Government publishes code to help manufacturers boost cybersecurity

There are expected to be more than 420million Internet-connected devices in use across the UK within the next three years and poorly secured devices, such as virtual assistants, toys and smartwatches, can leave people exposed to security issues and even large scale cyberattacks.

To combat this, the Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC) set out plans in a Secure by Design’ review to embed security in the design process of new technology rather than bolt it on as an afterthought.

As a result, a new Code of Practice has been developed with industry to improve the cyber security of devices, encourage innovation in new technologies and keep consumers safe.

Minister for Digital, Margot James, said: “The UK is taking the lead globally on product safety and shifting the burden away from consumers having to secure their devices.

“The pledges by HP Inc. and Centrica Hive are a welcome first step but it is vital other manufacturers follow their lead to ensure strong security measures are built into everyday technology from the moment it is designed.”

George Brasher, HP, UK Managing Director, said:“Cyber-crime has become an industry and IoT ‘endpoint’ devices increasingly constitute the frontline of cybersecurity. At HP, we are reinventing the state of the art in device security to address modern threats.

“Today we design our commercial products with security built-in not bolted on, not only designed to protect, but also to detect and self-heal from cyber-attacks. We are delighted to be joining forces with the UK Government in our shared ambition to raise the bar broadly in consumer IoT device security, starting with the connected printers we are all used to at home.”

To make sure consumers are protected when using internet-connected devices and while manufacturers implement stronger security measures, Government and NCSC say they have worked closely with consumer groups and industry to develop guidance on smart devices in the home.

The new Code of Practice outlines 13 guidelines that manufacturers of consumer devices should implement into their product’s design to keep consumers safe.

This includes secure storage of personal data, regular software updates to make sure devices are protected against emerging security threats, no default passwords and making it easier for users to delete their personal data off the product.

Dr Ian Levy, the NCSC’s Technical Director, said:“With the amount of connected devices we all use expanding, this world-leading Code of Practice couldn’t come at a more important time.

The government has also published a mapping document to make it easier for other manufacturers to follow in HP and Centrica Hive’s footsteps. Further work is underway to develop regulation that will strengthen the security of internet-connected consumer products.

Implementing the Code of Practice can help organisations make sure that smart devices that process personal data are compliant with the stronger data protection laws which came into force in May. Failure to comply with the General Data Protection Regulations (GDPR) means firms could risk fines of up to £17m or 4 percent of global turnover, for the most serious data breaches.

This initiative is a key part of the Government’s five-year, £1.9billion National Cyber Security Strategy which is making the UK the most secure place in the world to live and do business online.