techUK responds to Government's Secure by Design report

The Department for Digital, Culture, Media and Sport (DCMS) has today published a report that sets out measures to help ensure the consumer Internet of Things (IoT) is secure by design.

techUK welcomes the report as an important development in the maturity of the IoT sector. We have long cited trust issues, of which security is one of the primary drivers, as a stumbling block in the adoption of IoT. The approach taken by Government strikes the right balance between driving the adoption of better security, whilst continuing to accommodate innovation and development in the IoT. 

The report, which techUK has been engaged in since the project's inception, rightfully recognises the transformational impact that IoT will and is having on consumers' lives. But it also recognises that cyber security has too often been an afterthought in the development and sale of consumer IoT devices. DCMS identifies two risks that develop as a result of poor practices:

  • Consumer security, privacy and safety is being undermined by the vulnerability of individual devices  
  • The wider economy faces an increasing threat of large scale cyber attacks launched from large volumes of insecure IoT devices

DCMS engaged a range of stakeholders including the National Cyber Security Centre, industry, academia, retailers and consumer groups as it sought to address these risks. At the heart of the report is a Code of Practice aimed at device manufacturers, service providers, developers and retailers. These focus on best practice such as no devices or services to be provided with a default password, implementing a vulnerability disclosure policy and providing ongoing software support. 

DCMS will be consulting on the Code of Practice, with a final version to be published in the summer, with further work also underway on a potential labelling scheme for consumers.

Julian David, CEO of techUK said "The opportunities created by the Internet of Things are now becoming clear. It offers consumers and citizens greater empowerment and control over their lifestyles, from managing energy consumption at home to having peace of mind that a frail relative is going about their normal routine.

However, these opportunities also bring risk and it is important that the IoT market now matures in a sensible and productive way, with security embedded at the design stage. This project is the start of that maturity. Industry has been keen to engage in the review and demonstrate what is best practice. It is important that companies throughout the supply chain now adopt and build on this Code of Practice to build the trust required to drive widespread take-up of the IoT."


techUK is publishing a series of guest blogs as part of today's response:

Stephen Pattison, ARM, on the issue of trust and IoT adoption

Gordon Morrison, Vice-Chair of techUK's Cyber Group, on what happens next

Sean Gulliford, Gemserv, on the impact of GDPR on IoT Cyber-security

Alexandra Deschamps-Sonsino, Design Swarm, the prospects for an #IoTMark


techUK has been engaging with the project for nearly a year as part of the project's External Advisory Group. If you are interested in participating in our work on consumer facing IoT please contact:


.@stanboland says we must set high standards and have robust regulation around autonomous vehicles to keep us all s…
Technology must work for us, not the other way around - a key message from both @ChiOnwurah and @darrenpjones at ou…
.@ChiOnwurah says she wants UK to be an innovation nation but that means investing in skills #DrivingtheFuture #Lab18
Another fringe, another absolutely packed room for @techUK and @_FiveAI discussing autonomous vehicles…
Autonomous vehicles represent first tangible disruptive use of new tech in transport says @darrenpjones #DrivingtheFuture #Lab18
.@stanboland says three technologies (matching supply and demand of transport - sharing vehicles), electric cars an…
We are kicking off our final fringe of the day discussing autonomous vehicles with .@_FiveAI. We will be hearing fr…
Caroline Gray @Agilisys explains how to embed a culture that will support ongoing change through clear accountabili…
We don't need to fear tech we need to seize it and take the advantages for ourselves says @LiamByrneMP #WorkForAll
"We can learn more public policy lessons from the East than the West" when it comes to making the future of work…