BASIC CYBER SECURITY FEATURES will need to be built into internet-connected devices under new laws outlined on Wednesday by UK gov.
The laws, announced by Margot James, Minister of State for Digital and Creative Industries, are intended to help protect households and small businesses from flaw-prone Internet of Things (IoT) gadgets.
One of the proposals is a new labelling scheme that would explain how well protected products such as smart TVs, toys and appliances are. The government claims that the move will mean that "retailers will only be able to sell products with an Internet of Things security label".
The consultation also reinforces the main security requirements set out in the government's 'Secure by Design' code of practice, including:
IoT device passwords must be unique and not resettable to any universal factory setting;
Manufacturers of IoT products provide a public point of contact as part of a vulnerability disclosure policy;
Manufacturers explicitly state the minimum length of time for which the device will receive security updates through an end of life policy.
Digital minister Margot James said: "Many consumer products that are connected to the internet are often found to be insecure, putting consumers privacy and security at risk.
"Our Code of Practice was the first step towards making sure that products have security features built in from the design stage and not bolted on as an afterthought.
"These new proposals will help to improve the safety of internet-connected devices and is another milestone in our bid to be a global leader in online safety."
The news comes a day after Margot James held a roundtable on IoT security with the likes of Amazon, Philips, Panasonic, Samsung, Miele and Yale.
The government claims that it is "working with international partners to ensure that the guidelines drive a consistent approach to IoT security" and that "the proposals set out in the consultation have the potential to impact security of devices made across the world to meet the UK's future standards".
National Cyber Security Centre (NCSC) technical director, Dr Ian Levy added: "Serious security problems in consumer IoT devices, such as pre-set unchangeable passwords, continue to be discovered and it's unacceptable that these are not being fixed by manufacturers.
"This innovative labelling scheme is good news for consumers, empowering them to make informed decisions about the technology they are bringing into their homes." µ
'Some of us like the misery'
That'll surely affect its credit score
Smarter than your average pair of smart glasses