Government offers £200,000 to evaluate device security

Smart gadgets like printers, scanners and security cameras are an appealing target for cybercriminals

The UK Government is inviting bids for £200,000 in funding to support a study into the cyber security of internet-connected workplace devices.

The funding programme will help the Department for Digital, Culture, Media & Sport (DCMS) determine the extent of security vulnerabilities in common enterprise Internet of Things (IoT) devices, as well as understanding how - if at all - these vulnerabilities can be mitigated.

Smart gadgets like printers, scanners, security cameras and hotel booking and signing-in devices are an appealing target for cybercriminals, as they collect sensitive data and often feature low security.

While some devices have innate security measures, those that lack protection could put the businesses using them in jeopardy.

In 2019, research by Microsoft found that Russian hackers had been successful in infiltrating conference phones and workplace printers.

UK attempting to lead the way in IoT security

The new grant is part of the Government's £2.6 billion National Cyber Strategy, and aligns with the ambition for the UK to take the lead in developing technology to protect the IoT.

The winning bidder will receive up to £200,000 to test widely used devices and determine if existing guidelines, such as NCSC device security principles, are robust enough to defend organisations against evolving threats.

Organisations submitting bids must have at least some background in testing IoT devices or other related technologies.

The majority of the items evaluated as part of the research are aimed towards the UK market, to ensure the study findings are relevant to products used in the UK.

All funds offered under this grant must be used before 31st March, 2023, since the DCMS fiscal year runs from 1st April to 31st March.

Applications are open until 29th October, 2022, at 14:00 BST.

Cyber minister Julia Lopez said the project will ensure the UK has the proper measures in place to protect the economy, workplaces, and employees from cyber security risks.

Steven Furnell, IEEE Senior Member and Professor of Cyber Security at the University of Nottingham, said: "Most IoT devices are not doing any ongoing checks on who is using them. They are set up and can then be controlled equally by anyone, albeit maybe with a password or PIN required to get into the 'Settings' menu.

"However, introducing a check each time someone wants to do something would not be possible if we rely on traditional methods. Biometrics open the door to making the checks in a friendly and tolerable manner, with the potential for seamless transitioning between users of shared devices."

Kevin Curran, IEEE Senior Member and Professor of Cybersecurity at Ulster University, commented: "Many of the steps in securing IoT activities are similar to security within the larger enterprise system. However, organisations need to be aware that privacy issues can arise due to their IoT data collection mechanisms which may lead to user profiling and identification of individuals in unforeseen use case scenarios.

"The greatest care needs to be taken when deploying data collection devices with regards their lifecycle, data collection mechanisms and overall security protocols. While devices may have some protections built-in, products with poor cyber security can leave companies using them at risk, particularly as more and more data is being collected. Adopting a multi-layered security strategy is often best practice."