Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Essential Retail Magazine, you agree to our use of cookies.

Okay, I understand Learn more

UK govt in internet-connected consumer device security push

The UK government has published new measures to help manufacturers boost the security of internet-connected devices such as home alarm systems, fridges and toys.

A new Code of Practice has been developed with industry with the aim of improving the cybersecurity of devices, encouraging innovation in new technologies and keeping consumers safe. Tech companies HP and Centrica Hive are the first organisations to sign up to commit to the code.

In a statement released on Sunday (14 October), the Cabinet Office and Department for Digital, Culture, Media & Sport (DCMS) said there is expected to be more than 420 million internet-connected devices in use across the UK within the next three years. It added that poorly secured devices such as virtual assistants, toys and smartwatches can leave and have left people exposed to security issues and even large scale cyberattacks.

DCMS and the National Cyber Security Centre (NCSC) have already set out plans in a ‘Secure by Design’ review to embed security in the design process of new technology rather than bolt it on as an afterthought.

Cabinet Office minister David Lidington said: “Our National Cyber Security Strategy sets out our ambitious proposals to defend our people, deter our adversaries and develop our capabilities to ensure the UK remains the safest place to live and do business online.

“Tech companies like HP and Centrica Hive are helping us put in place the building blocks we need to transform the UK’s cybersecurity.”

He added that the UK is leading the way internationally with the Code of Practice, which outlines 13 guidelines that manufacturers of consumer devices should implement into the design of their products to ensure users’ security. These include secure storage of personal data, regular software updates, no default passwords, and making it easier for users to delete their personal data off the product.

Dr Ian Levy, the NCSC’s technical director, commented: “With the amount of connected devices we all use expanding, this world-leading Code of Practice couldn’t come at a more important time.

“The NCSC is committed to empowering consumers to make informed decisions about security whether they’re buying a smartwatch, kettle or doll. We want retailers to only stock internet-connected devices that meet these principles, so that UK consumers can trust that the technology they bring into their homes will be properly supported throughout its lifetime.”

The government has also published a mapping document to make it easier for other manufacturers to follow in HP’s and Centrica Hive’s footsteps. More work is under way to develop regulation that will strengthen the security of internet-connected consumer products.

George Brasher, HP’s UK managing director, remarked: “Today we design our commercial products with security built-in not bolted on, not only designed to protect, but also to detect and self-heal from cyberattacks.

“Government’s desire to make connected devices as safe and secure as possible. We will continue to work with government to develop these proposals and ensure the transformative potential of the Internet of Things is delivered safely for everyone.”

Centrica Hive has committed to ensure that all new devices designed and manufactured from 1 January 2021 will adhere to the 13 guidelines set out in the Code of Practice.