Manufacturers of 'smart' devices will be expected to build-in tough new security measures that last the lifetime of the product.
Today the Department for Media, Culture and Sport announced plans to keep the nation safe from the increasing cyber threat in a new report, developed alonside manufacturers, retailers and the National Cyber Security Centre, "Secure by Design".
This initiative is a key part of the Government’s five-year, £1.9 billion National Cyber Security Strategy which is making the UK the most secure place in the world to live and do business online. It lays out plans to embed security in the design process of devices, rather than bolt them on as an afterthought. Practical steps for manufacturers, service providers and developers laid out in the report include:
- All passwords on new devices and products are unique and not resettable to a factory default, such as ‘admin’
- They have a vulnerability policy and public point of contact so security researchers and others can report issues immediately and they are quickly acted upon
- Sensitive data which is transmitted over apps or products is encrypted
- Software is automatically updated and there is clear guidance on updates to customers
- It is easy for consumers to delete personal data on devices and products
- Installation and maintenance of devices is easy.
Alongside these measures, the report also proposes a product labelling scheme so consumers are aware of a product’s security features at the point of purchase.
“The IoT and Security are both hot topics for Cambridge Wireless members and we are acutely aware of the potential dangers posed by insecure devices as they get deployed in our homes and the general environment. This Government Code of Practice is an important step forward to raise awareness, not just in the suppliers but right through the supply chain to retailers and their customers. No doubt the practical implications of the Code will be discussed in forthcoming CW events." - John Haine, University of Bristol, Academic & Industry SIG Champion
The full Secure by Design report is available on the government website. Stakeholders have an opportunity to send feedback on the report’s draft proposals via email@example.com from the 7th March until the 25th April.