The UK government on Wednesday announced plans to introduce new laws for internet connected devices to better enforce the inclusion of basic cybersecurity features into IoT devices. Measures will include labeling requirements — from the press release: “The Government will be consulting on options including a mandatory new labeling scheme. The label would tell consumers how secure their products such as ‘smart’ TVs, toys and appliances are. The move means retailers will only be able to sell items with an Internet of Things (IoT) security label.”
— The government has narrowed its plans to three security requirement: 1) IoT device passwords must be unique and not resettable to any universal factory setting; 2) Manufacturers of IoT products provide a public point of contact as part of a vulnerability disclosure policy; 3)
Manufacturers explicitly state the minimum length of time for which the device will receive security updates through an end of life policy.
— Mandating retailers: Also considered is mandating retailers “to not sell any products that do not adhere to the top three security requirements of the Code.”
Follow CircleID on Twitter
Read more here:: feeds.circleid.com/cid_sections/news?format=xmlPosted on: May 1, 2019