UK Government advances new Consumer IoT Security Standards

Raising Consumer IoT Security Standards is crucial to ensure you can use the devices you love, without the risks.

IoT, 'The Internet of Things', has revolutionised the ways in which you work, rest and play. Take Amazon Echo - an internet-connected speaker that can operate as a hub for an IoT-connected home - allowing you to dim the lights from your sofa, without lifting a finger. For many of you, connected devices, from Amazon Echo to fitness monitors and connected toys, have become welcome additions to your everyday lives, and not just personally.

At the enterprise level, IoT can provide information on how a remote asset in your business is performing, minimising the need for routine maintenance visits and providing you with the ability to catch problems before they affect your customers.

On a far larger scale, the City of Hull utilises IoT technology to improve the life of its residents. Hull's 'smart bins', for example, feature installed sensors that gather data in real time, in order to monitor waste levels. This means sensors can inform Council street cleansing teams which bins need emptying and when, allowing for the optimal time for waste collection be calculated and saving unnecessary collection vehicle journeys. The end result? Reduced congestion on the roads, lowered CO2 emissions and a cleaner environment for locals and tourists.

But at what cost?

The rapid increase of IoT has raised concerns - particularly in the minds of consumers.
With big connectivity, comes big data, and with big data there can be big risks. These risks include cyber attacks, privacy breaches and hacks.
69%

of consumers believe companies are vulnerable to hacks and cyber-attacks.

85%

of consumers say cyber-security and privacy risks are among the biggest risks facing society.

92%

of consumers agree companies must be proactive about data protection.

Source: PWC US Protect.me Survey, 2017

The UK Government has acknowledged both the substantial benefits and risks of this increasing Big Data ecosystem.
Accordingly, the UK Government has advanced Consumer IoT Security Standards by introducing three critical security requirements:
  • All consumer internet-connected device passwords must be unique and not re-settable to any universal factory setting.
  • Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner.
  • Manufacturers must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online.

Matt Warman, Digital Minister

“We want to make the U.K. safest place to be online with pro-innovation regulation that breeds confidence in modern technology. Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety. It will mean robust security standards are built-in from the design stage and not bolted on as an afterthought.” 

The new legalisation has the potential to protect millions of users of internet-connected household items from the threat of cyber hacks. This means peace of mind that the technology you're bringing into your home is safe, and that issues such as pre-set passwords and sudden discontinuation of security updates are a thing of the past.