Better Cyber Security For Smart Devices

In the future makers of smart devices including phones, speakers, and doorbells will need to tell customers upfront how long a product will be guaranteed to receive vital security updates under groundbreaking plans to protect people from cyber attacks. This comes as the UK government has revealed details of its proposals to improve the security of most smart devices. 
 
The legislation aims to ban easy-to-guess default passwords, make it easier to report bugs, and force manufacturers to say when their devices will stop receiving security updates.
 
The UK Department for Digital, Culture, Media & Sport ('DCMS') announced, on 21 April 2021, Government plans for a new cyber security law to protect smart devices from cyber-attacks, as part of releasing results of the Government public consultation on smart device cyber security.  In particular, the Government outlined that it is planning to change the law to make smart products, such as televisions, cameras, and household appliances which connect to the internet, more secure for individuals to use.
 
Research commissioned by the UK government show almost half (49%) of UK residents have purchased at least one smart device since the start of the coronavirus pandemic. These everyday products, such as smart watches, TVs and cameras, offer a huge range of benefits, yet many remain vulnerable to cyber attacks. Just one vulnerable device can put a user’s network at risk. 
 
To counter these threat, the government is planning a new law to make sure virtually all smart devices meet new requirements: 
 
  • Customers must be informed at the point of sale the duration of time for which a smart device will receive security software updates.
  • A ban on manufacturers using universal default passwords, such as ‘password’ or ‘admin’, that are often preset in a device’s factory settings and are easily guessable.
  • Manufacturers will be required to provide a public point of contact to make it simpler for anyone to report a vulnerability.
Mobile phones and other smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems. The DCMS propose legislation to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords. Requiring unique passwords, operating a vulnerability disclosure program, and informing consumers on the length of time products will be supported is a minimum that any manufacturer should provide.
 
These measures are all included in the international Internet of Secure Things (IoXT) Alliance Compliance Programme and have been well received by manufacturers around the world.
 
The UK government has played an important  vital role in developing the first major international standard for consumer device cyber security to help manufacturers protect consumers around the world from falling victim to cyber attacks. Consumers are increasingly reliant on connected products at work and at home. "The Covid-19 pandemic has only accelerated this trend and while manufacturers of these devices are improving security practices gradually, it is not yet good enough." according to National Cyber Security Centre Technical Director Dr Ian Levy.
 
GovUK:    DCMS:     Data Guidance:      Computer Weekly:     E&T:       Public Service Executive:    Image: Unsplash
 
You Might Also Read:
 
Looking For Vulnerable IoT Devices:
 
 
« Two-Factor Authentication Matters More Than Ever
SolarWinds Campaign Even Wider Than First Thought »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Stormshield

Stormshield

Stormshield is a European leader in digital infrastructure security. We offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures.

Emerson Electric Co

Emerson Electric Co

Emerson provides industrial automation systems and associated cybersecurity solutions to protect critical process control systems from cyber attack.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

Eskive

Eskive

Eskive is a Brazilian cyber security awareness and education platform that empowers users and strengthens their company in the face of cyber threats.

Datplan

Datplan

Datplan offers a software solution that gives an overview of 8 key cyber risk areas, their threats, and risk management steps.

Crypsis

Crypsis

Crypsis was built based on a shared vision of creating a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services.

Ribbon Communications

Ribbon Communications

Ribbon Communications delivers global communications software and network solutions to service providers, enterprises, and critical infrastructure sectors.

Diaplous Group

Diaplous Group

Diaplous Group is a leading Maritime Risk Management (MRM) provider, delivering specialized services to an ever-broadening portfolio of shipping, oil & gas, energy and construction industries.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

ORS Consulting

ORS Consulting

ORS Consulting is a specialist provider of risk management advisory services supporting asset-intensive industries such as chemicals, energy, power and utilities, defence and maritime.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

8com

8com

8com is an established Managed Security Service Provider (MSSP) with over 75 employees and customers in over 40 countries.

Avint

Avint

Avint delivers transformational cybersecurity solutions that help both commercial and government entities achieve mission success.

Ironblocks

Ironblocks

Ironblocks is a pioneering cybersecurity firm that specializes in delivering comprehensive, end-to-end security solutions for the rapidly evolving Web3 ecosystem.

Pulsar Security

Pulsar Security

Pulsar Security is a team of highly skilled, offensive cybersecurity professionals with the industry's most esteemed credentials and advanced real-world experience.