The Department for Digital, Media, Culture and Sport (DCMS) has urged manufactures of consumer devices for the internet of things (IoT) to follow a set of 13 guidelines to support cyber security in the sector.
It has published a code of practice along with an announcement that HP and Centrica Hive have become the first two companies to commit to its guidelines.
While the move is focused on the consumer IoT market, it can take in elements of assistive technology – such as virtual assistants – that are attracting increasing interest in health and social care.
The code has been developed with the National Cyber Security Council (NCSC) as part of the National Cyber Security Strategy.
The 13 guidelines are:
- avoid the provision of default passwords for devices;
- implement a vulnerability disclosure policy to help security researchers;
- keep software updated;
- securely store credentials and security-sensitive data;
- communicate securely, with data being encrypted in transit;
- minimise exposed attack surfaces such as unused ports on devices;
- ensure software integrity through verification using secure boot mechanisms;
- ensure that personal data is protected;
- make systems resilient to outages;
- monitor system telemetry data for security anomalies;
- make it easy for consumers to delete personal data;
- make it easy to install and validate devices;
- and validate input data.
Minister for Digital Margot James, said: “The UK is taking the lead globally on product safety and shifting the burden away from consumers having to secure their devices.
“The pledges by HP Inc. and Centrica Hive Ltd are a welcome first step but it is vital other manufacturers follow their lead to ensure strong security measures are built into everyday technology from the moment it is designed.”
DCMS said there are expected to be more than 420 million internet connected devices in use across the UK within the next three years. Poorly secured devices can leave people exposed to security issues and even large scale cyber attacks.
Image: Detail of code of practice cover, GOV.UK, Open Government Licence v3.0