New legislation in the UK requires manufacturers of smart products to implement minimum security standards against cyber threats.
The Department for Science, Innovation and Technology (DSIT) has put into force new regulations stipulating that all internet-enabled smart devices, from phones and broadband routers to games consoles and connected fridges, must meet minimum security standards.
This means that it is now a legal requirement for manufacturers to protect both individuals and businesses from cyber attacks on their devices.
These new laws include manufacturers banning the use of weak or easily guessable default passwords such as ‘admin’ or ‘12345’. If the password is common, the user must be given the opportunity to change it on start-up.
Manufacturers are also required to publish information on how to report bugs and issues so to increase the speed they can be dealt with. They must also be open with consumers on the minimum time they can expect to receive important security updates.
“We are committed to making the UK the safest place in the world to be online and these new regulations mark a significant leap towards a more secure digital world,” said Viscount Camrose, minister for cyber.
Cyber attacks are hugely disruptive to both consumers and businesses, and with the increased proliferation of smart devices this will only increase. For instance, an investigation by Which? showed that a home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in a single week, with a total of 2,684 attempts to guess weak default passwords on just five devices.
Camrose said: “As everyday life becomes increasingly dependent on connected devices, the threats generated by the internet multiply and become even greater.”
“From today, consumers will have greater peace of mind that their smart devices are protected from cyber criminals, as we introduce world-first laws that will make sure their personal privacy, data and finances are safe.”
DSIT claims that by giving consumers greater confidence that their internet-connected devices will have better security measures built in will make it more likely that they will use these devices, which in turn will help grow businesses and the economy.
“The use and ownership of consumer products that can connect to the internet or a network is growing rapidly. UK consumers should be able to trust that these products are designed and built with security in mind, protecting them from the increasing cyber threats to connectable devices,” said Graham Russell, chief executive of the Office for Product Safety and Standards (OPSS).
“As the UK’s product regulator, OPSS will be ensuring consumers can have that confidence by working with the industry to encourage innovation and compliance with these new laws,” he added.
These new laws are coming into force as part of the Product Security and Telecommunications Infrastructure (PSTI) regime, which has been designed to improve the UK’s resilience from cyber attacks and ensure malign interference does not impact the wider UK and global economy.
The government has said, however, that certain automotive vehicles will be exempt from the PSTI regime, as they will be covered by alternative legislation.