Ben Birchall/AFP/Getty Images
show image

Government unveils new cyber law for connected devices

The government has unveiled plans for new legislation that would force firms to better protect connected devices from cyber attacks.

The new law, unveiled by the digital minister Margot James on Wednesday, would establish a voluntary labelling scheme to assess the security of products, from smart toys to kitchen appliances.

The legislation would also ensure manufacturers create unique passwords for all devices, provide a public point of contact for vulnerability disclosures and state the minimum period during which they will offer security updates.

“Many consumer products that are connected to the internet are often found to be insecure, putting consumers privacy and security at risk,” said the digital minister Margot James. “Our Code of Practice was the first step towards making sure that products have safety features built in from the design stage and not bolted on as an afterthought.”

“These new proposals will help to improve the safety of Internet connected devices and is another milestone in our bid to be a global leader in online safety,” James added.

The government launched a “secure by design” code of practice last year in a bid to encourage manufacturers to put in place better security measures for connected devices. Centrica Hive, HP and Panasonic are among the firms to have signed up.

“Serious security problems in consumer internet of things [IoT] devices, such as pre-set unchangeable passwords,  continue to be discovered and it’s unacceptable that these are not being fixed by manufacturers,” said the National Cyber Security Centre’s technical director Ian Levy.

“This innovative labelling scheme is good news for consumers, empowering them to make informed decisions about the technology they are bringing into their homes.”

The government is now collaborating with other partners around the world in order to establish a common approach to connected device security.

Emily Orton, the co-founder of Darktrace, welcomed the announcement. “It will make manufacturers accountable to basic security protections and enable consumers to purchase IoT products with more confidence.”