techUK responds to Government's Secure by Design report

The Department for Digital, Culture, Media and Sport (DCMS) has today published a report that sets out measures to help ensure the consumer Internet of Things (IoT) is secure by design.

techUK welcomes the report as an important development in the maturity of the IoT sector. We have long cited trust issues, of which security is one of the primary drivers, as a stumbling block in the adoption of IoT. The approach taken by Government strikes the right balance between driving the adoption of better security, whilst continuing to accommodate innovation and development in the IoT. 

The report, which techUK has been engaged in since the project's inception, rightfully recognises the transformational impact that IoT will and is having on consumers' lives. But it also recognises that cyber security has too often been an afterthought in the development and sale of consumer IoT devices. DCMS identifies two risks that develop as a result of poor practices:

  • Consumer security, privacy and safety is being undermined by the vulnerability of individual devices  
  • The wider economy faces an increasing threat of large scale cyber attacks launched from large volumes of insecure IoT devices

DCMS engaged a range of stakeholders including the National Cyber Security Centre, industry, academia, retailers and consumer groups as it sought to address these risks. At the heart of the report is a Code of Practice aimed at device manufacturers, service providers, developers and retailers. These focus on best practice such as no devices or services to be provided with a default password, implementing a vulnerability disclosure policy and providing ongoing software support. 

DCMS will be consulting on the Code of Practice, with a final version to be published in the summer, with further work also underway on a potential labelling scheme for consumers.

Julian David, CEO of techUK said "The opportunities created by the Internet of Things are now becoming clear. It offers consumers and citizens greater empowerment and control over their lifestyles, from managing energy consumption at home to having peace of mind that a frail relative is going about their normal routine.

However, these opportunities also bring risk and it is important that the IoT market now matures in a sensible and productive way, with security embedded at the design stage. This project is the start of that maturity. Industry has been keen to engage in the review and demonstrate what is best practice. It is important that companies throughout the supply chain now adopt and build on this Code of Practice to build the trust required to drive widespread take-up of the IoT."


techUK is publishing a series of guest blogs as part of today's response:

Stephen Pattison, ARM, on the issue of trust and IoT adoption

Gordon Morrison, Vice-Chair of techUK's Cyber Group, on what happens next

Sean Gulliford, Gemserv, on the impact of GDPR on IoT Cyber-security

Alexandra Deschamps-Sonsino, Design Swarm, the prospects for an #IoTMark


techUK has been engaging with the project for nearly a year as part of the project's External Advisory Group. If you are interested in participating in our work on consumer facing IoT please contact:


Two weeks left to apply for the Mayor’s first ever #LDNcivicchallenge! Get involved to share your innovative ideas…
We held a great workshop this week w/ @foreignoffice looking at how tech & digital can combat illegal wildlife traf…
We are looking forward to hearinh from @nicolag71, President of @SOCITM at our #techUKSmarterState conference. Last…
Seen the Future of Mobility Challenge at the @SMMT yet? If you’ve got solutions to key mobility challenges, then do…
The @IoCoding will enable companies to build workforces fit for the future, by offering high quality learning, buil…
Catch up on this week's digital and tech policy news with a new Policy Pulse, hot off the presses!
Another congratulations to our Data Centre lead on the win! There will be more to come, we are sure!