Data and securityCyber SecurityGovernment and tech industry hold roundtable on IoT security

Government and tech industry hold roundtable on IoT security

As increasing numbers of IoT devices are brought, it is now more important than ever for industry and government to address the issue through the roundtable

The UK Department for Digital, Culture, Media & Sport (DCMS), the National Cyber Security Centre (NCSC) and consumer group Which? held a roundtable recently to discuss the cyber security of consumer smart products.

Chaired by Margot James MP, Minister for Digital and the Creative Industries, the purpose of the roundtable was to hear the steps manufacturers are taking to secure their products and drive the adoption of security good practice.

Attendees included senior representatives from leading IoT device manufacturers and retailers like Samsung, Philips, Panasonic, Miele, Legrand, Yale and Amazon.

IoT security

The UK Government takes the issue of IoT security seriously and is undertaking substantial work to protect consumers’ privacy and online security.

A press release from DCMS said: “As with all new technologies, there are risks. Right now, there are a large number of consumer IoT devices sold to consumers that lack even basic cyber security provisions. This situation is untenable. Often these vulnerable devices become the weakest point in an individual’s network, and can undermine a user’s privacy and personal safety. Compromised devices at scale can also pose a risk for the wider economy through distributed denial of service (DDOS) attacks such as Mirai Botnet in October 2016.”

Mirai scans the internet for IoT devices that run on the ARC processor. This processor runs a stripped-down version of the Linux operating system. If the default username-and-password combo is not changed, Mirai is able to log into the device and infect it.

The Mirai botnet employed a hundred thousand hijacked IoT devices to bring down Dyn.

Earlier this month, the DCMS had consulted with experts at the NCSC and across the public and private sector to determine which aspects of the Code of Practice for Consumer IoT Security should be made mandatory in the first instance, balancing the need to deliver an effective baseline that protects consumers whilst also minimising the additional burden on industry.

Following the consultation, the security label was proposed to be launched as a voluntary scheme to help consumers identify products that have basic security features and those that don’t.

Shared aim: Making smart products secure

It was clear from discussions at the roundtable that all participating manufacturers recognise the need to prioritise security in the design, development and ongoing support of their IoT products. Retailers in attendance highlighted the need for consumers to feel confident that the products they are purchasing are secure in order for the sector to thrive. The government has a shared aim to make it easier for consumers to use their smart products securely – reducing the burden to keep devices and personal data secure.

All of the firms in attendance committed to taking steps to ensure that effective security solutions are being implemented across IoT products on the market.

The government will continue to work closely with industry to move the sector to a place where implementation of good practice, such as set out by the Code of Practice for Consumer IoT security and the ETSI TS 103 645, is commonplace.

Not long ago, the House of Lords Communications Committee had recommended a new regulatory framework for digital services in the UK as part of the government’s Internet Safety Strategy.

Related Articles

New Army cyber operations centres for MOD

Cyber Security New Army cyber operations centres for MOD

3m Jay Ashar
Competing priorities biggest roadblock to cybersecurity

Cyber Security Competing priorities biggest roadblock to cybersecurity

3m Jay Ashar
Cybersecurity is a market for lemons

Cyber Security Cybersecurity is a market for lemons

3m Bernard Parsons
Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

3m Jay Ashar
Room for more cybersecurity over and above GDPR

Cyber Security Room for more cybersecurity over and above GDPR

5m Jay Ashar
AI support: Outnumbered but not outgunned

Cyber Security AI support: Outnumbered but not outgunned

5m Piers Wilson
A shot in the arm for Bristol's cybersecurity

Cyber Security A shot in the arm for Bristol's cybersecurity

5m Jay Ashar
How the UK’s cybersecurity skill shortage could affect the public sector’s resilience against the next WannaCry?

Cyber Security How the UK’s cybersecurity skill shortage could affect the public sector’s resilience against the next WannaCry?

6m Chris Huggett