The Government has revealed plans to tighten up the laws governing millions of household items that are connected to the Internet, to ensure they are better protected from cyber attacks.
Options that the Government will be consulting on include a mandatory new labelling scheme, which would inform consumers how secure their products such as smart TVs, toys and appliances are.
The move means that retailers will only be able to sell products with an Internet of Things (IoT) security label. The consultation focuses on mandating the top three security requirements that are set out in the current ’Secure by Design’ code of practice.
These include that IoT device passwords must be unique and not resettable to any universal factory setting. Manufacturers of IoT products must also provide a public point of contact as part of a vulnerability disclosure policy.
And finally, manufacturers must explicitly state the minimum length of time for which the device will receive security updates through an end of life policy.
Following the consultation, the security label will initially be launched as a voluntary scheme to help consumers identify products that have basic security features and those that do not.
Digital Minister Margot James said: "Many consumer products that are connected to the internet are often found to be insecure, putting consumers privacy and security at risk. Our Code of Practice was the first step towards making sure that products have safety features built in from the design stage and not bolted on as an afterthought.
"These new proposals will help to improve the safety of internet-connected devices and is another milestone in our bid to be a global leader in online safety."
The consultation follows the Government’s voluntary Secure by Design Code of Practice for consumer IoT security launched last year. The code advocates for stronger cyber security measures to be built into smart products right from the design stage, and has already been backed by Centrica Hive, HP Inc and Panasonic.
The Government is working with international partners to ensure that the guidelines drive a consistent approach to IoT security. The proposals set out in the consultation have the potential to impact the security of devices made across the world to meet the UK’s future standards.
Alternative options to the label that Government are also consulting on would be to mandate retailers to not sell any products that do not adhere to the top three security requirements of the Code.