The U.K. government is proposing new legislation aimed at improving security of Internet of Things devices.
Digital minister Margot James MP revealed the draft law on Wednesday as part of the government’s efforts to protect millions of internet-connected devices from cyberattacks.
The law will mandate that internet-connected devices, like smart thermostats, appliances and webcams, must be sold with a unique password.Advertisement
Botnets typically rely on default passwords that are hardcoded into devices when they’re built that aren’t later changed by the user. By selling a device with a unique password, it significantly slows down cybercriminals from scanning the internet and automatically logging into devices with a default password, often to launch distributed denial-of-service attacks.
Top UK Tech News and Reviews
On a massive scale, botnets operating thousands of hijacked Internet of Things devices entire websites offline. Two years ago, the Mirai botnet briefly downed Dyn, a networking company that provides domain name service to major sites. That outage knocked dozens of major sites offline — like Twitter, Spotify and SoundCloud.
The new U.K. law will also mandate device makers to provide a public point of contact to allow hackers and security researchers submit flaws and vulnerabilities.
And device makers will have to tell consumers for how long each device will receive security updates.
The law, if passed, would create a labeling scheme for consumers to easily see devices that are “Secure by Design,” said James, giving consumers greater confidence that the devices land with a baseline level of security out of the box.
“Many consumer products that are connected to the internet are often found to be insecure, putting consumers privacy and security at risk,” said James. “Our code of practice was the first step towards making sure that products have security features built in from the design stage and not bolted on as an afterthought.”
- Cyber Security A to Z
- Defence secretary invests £22m into cyber centres to ‘put the Army at the forefront of information warfare’
- Snapchat Privacy Error Concerns About Insider Threats
- New York Department of Financial Services Has Opened Cybersecurity Unit
- South Staffordshire need a technology and transformation leader