Readers working in industries or advising companies that provide consumer products linking with the internet may be interested in a government initiative to improve cyber security by introducing new laws for internet connected devices.
A recent press release issues by the Department for Digital, Culture, Media and Sports states:
Options that the Government will be consulting on include a mandatory new labelling scheme. The label would tell consumers how secure their products, such as ‘smart’ TVs, toys and appliances, are. The move means that retailers will only be able to sell products with an Internet of Things (IoT) security label.
The consultation focuses on mandating the top three security requirements that are set out in the current ‘Secure by Design’ code of practice. These include that:
- IoT device passwords must be unique and not resettable to any universal factory setting.
- Manufacturers of IoT products provide a public point of contact as part of a vulnerability disclosure policy.
- Manufacturers explicitly state the minimum length of time for which the device will receive security updates through an end of life policy.
Following the consultation, the security label will initially be launched as a voluntary scheme to help consumers identify products that have basic security features and those that don’t.
On the face of it this seems an entirely sensible move. After all, who would want their smart meter or TV hacked with nefarious intent?