A UK government code of practice for security of consumer IOT (internet of things) products has been welcomed in the security industry. While voluntary, its 13 guidelines may help with compliance with data protection laws, such as the UK’s Data Protection Act 2018 and the European Union-wide General Data Protection Regulation (GDPR).
HP Inc and Centrica Hive (pictured) are the first companies to sign up; and the Government encourages other manufacturers, retailers and industries to follow. Cabinet Office minister David Lidington said the UK is leading the way in ensuring the security and protection of data. Also published is consumer guidance for setting up, managing and securing smart devices in the home; whether watches, virtual assistants, alarms, cameras or toys. This means that not only will the security industry benefit from this code of practice, but consumers will too.
At CA Veracode Consultant Solution Architect, John Smith, said it was exactly what many in the security industry have been craving for years. “Manufacturers have not really felt any market pressure to improve the security of these devices because consumers still have a lack of understanding of the security implications of IOT devices. Providing concrete guidance to manufacturers while also raising public awareness of these issues can only help address the gap. It’s not just about hardware any more, but software behind it”.
Software Security
“It is also great news that the government is explicitly identifying software security as one of the three prioritised guidelines in this code of practice. Internet connected devices and the services they rely on are
all run on software and ensuring that it is ‘Secure by Design’ will deliver real benefits to consumers and manufacturers. Security must be built into any application from the outset, then it must be continuously and rigorously tested, with preventative patching immediately undertaken on vulnerabilities.”
Therefore, not only will the code of practice ensure that companies are compliant with data protection laws, it will also increase the public’s understanding of how they can increase the security of their smart devices within their own home.
