Leading technology firms have begun signing up to the UK’s voluntary code of practice in an attempt to improve the security of internet connected devices.
There are expected to be more than 420 million internet-connected devices in use across the UK within the next three years and poorly secured devices such as virtual assistants, toys and smartwatches can leave people exposed to security issues and even large-scale cyber attacks.
The Code of Practice will ensure that businesses continue to strengthen the cyber security of their products at the design stage, scrutinising coding and software decisions, instead of hardware.
What does the new government industrial strategy mean for CTOs?
Cyber security has been the main focus for the government for years and has been a topic that political figureheads frequently discuss. Recently former security minister Admiral Lord West told the Sunday Telegraph that Chinese companies could provide Beijing with a backdoor to control Britain’s infrastructure. Sir Malcolm added the latest threat of a hardware attack would be “on the radar screen” of GCHQ to “identify whether there is a direct threat to the UK”.
John Smith, Consultant Solution Architect at CA Veracode, said: “This government initiative is exactly what many in the industry have been craving for years. Manufacturers have not really felt any market pressure to improve the security of these devices because consumers still have a lack of understanding of the security implications of IoT devices. Providing concrete guidance to manufacturers while also raising public awareness of these issues can only help address the gap that currently exists. It’s not just about the hardware anymore, it’s about the software behind it, and it’s really encouraging to see that the UK government wake up to the potential vulnerabilities in consumer IoT devices.”
The comprehensive IT security guide for CIOs and CTOs
The CoP was developed by the Department for Digital, Culture, Media & Sport (DCMS) in conjunction with the National Cyber Security Centre and with support from other Government departments, industry and academic partners.
Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, David Lidington said: “Our National Cyber Security Strategy sets out our ambitious proposals to defend our people, deter our adversaries and develop our capabilities to ensure the UK remains the safest place to live and do business online.
“Tech companies like HP Inc. and Centrica Hive Ltd are helping us put in place the building blocks we need to transform the UK’s cyber security.
>See also: The UK’s new National Cyber Security Centre
“I am proud to say the UK is leading the way internationally with our new Code of Practice, to deliver consumer devices and associated services that are Secure by Design.”
Dr Ian Levy, the NCSC’s Technical Director, added: “With the amount of connected devices we all use expanding, this world-leading Code of Practice couldn’t come at a more important time.
“The NCSC is committed to empowering consumers to make informed decisions about security whether they’re buying a smartwatch, kettle or doll. We want retailers to only stock internet-connected devices that meet these principles, so that UK consumers can trust that the technology they bring into their homes will be properly supported throughout its lifetime.”