The UK and Singapore have signed a partnership agreement on embedding security in the internet of things (IoT).
It is part of the wider strategic partnership on areas of common interest, and derives from both wanting to ensure that internet connected devices have security built in by design.
It was signed by David Koh, chief executive of the Cyber Security Agency of Singapore, and Ciaran Martin, chief executive of the UK National Cyber Security Centre.
Both countries have committed to promoting good practice as set out in relevant industry global standards. The announcement highlighted three factors, including discontinuing the most blatant security shortcomings such as the use of universal default passwords.
The others are to normalise vulnerability disclosure processes across the IoT industry, so that researchers can report security vulnerabilities and manufacturers respond quickly; and to encourage the development of software security updates to protect the technical ecosystem through the entire lifetime of IoT products. The latter should involve manufacturers defining a support period for fixing vulnerabilities.
Serious risk
In an NCSC blogpost accompanying the announcement, Martin says: “The growth of internet enabled devices poses a serious security risk. Without a way for consumers to judge the security of the products they buy, millions of interconnected devices and the data they contain could be vulnerable to cyber attacks.
“The security-by-design UK-Singapore IoT statement will drive improvements in the security of smart consumer products.”
Image from NCSC