The United Kingdom has announced a new law concerning the security of Internet of Things (IoT) devices. Digital Minister Matt Warman announced that all connected devices sold in the United Kingdom must adhere to three requirements:
- All IoT devices must have a unique password that can’t be reset to it’s universal factory setting.
- IoT device manufacturers must provide a “public point of contact” for users to report vulnerabilities, to be dealt with in a “timely manner”.
- Manufacturers of IoT devices must also state the minimum length of time that they’ll be updating their devices’ security. This information must be explicit wherever the device is sold, be it online or in a store.
In a press release from the Department for Digital, Culture, Media and Sport (DCMS), Warman said,
“We want to make the UK the safest place to be online with pro-innovation regulation that breeds confidence in modern technology. Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety. It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.”
DCMS developed these regulations with the National Cyber Security Centre as well as private industry. The government plans on further developing legislation regarding IoT devices to protect consumers. Previously in 2018, the United Kingdom government passed the Secure by Design Code of Practice, which said that security measures should be implemented in the design stage of IoT products. As there will be 75 billion IoT devices by the last months of 2025, the government of the United Kingdom seeks to prevent cyber hacks.
Internet of Things Legislation in the United States
Currently, there is no federal legislation regarding IoT devices in the United States. California was the only state to pass legislation regarding the cybersecurity of connected devices. Under this law, which went into effect on the first day of 2020, IoT device manufacturers must include “reasonable security features” including a unique, pre-programmed password for each device as well as authentication when using the device for the first time. Since it’s passing last May, no other state has passed any IOT cybersecurity legislation.
Why does IoT require security?
Iot devices require security because without it, they can be hacked into, which means that hackers could gain access to your personal information. That may include your email, address, payment information, and more. Hackers could also infringe on your privacy, remotely controlling devices in your home or even spying on you through Wi-Fi connected security cameras.
How can I secure my Internet of Things?
There are a few different actions to take to secure your Internet of Things devices. You can use a secure router, enable two or multi-factor authentication on your devices, creating long, complicated and unique passwords for each device, and routinely perform security updates.
What does the Internet of Things include?
The Internet of Things includes a plethora of different devices like light bulbs, plugs, security cameras and systems, video doorbells, Bluetooth trackers, and more.