Leading tech companies support Code of Practice to strengthen security of Internet-connected devices

In what’s described as a “world first”, the Government has published new measures specifically designed to help manufacturers boost the security of Internet-connected devices such as alarm systems. 

There are expected to be more than 420 million such devices in use across the UK within the next three years and poorly secured devices such as virtual assistants and smart watches can leave people exposed to security issues and even large-scale cyber attacks.

To combat this, the Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC) set out plans to embed security in the design process of new technology rather than bolt it on as an afterthought. As a result, a new Code of Practice has been developed with industry to improve the cyber security of devices, encourage innovation in new technologies and keep consumers safe.

Ambitious proposals to develop capabilities

David Lidington, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, said: “The National Cyber Security Strategy sets out our ambitious proposals to defend our people, deter our adversaries and develop our capabilities to ensure the UK remains the safest place in which to live and do business online. Tech companies like HP Inc and Centrica Hive Ltd are helping us put in place the building blocks we need to transform the UK’s cyber security. I’m proud to say that the UK is leading the way internationally with our new Code of Practice to deliver consumer devices and associated services that are Secured by Design.”

Margot James, the Minister for Digital, added: “Internet-connected devices have positively impacted our lives, but it’s crucial they have the best possible security to keep us safe from invasions of privacy or cyber attacks. The UK is taking the lead globally on product safety and shifting the burden away from consumers having to secure their devices. The pledges by HP Inc and Centrica Hive Ltd are a welcome first step, but it’s vital that other manufacturers follow their lead to ensure strong security measures are built into everyday technology from the moment it’s designed.”

Poorly secured devices can threaten individuals’ privacy, compromise their network security and their personal safety and could be exploited as part of large-scale cyber attacks. Recent high-profile breaches putting people’s data and security at risk include attacks on smart watches, CCTV cameras and childrens’ toys.

To make sure consumers are protected when using Internet-connected devices and while manufacturers implement stronger security measures, Government and the NCSC have worked closely with consumer groups and industry to develop guidance on smart devices. The new Code of Practice outlines 13 points that manufacturers of consumer devices should implement into their product designs to keep consumers the safe. This includes secure storage of personal data, regular software updates to make sure devices are protected against emerging security threats, no default passwords and making it easier for users to delete their personal data from a given product.

World-leading Code of Practice

Dr Ian Levy, the NCSC’s technical director, commented: “With the amount of connected devices we all use expanding, this world-leading Code of Practice couldn’t come at a more important time. The NCSC is committed to empowering consumers to make informed decisions about security whether they’re buying a smart watch, a kettle or a doll. We want retailers to only stock Internet-connected devices that meet these principles so that UK consumers can trust the technology they bring into their homes will be properly supported throughout its lifetime.”

The Government has also published a mapping document to make it easier for other manufacturers to follow in HP Inc’s and Centrica Hive’s footsteps. Further work is underway to develop regulation that will strengthen the security of Internet-connected consumer products.

Implementing the Code of Practice can help organisations make sure that smart devices processing personal data are compliant with the stronger data protection laws which came into force in May. Failure to comply with the General Data Protection Regulation (GDPR) means that firms could risk fines of up to 4% of global turnover for the most serious proven data breaches.

Seb Chakraborty, Centrica Hive’s chief technology officer, said: “Meeting the privacy and data protection expectations of our valued customers is a priority. We invest heavily in the security of our products and we’re delighted to support Government in this global step forward, building strong security measures into devices at the point of design.”

Front line of cyber security

George Brasher, HP Inc’s UK managing director, observed: “‘Endpoint’ devices increasingly constitute the front line of cyber security. At HP, we’re reinventing the state-of-the-art in device security to address modern threats. Today, we design our commercial products with security built-in not bolted on, not only designed to protect, but also to detect and self-heal from cyber attacks. We’re delighted to be joining forces with the UK Government in our shared ambition to raise the bar broadly in consumer Internet of Things device security, starting with the connected printers we are all used to at home.”

Teg Dosanjh, director of IoT, MDE and SmartThings at Samsung, concluded: “We understand that privacy and security are of great importance to consumer trust in connected devices. We warmly welcome the Government’s desire to make connected devices as safe and secure as possible. We will continue to work with Government to develop these proposals and ensure the transformative potential of the IoT is delivered safely for everyone.”

This initiative is a key part of the Government’s five-year, £1.9 billion National Cyber Security Strategy.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts