UK Govt Introduces IoT Code of Practice

The code will ensure that businesses continue to strengthen the cybersecurity of their products at the design stage.

UK Govt Introduces IoT Code of Practice

The UK Government has launched a new voluntary Code of Practice to help manufacturers boost the security of internet-connected devices such as smartwatches, virtual assistants, home alarm systems, fridges, and toys.

There are expected to be millions internet-connected devices in use across the world and poorly secured devices such as virtual assistants, toys and smartwatches can leave people exposed to security issues and even large scale cyber attacks.

The IoT represents a new chapter of how technology becomes increasingly common in our homes, making people’s lives easier and more enjoyable. As people entrust an increasing amount of personal data to online devices and services, the cyber security of these products is now as important as the physical security of our homes.

To combat this, the UK’s Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC) set out plans in a ‘Secure by Design’ review to embed security in the design process of new technology rather than bolt it on as an afterthought.

As a result, a new Code of Practice has been developed with industry to improve the cybersecurity of devices, encourage innovation in new technologies and keep consumers safe.

The aim of this Code of Practice is to support all parties involved in the development, manufacturing, and retail of consumer IoT with a set of guidelines to ensure that products are secure by design and to make it easier for people to stay secure in a digital world.

“From smartwatches to children’s toys, internet-connected devices have positively impacted our lives but it is crucial they have the best possible security to keep us safe from invasions of privacy or cyber attacks,” UK’s Minister for Digital, Margot James, said in a statement.

“The pledges by HP Inc. and Centrica Hive Ltd are a welcome first step but it is vital other manufacturers follow their lead to ensure strong security measures are built into everyday technology from the moment it is designed.”

Poorly secured devices can threaten individuals’ privacy, compromise their network security, their personal safety and could be exploited as part of large-scale cyber attacks. Recent high-profile breaches putting people’s data and security at risk include attacks on smartwatches, CCTV cameras, and childrens’ toys.

Security CCTV camera in office building. alice-photo /
Security CCTV camera in office building. alice-photo /

“Our National Cyber Security Strategy sets out our ambitious proposals to defend our people, deter our adversaries and develop our capabilities to ensure the UK remains the safest place to live and do business online,” Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, David Lidington said.

Tech companies HP Inc. and Centrica Hive Ltd are the first companies to sign up to commit to the code.

The code will ensure that businesses continue to strengthen the cybersecurity of their products at the design stage.

“Tech companies like HP Inc. and Centrica Hive Ltd are helping us put in place the building blocks we need to transform the UK’s cybersecurity,” said Lidington.

“I am proud to say the UK is leading the way internationally with our new Code of Practice, to deliver consumer devices and associated services that are Secure by Design.”

To make sure consumers are protected when using internet-connected devices and while manufacturers implement stronger security measures, Government and NCSC have worked closely with consumer groups and industry to develop guidance on smart devices in the home.

The new Code of Practice outlines thirteen guidelines that manufacturers of consumer devices should implement into their product’s design to keep consumers safe.

This includes secure storage of personal data, regular software updates to make sure devices are protected against emerging security threats, no default passwords and making it easier for users to delete their personal data off the product.

You can access the UK’s IoT Code of Practice Here.


%d bloggers like this: