The UK government will introduce new laws to protect smart home device users from cyber attacks.
The Department for Digital, Culture, Media and Sport (DCMS) is drawing up plans to boost security standards in internet-connected household devices, the government announced this week.
The idea is to realign the standards required from companies that manufacture and sell smart devices, in order to protect the consumers that buy them.
Related: Best vacuum cleaner
All consumer smart devices will be required to adhere to three security requirements designed for the Internet of Things (IoT):
- All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting
- Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability, which is to be acted on in a timely manner
- Manufacturers of consumer IoT devices must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online
The DCMS developed these plans in conjunction with the National Cyber Security Centre and the business industry.
The aim is to turn these three rules into legislation, forcing smart device manufacturers to adopt new, tougher practices that protect consumers without stifling the long term growth of IoT.
The UK will liaise with international partners to ensure these guidelines remain consistent with the global approach to IoT security practices.
Related: Best VPN
“We want to make the UK the safest place to be online with pro-innovation regulation that breeds confidence in modern technology”, said UK Digital Minister Matt Warman.
“Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety. It will mean robust security standards are built in from the design stage and not bolted on as an afterthought”.
The government says it hopes to deliver the new legislation as soon as possible.