Today, the UK’s Department of Digital, Culture, Media and Sport (DCMS) announced the publication of its Security by Design report containing a proposed Code of Practice for Consumer IoT products. It details 13 steps to assure security including, no default passwords, implementing a vulnerability disclosure policy and ensuring software can be updated. Being part of the Expert Advisory Board for the report, the IoT Security Foundation (IoTSF) welcomes this development as it gives a strong message to industry about the importance of security for consumers and outlines the practical steps that need to be considered.
To further help vendors meet the technical requirements that align with the Code of Practice, IoTSF has mapped the security controls that are necessary from its freely available IoT Security Compliance Framework. The mapping is also published today in an application note which can be freely downloaded from the IoT Security Foundation website and is aimed at device manufacturers, IoT service providers, mobile application developers and retailers.
Professor Paul Dorey, chairman of IoTSF commented, “We welcome the publication of the DCMS Code of Practice launched today. We believe it helps vendors recognise the duty of care needed when producing connected products in clear and simple language which all can understand. To support the Code of Practice we have further outlined the technical elements necessary to meet both the Code of Practice and IoTSF’s Compliance Framework, which is intended for a more technical audience. We are therefore delighted to work with Government as a partner as achieving fit for purpose security across Internet-connected applications is a collaborative endeavour and this is a positive development.”
Margot James, Minister for Digital and the Creative Industries, said: “We want everyone to benefit from the huge potential of internet-connected devices and it is important they are safe and have a positive impact on people’s lives. We have worked alongside industry to develop a tough new set of rules so strong security measures are built into everyday technology from the moment it is developed. This will help ensure that we have the right rules and frameworks in place to protect individuals and that the UK continues to be a world-leading, innovation-friendly digital economy.”