Published: Fri, March 09, 2018
Sci-tech | By Brandy Patterson

United Kingdom government sets out rules to improve 'smart' device security

United Kingdom government sets out rules to improve 'smart' device security

The UK government today called for stronger security measures for internet-connected devices, urging manufacturers to build security into product designs.

The 'Secure by Design' review outlines plans to embed security measures in the design process rather than adding them on as an afterthought. We have worked alongside the industry to develop a tough new set of rules so strong security measures are built into everyday technology from the moment it is developed.

The UK government has laid out guidelines to make internet of things (IoT) devices safer as it steps up its attempts to protect the country from the increase in cyberattacks.

NCSC technical director Dr Ian Levy said the centre aims to "stop people being expected to make impossible safety judgements with no useful information". Shoppers should be given high quality information to make choices at the counter. Recent high-profile breaches putting people's data and security at risk include attacks on smart watches, CCTV cameras and children's dolls.

He penned a post that outlines the various reasons that IoT vendors, hardware manufacturers, IoT integrators and platform suppliers don't think about or implement IoT security, and said that if one doesn't consider why manufacturers create insecure IoT devices, then one can't fix the underlying problems.

More news: PUBG reveals the 2018 roadmap - New map plans and more

David added, "This project is the start of that maturity".

From now on, technology companies producing connected devices will have to adhere to a new Code Of Practice. The Government's actions include the funding of research and innovation in IoT, including through the three-year £30m IoT UK Programme.

But it's important such devices are "safe" and make a "positive impact", she said.

The draft code, which is open to consultation until 25th April, has been developed as part of a broader review into the cybersecurity of consumer IoT devices and services that the government has undertaken.

The publication of this report, and particularly the draft Code of Practice, is meant to stimulate further dialogue with industry, worldwide partners, academic institutions and civil society. The malware hacked devices by searching for those that used default passwords.

More news: Russian Federation records another air crash

More, devices should have a vulnerability policy and a public point of contact so security researchers and others can report problems immediately, it says. Hard-coded credentials in device software are not acceptable. All keys should be managed securely.

Make systems resilient to outages.

The 13 points listed in the draft code are ordered by priority, topped by a recommendation for each consumer IoT device to have its own unique password that can not be rest to a "universal factory default value".

Consumers should also be able to delete their personal data from devices, according to the draft code.

Validate input data: Data input via user interfaces and transferred via application programming interfaces (APIs) or between networks in services and devices must be validated.

More news: Missouri officer killed, 2 hurt when sent to wrong house

Like this: