New legislation will require consumer smart devices to meet three rigorous security requirements for the Internet of Things (IoT), the Department for Digital, Culture, Media and Sport (DCMS) has announced.
Consumer devices such as fridges that can respond to price signals to delay operation or change the amount of power they draw are expected to be important components in reducing grid management costs in future, as are home management services that can manage such variable use to minimise bills.
The new requirements will be:
- All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting
- Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner
- Manufacturers of consumer IoT devices must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online
Digital Minister Matt Warman said: “Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety. It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.”
The measures were developed in conjunction with the business industry and the National Cyber Security Centre. They follow on from the government’s voluntary Secure by Design Code of Practice for consumer IoT security launched in 2018. The Code has already been backed by Centrica Hive. DCMS says research suggests there will be 75 billion internet connected devices, such as televisions, cameras, home assistants and their associated services, in homes around the world by the end of 2025.
Read more about the recent consultation here
Stay up to date with New Power’s online news. Sign up for our FREE weekly newsletter here