The Department for Digital, Culture, Media and Sport (DCMS) has today published a report that sets out measures to help ensure the consumer Internet of Things (IoT) is secure by design.
techUK welcomes the report as an important development in the maturity of the IoT sector. We have long cited trust issues, of which security is one of the primary drivers, as a stumbling block in the adoption of IoT. The approach taken by Government strikes the right balance between driving the adoption of better security, whilst continuing to accommodate innovation and development in the IoT.
The report, which techUK has been engaged in since the project's inception, rightfully recognises the transformational impact that IoT will and is having on consumers' lives. But it also recognises that cyber security has too often been an afterthought in the development and sale of consumer IoT devices. DCMS identifies two risks that develop as a result of poor practices:
- Consumer security, privacy and safety is being undermined by the vulnerability of individual devices
- The wider economy faces an increasing threat of large scale cyber attacks launched from large volumes of insecure IoT devices
DCMS engaged a range of stakeholders including the National Cyber Security Centre, industry, academia, retailers and consumer groups as it sought to address these risks. At the heart of the report is a Code of Practice aimed at device manufacturers, service providers, developers and retailers. These focus on best practice such as no devices or services to be provided with a default password, implementing a vulnerability disclosure policy and providing ongoing software support.
DCMS will be consulting on the Code of Practice, with a final version to be published in the summer, with further work also underway on a potential labelling scheme for consumers.
Julian David, CEO of techUK said "The opportunities created by the Internet of Things are now becoming clear. It offers consumers and citizens greater empowerment and control over their lifestyles, from managing energy consumption at home to having peace of mind that a frail relative is going about their normal routine.
However, these opportunities also bring risk and it is important that the IoT market now matures in a sensible and productive way, with security embedded at the design stage. This project is the start of that maturity. Industry has been keen to engage in the review and demonstrate what is best practice. It is important that companies throughout the supply chain now adopt and build on this Code of Practice to build the trust required to drive widespread take-up of the IoT."
techUK is publishing a series of guest blogs as part of today's response:
Stephen Pattison, ARM, on the issue of trust and IoT adoption
Gordon Morrison, Vice-Chair of techUK's Cyber Group, on what happens next
Sean Gulliford, Gemserv, on the impact of GDPR on IoT Cyber-security
Alexandra Deschamps-Sonsino, Design Swarm, the prospects for an #IoTMark
techUK has been engaging with the project for nearly a year as part of the project's External Advisory Group. If you are interested in participating in our work on consumer facing IoT please contact: