The UK Enacts Law to Fortify Security Posture of IoT Devices in the Country

• The law will work to improve the security standards of the consumer Internet of Things.
• The sale of IoT devices has been on the rise and there will be 75 billion internet-connected devices in the world by 2025.

The U.K. government recently introduced new legislation to protect millions of users of internet-connected devices from the threat of cyber hacks.

What does the law promise?

The new law is a joint effort of the Department for Digital, Culture, Media, and Sport (DCMS) and National Cyber Security Centre (NCSC).

The law will work to improve the security standards of the consumer Internet of Things (IoT). It will ensure all consumer smart devices manufacturers in the U.K to adhere to the three rigorous security requirements.

The three key security requirements

• All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting.
• Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner.
• Manufacturers of consumer IoT devices must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in-store or online.

The future of Consumer IoT

According to DCMS, the sale of connected devices has been on the rise and there will be 75 billion internet-connected devices from televisions and cameras to home assistants and their associated services in homes around the world by the end of 2025.

Who said what?

Digital Minister Matt Warman said “Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety. It will mean robust security standards are built-in from the design stage and not bolted on as an afterthought.”

Nicola Hudson, Policy and Communications Director at the NCSC, said, “It will give shoppers increased peace of mind that the technology they are bringing into their homes is safe and that issues such as pre-set passwords and sudden discontinuation of security updates are a thing of the past.”

Matthew Evans, director of markets, techUK said “techUK is supportive of the Government’s commitment to legislate for cybersecurity to be built into consumer IoT products from the design stage. We support the work to ensure that they are consistent and are influencing international standards.

John Moor, Managing Director, IoT Security Foundation said “Over the past five years, there has been a great deal of concern expressed toward vulnerable consumers and inadequate cybersecurity protection...The IoT Security Foundation welcomes the results of the consultation as it not only provides clarity for industry, it is great news for consumers and bad news for hackers.”

The future roadmap in IoT security

The Government is reportedly working with international bodies to ensure that the guidelines drive a consistent, global approach to IoT security. Meanwhile, it aspires to further—and soon—develop legislation that effectively protects consumers, and which is implementable by industry while supports their long term growth.