather than bolt them on as an afterthought.

The Government will work with industry to implement a rigorous new Code Of Practice to improve the cyber security of consumer internet-connected devices and associated services while continuing to encourage innovation in new technologies.

The Government’s Secure by Design report outlines practical steps for manufacturers, service providers and developers. The aim is to encourage firms to make sure that:

  • all passwords on new devices and products are unique and not resettable to a factory default, such as “admin”;
  • they have a vulnerability policy and public point of contact so security researchers and others can report issues immediately and they are quickly acted upon;
  • sensitive data which is transmitted over apps or products is encrypted;
  • software is automatically updated and there is clear guidance on updates to customers;
  • it is easy for consumers to delete personal data on devices and products; and
  • installation and maintenance of devices is easy.

Alongside these measures for IoT manufacturers, the report proposes developing a product labelling scheme so that consumers are aware of a product’s security features at the point of purchase. The Government says it will work closely with retailers and consumer organisations to provide advice and support. To read the DCMS press release in full and for access to the report, click here.