Government unveils new measures to make IoT devices more secure

Connected tech manufacturers told to implement security by design

Connected technology companies will be expected to integrate a string of tough security measures into their devices under new government plans unveiled today.

After conducting a comprehensive review into Internet of Things (IoT) device security, the government has outlined a range of new security processes that tech manufacturers will need to consider when designing devices.

It is widely believed that connected gadgets, including 'smart' televisions, toys and speakers are easy targets for cyber criminals. Security specialists have slammed the makers of such devices for doing too little to secure such devices.

In some cases, especially with connected security systems, manufacturers' desire to make products that will connect to the internet quickly and easily has actively undermined consumers' home IT security.

The government's Security by Design review - which was developed with manufacturers, retailers and the National Cyber Security Centre (NCSC) - makes it clear that companies should integrate sufficient security mechanisms into devices.

From now on, technology companies producing connected devices will have to adhere to a new Code Of Practice. Officials claimed that it will "improve the cyber security of consumer internet-connected devices and associated services while continuing to encourage innovation in new technologies".

They added that the review "outlines practical steps for steps for manufacturers, service providers and developers".

Companies are expected to implement admin passwords, generate vulnerability policies, ensure that data is encrypted an issue automatic updates.

Margot James, minister for digital and the creative industries, said the government wants "everyone to benefit from the huge potential of internet-connected devices".

She continued: "It is important they are safe and have a positive impact on people's lives," adding: "We have worked alongside industry to develop a tough new set of rules so strong security measures are built into everyday technology from the moment it is developed.

"This will help ensure that we have the right rules and frameworks in place to protect individuals and that the UK continues to be a world-leading, innovation-friendly digital economy."

Dr Ian Levy, technical director at the NCSC, said the organisation is "committed to ensuring the UK has the best security it can, and stop people being expected to make impossible safety judgements with no useful information".

He continued: "We are pleased to have worked with DCMS on this vital review, and hope its legacy will be a government ‘kitemark' clearly explaining the security promises and effective lifespan of products.

"Shoppers should be given high quality information to make choices at the counter. We manage it with fat content of food and this is the start of doing the same for the cyber security of technology products."