UK mandates minimum security standards for smart devices
UK government regulations now require all internet-connected smart devices to meet minimum-security standards by law. This groundbreaking legislation ranges from phones to TVs and smart doorbells, and is aimed at protecting both consumers and businesses from cyber threats.
This initiative is the result of joint efforts by the Department for Science, Innovation and Technology, the National Cyber Security Centre, the Office for Product Safety and Standards, with the support of Julia Lopez MP and Viscount Camrose. The legislation positions the UK as the world leader in defensive measures against cyber criminals.
The new laws mandate manufacturers to shield their products against hackers and cyber intrusions. Essential provisions include the banning of easily guessed default passwords such as 'admin' or '12345'. Users are instead instructed to change any such passwords upon set up. This measure intends to minimise risks from attacks similar to the notorious Mirai attack of 2016. This attack exploited weak security features in over 300,000 smart devices, resulting in significant disruptions to major internet platforms and services, particularly on the US East Coast.
The legislation's impact goes beyond immediate protection; it is also critical in securing the trust of consumers in buying and using connected devices. Recent studies have shown that nearly all adults in the UK own at least one smart device, and the average household has nine such devices. The new regulations, therefore, offer protection to consumers from potential cyber attacks and enhance confidence in the purchase and use of these devices, thereby stimulating economic growth and business expansion.
Oseloka Obiora, CTO at RiverSafe, underlined the importance of the move: "There is no doubt smart devices have become a big part of our day to day lives, creating an open door for hackers to gain all kinds of personal information and data. Now, it is essential that we aim to make the UK a safer place online, in response to the increasing rise of cyber attacks."
Obiora added, "To enhance readiness, security teams require robust network visibility to promptly identify and resolve vulnerabilities across systems, minimising the impact of cyber threats."
Andy Ward, VP International for Absolute Security, echoed these sentiments, stating: "With smart devices being increasingly hacked, it is necessary that new rules have been put in place to toughen cyber resilience and make the UK a safer place online. As the UK confronts rising cyber threats, it's crucial to strengthen cybersecurity by focusing on threat protection, deterring attacks, and preparing for defence for all internet-connected gadgets."
Ward emphasised that to achieve this, "clear visibility and effective control over networks is a necessity. It is also crucial to demand a robust framework to improve network supervision and establish a solid defensive stance."