UK government launches five-week consultation into IoT security

The UK government is looking to ensure the security of the Internet of Things as they become more prevalent in the home, possibly through the use of legislation.

The government says that it wants IoT devices to be secure by design and, having already published a code of practice paper, is now embarking on a five-week security consultation during which the Department for Digital, Culture, Media and Sport (DCMS) will consider regulatory proposals.

See also:

• IoT devices put healthcare networks at risk
• Security, connectivity and data analysis are top IoT developer concerns
• IoT attacks increase but rely on the same old weaknesses

The consultation period starts today and runs until June 5, and the government says: "The UK Government takes the issue of consumer IoT security very seriously. We recognise the urgent need to move the expectation away from consumers securing their own devices and instead ensure that strong cyber security is built into these products by design".

The consultation, and possible resulting legislation will build upon October's Code of Practice for Consumer IoT Security which made numerous security suggestions. In all, 13 security guidelines were set out for device manufacturers, including:

• No default passwords
• Make it easy for consumers to delete personal data
• Make systems resilient to outages
• Ensure that personal data is protected
• Implement a vulnerability disclosure policy

In addition to legislation, a labelling scheme will be introduced to convey to consumers the security features offered by different products.

Image credit: Panchenko Vladimir / Shutterstock