The UK Government has implemented a new law to bolster security for internet-connected devices, commonly known as ‘smart’ gadgets, found in our homes.
Due to a growing number of these devices and the security vulnerabilities they possess, a rising number of cybercriminals are exploiting these products to infiltrate home networks in search of private data.
Key provisions of the new law
The new law, the Product Security and Telecommunications Infrastructure (PSTI) regime, mandates three crucial requirements for manufacturers:
- Stronger Password Protocols: Manufacturers must ensure secure passwords by eliminating blank or easily guessable defaults like “12345” or “admin.”
- Clear Bug Reporting: Businesses must establish a clear and accessible process for users to report security vulnerabilities or “bugs” discovered within their devices.
- Transparent Support Lifespan: Manufacturers and retailers are now obligated to inform consumers about the duration of support, including software updates, provided for the purchased device.
Failure to comply with these minimum requirements can result in fines for manufacturers.
Benefits for consumers and businesses
The government hails this legislation as a world-first, promoting consumer and business protection against cybercrime in the UK. With over half of UK households owning smart TVs and voice assistants, safeguarding these interconnected devices is paramount.
Industry reactions
Security experts welcome the new law. Sarah Lyons of the National Cyber Security Centre emphasises the importance of manufacturers taking responsibility for ongoing protection against cyberattacks in their products.
Ken Munro, a security researcher, views the law as a positive step. He highlights the potential benefit of comparing support lifespans when purchasing smart devices, as a longer period might indicate a manufacturer’s commitment to cybersecurity.
Consumer groups like Which? acknowledge the law’s potential to provide vital consumer protections. However, they emphasise the need for strong enforcement measures against manufacturers who disregard the regulations.
Overall, this new UK law represents a significant step towards a more secure digital environment for homes filled with smart devices. Increased transparency from manufacturers and the ability for consumers to make informed choices will ultimately contribute to a more secure and cyber-resilient future.