techUK responds to Government's Secure by Design report

The Department for Digital, Culture, Media and Sport (DCMS) has today published a report that sets out measures to help ensure the consumer Internet of Things (IoT) is secure by design.

techUK welcomes the report as an important development in the maturity of the IoT sector. We have long cited trust issues, of which security is one of the primary drivers, as a stumbling block in the adoption of IoT. The approach taken by Government strikes the right balance between driving the adoption of better security, whilst continuing to accommodate innovation and development in the IoT. 

The report, which techUK has been engaged in since the project's inception, rightfully recognises the transformational impact that IoT will and is having on consumers' lives. But it also recognises that cyber security has too often been an afterthought in the development and sale of consumer IoT devices. DCMS identifies two risks that develop as a result of poor practices:

  • Consumer security, privacy and safety is being undermined by the vulnerability of individual devices  
  • The wider economy faces an increasing threat of large scale cyber attacks launched from large volumes of insecure IoT devices

DCMS engaged a range of stakeholders including the National Cyber Security Centre, industry, academia, retailers and consumer groups as it sought to address these risks. At the heart of the report is a Code of Practice aimed at device manufacturers, service providers, developers and retailers. These focus on best practice such as no devices or services to be provided with a default password, implementing a vulnerability disclosure policy and providing ongoing software support. 

DCMS will be consulting on the Code of Practice, with a final version to be published in the summer, with further work also underway on a potential labelling scheme for consumers.

Julian David, CEO of techUK said "The opportunities created by the Internet of Things are now becoming clear. It offers consumers and citizens greater empowerment and control over their lifestyles, from managing energy consumption at home to having peace of mind that a frail relative is going about their normal routine.

However, these opportunities also bring risk and it is important that the IoT market now matures in a sensible and productive way, with security embedded at the design stage. This project is the start of that maturity. Industry has been keen to engage in the review and demonstrate what is best practice. It is important that companies throughout the supply chain now adopt and build on this Code of Practice to build the trust required to drive widespread take-up of the IoT."


techUK is publishing a series of guest blogs as part of today's response:

Stephen Pattison, ARM, on the issue of trust and IoT adoption

Gordon Morrison, Vice-Chair of techUK's Cyber Group, on what happens next

Sean Gulliford, Gemserv, on the impact of GDPR on IoT Cyber-security

Alexandra Deschamps-Sonsino, Design Swarm, the prospects for an #IoTMark


techUK has been engaging with the project for nearly a year as part of the project's External Advisory Group. If you are interested in participating in our work on consumer facing IoT please contact:


Read techUK Deputy CEO @techUKdepCEO's response to the draft Brexit agreement: #Brexit
Register now for our next #techUKMeetUp on 20 March – Niall Quinn, Director tech at @gov_procurement will be joinin…
Addressing #cybersecurity of #IoT – don’t miss out on attending this new and exciting conference organised by @iET
What is next for the #DigitalMarketplace? Looking for top tips and an opportunity to share your thoughts on…
Register now for our next #techUKMeetUp on 20 March – Niall Quinn, Director tech at @gov_procurement will be joinin…
Organisation Reference Data is changing - but there time to send your comments to @NHSDigital on the impact this wi…
Thank you to @EastHantsDC for hosting today's Local Public Services Committee. It was great to hear the vision for…
Read techUK Deputy CEO @techUKdepCEO's response to the Spring Statement: #SpringStatement