UK starts count down to connected security regulations
The countdown has begun for a new regime setting the minimum security standards for all consumer products with internet connectivity in the UK.
The UK says it will be the first country in the world to introduce these protections which come into force on April 29th 2024.
The Product Security and Telecommunications Infrastructure (Product Security) Regime (PSTI) will require manufacturers to implement minimum security standards on all consumer products with internet connectivity such as smartphones, smart speakers, games consoles, and smart doorbells before they can be made available for purchase.
The new measures will introduce a series of improved security protections to tackle the threat of cyber crime including the banning of universal default and easily guessable default passwords on consumer connectable products and increased manufacturer transparency on how long products will receive security updates for. This will provide standardised security information to better inform consumer purchasing decisions.
Manufacturers will be required to make customers aware of a product’s security update support period before allowing product purchases on the manufacturer’s website, while device manufacturers will be required to publish contact information to allow vulnerabilities relating to their devices to be reported.
“The NCSC welcomes these new standards which will put security at the heart of technology design and ensure the connected devices that consumers rely on daily are secure from the outset,” said National Cyber Security Centre (NCSC) CEO Lindy Cameron. “The NCSC will continue to support manufacturers in implementing the necessary changes with advice like our recently published Secure by Design guidelines.”
If a product is being purchased directly from a manufacturer’s website, the measures will require its support period to be clearly advertised alongside the usual product specifications. The UK government is also engaging with online marketplaces in preparation for the changes, exploring how they can work to complement these changes and further protect consumers.
“The IoT Security Foundation welcomes this announcement as it brings important cybersecurity assurance to consumers and the networks they connect to, worldwide. It is the culmination of a lot of hard work and determination by many stakeholders, over several years, including consultations with our members,” said co-founder and managing director of the IoT Security Foundation, John Moor.
“Regulation is notoriously difficult to get right, especially as the nature of cyber-attacks change and new vulnerabilities are discovered over time. The PSTI regime not only includes requirements that help address immediate challenges, but its method also anticipates the need for new requirements to be added without stifling innovation or adding unwelcome business costs,” he added.
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
