New legislation in the UK requires manufacturers of smart products to implement minimum security standards against cyber threats.
The Department for Science, Innovation and Technology (DSIT) has put into force new regulations stipulating that all internet-enabled smart devices, from phones and broadband routers to games consoles and connected fridges, must meet minimum security standards. This means that it is now a legal requirement for manufacturers to protect both individuals and businesses from cyber attacks on their devices.
These new laws include manufacturers banning the use of weak or easily guessable default passwords such as ‘admin’ or ‘12345’. If the password is common, the user must be given the opportunity to change it on start-up. Manufacturers are also required to publish information on how to report bugs and issues so to increase the speed they can be dealt with. They must also be open with consumers on the minimum time they can expect to receive important security updates.
Cyber attacks are hugely disruptive to both consumers and businesses, and with the increased proliferation of smart devices this will only increase. For instance, an investigation by Which? showed that a home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in a single week, with a total of 2,684 attempts to guess weak default passwords on just five devices.
DSIT claims that by giving consumers greater confidence that their internet-connected devices will have better security measures built in will make it more likely that they will use these devices, which in turn will help grow businesses and the economy. These new laws are coming into force as part of the Product Security and Telecommunications Infrastructure (PSTI) regime, which has been designed to improve the UK’s resilience from cyber attacks and ensure malign interference does not impact the wider UK and global economy.