The UK Government’s Department for Digital, Culture, Media & Sport (aka Ministry of Fun) has announced plans to introduce new laws governing internet-connected devices, i.e. Internet of Things.
Given that there have been some high-profile instances involving connected toys and cameras, this is welcome news. In a perfect world, users should be educated in the basics of IT security such as changing the default password, but sadly it’s case of getting a gadget out of the box and setup as fast as possible.
The Government is consulting on a “Secure by Design” initiative which intends for basic cyber security features to be built into products and for consumers to get better information on how secure the devices are.
Much like food packaging or the energy ratings on white goods, the Government is proposing a mandatory labelling scheme that states the security level of the gadget. Only goods with the applicable “IoT” label could be legally sold in the UK.
The consultation proposes three essential requirements for internet-connected gadgets.
- Device passwords must be unique without any standard factory setting
- The minimum duration for which the device will receive security updates must explicitly stated
- A public point of contact as part of a vulnerability disclosure policy must be given
Point 3 isn’t directly for consumers but rather for security researchers who will be able to directly contact organisations about security issues. All of these points will be a significant deterrent to the “cheap’n’cheerful” IoT gadgets that typically come in from China with zero support.
Overall, this is a very welcome consultation and I would encourage readers to review the proposals and feedback on the options. This is very much about protecting ourselves and our families and reducing the risk of being hacked. For too long, manufacturers have got away with having little responsibility for their devices after they’ve been bought and these ideas address that balance.
If you want to know more on the consultation and comment on the proposals, it’s over here.
Photo by Dan LeFebvre on Unsplash.
The so-called Internet of Things is bringing more and more connected devices into our lives. And as the market for these smart gadgets continues to expand, one question seems to be on everyones minds; How will all of these different products communicate with each other? Some manufacturers have developed their own proprietary products and tools to ensure their own devices will play nicely together. But what if you want smart lightbulbs made by Company X and a smart security system made by Company Y? Will it be necessary to have one “command center” on your network just for each company’s products?
The Internet of Things and by extension, the connected home, is here. But is the world really ready for every facet of our daily lives to be connected to the internet? That smart toaster that notifies you via smartphone when your breakfast is ready might be a cool, convenient addition to your kitchen. But it’s a potential attack vector for hackers to breach your home network. And while it may be nothing more than a harmless prank for a hacker to reset your IoT-connected toaster to the “scorched earth” setting, the reality of this kind of security breach is much worse. Once an experienced hacker gets in thru the toaster, the home security system or front door lock could be their next targets.
The Internet of Things is made up of several smart devices and appliances. The trick is to figure out what to do with this technology to make it work best for you in your home. CentraLite is “the man behind the curtain” that makes the IoT devices for a lot of companies that you have heard of.