UK Government announces new laws for internet connected devices

In 2019, if something exists, then there’s probably a version of it that connects to the internet. From hairbrushes to lightbulbs to Wi-Fi egg boxes(!), it seems the list of our household objects connected to the Wi-Fi is added to every day. The government expects that in the next year, the average UK household will have 15 internet connected devices and that doesn’t look like it’s shrinking any time soon.

The Internet of Things (IoT) has grown much faster than the laws and legislation surrounding it, leading to fears surrounding the integrity of it’s security. Consumers are becoming better informed on the implications of having so many of their belongings connected to the Wi-Fi, particularly when it comes to potential data theft.

Some manufacturers have, up to now, been able to take advantage of the fact there are gaps in legislation. Worrying security problems continue to be identified in consumer IoT devices, such as unchangeable preset passwords.

But as the industry grows and consumers become more security savvy, the lack of legislation is not sustainable and the UK government has chosen to step in.

And so, earlier on this month, Margot James, Minister for Digital and the Creative Industries, announced the governments plans to introduce laws for internet connected devices.

“Forecasts vary, but some suggest that by next year, there will be an estimated twenty billion internet connected devices worldwide.

In the UK alone, it is estimated that ownership of smart devices could rise to 15 devices per household within the next 12 months.

The cyber security of these products is now as important as the physical security of our homes. Organisations need to be taking care of their customers.

And the most effective way to do this is to make sure the products that they produce are secure by design”

Margot James MP. “Living in the internet of things” speech to the IET Conference. 1^st May 2019.

The biggest concern is that many internet-connected devices available on the market today still lack basic security provisions.

With that in mind, the decision has been made to take action to ensure that strong cyber security is built in to internet connected appliances by design. The proposal is based around three main guidelines of the code of practise:

• Forbidding the use of universal default passwords in consumer IoT products
• Manufacturers must have a contact point for security researchers to report vulnerabilities
• Consumers must be explicitly informed of the minimum length of time for which security updates are provided for their devices.

The code is due to be reviewed every two years to keep it in line with the fast paced development of the technology it protects. Another interesting point from within the code is that there is a labelling scheme being consulted on, at a voluntary level for the time being. The labels will highlight a product’s compliance with the three codes of practise above and will easily allow customers to differentiate between products with basic security provisions and those without. We’re imagining a scheme similar to the energy efficiency labels found on white goods, or the food hygiene ratings displayed on the windows of our restaurants and takeaways, but only time will tell what this actually looks like or how a company will go about obtaining their own ratings.

What we do know is that when the proposals come in to force it’s looking like it’ll become the new normal for a manufacturer to firstly, have followed the steps set out in the guidelines and secondly, to have followed the – currently voluntary – labelling system. The government already has some huge names backing the new scheme such as Centrica Hive,  HP Inc Geo, Panasonic, Amazon, Samsung, Miele, Yale and Legrand, who have all affirmed their commitment to taking steps to ensure that effective security solutions are being implemented across their IoT devices.

Ultimately, the early stages of the new proposals look like they’re going to be very beneficial for consumers and businesses alike. Consumers will be able to shop with more trust for the security of smart appliances and will therefore be more likely to have the confidence to spend money on them. That’s money going in to the manufacturer who then in turn will have the stability and certainty to thrive and develop further.