Editor, IFSEC Global

Author Bio ▼

James Moore is the Editor of IFSEC Global, the leading online publication for security and fire news in the industry. James writes, commissions, edits and produces content for IFSEC Global, including articles, breaking news stories and exclusive industry reports. He liaises and speaks with leading industry figures, vendors and associations to ensure security and fire professionals remain abreast of all the latest developments in the sector.
December 14, 2021

Sign up to free email newsletters

Download

The 2022 State of Physical Access Control Report

Legislation

Promises to better protect UK consumers against insecure IoT products with launch of Product Security and Telecommunications Infrastructure Bill

The Product Security and Telecommunications Infrastructure (PSTI) Bill is designed to better protect citizens, networks and infrastructure against threats from insecure consumer connected products, as well as to support the future rollout of 5G networks and gigabit-capable broadband.

IanAllenden-Alamy-SmartHomeThe “groundbreaking plans”, officially announced in April 2021, are a response to the growing concerns of potentially vulnerable and unprotected consumer connected smart devices and IoT products now in the UK market.

The Product Security and Telecommunications Infrastructure Bill is currently at its second reading stage in the House of Commons of the UK legislative process.

Figures show that 49% of residents have purchased at least one smart device since the COVID-19 pandemic began, while 57% reported an increase in their household use of internet connected devices.

However, industry professionals and security experts have been warning for years about the potential vulnerabilities in poorly protected consumer products – often due to a lack of standards, regulation and password security – which could leave them open for easy cyber-attacks.

According to Kaspersky, research shows that there were 1.5 billion attacks against IoT products in the first six months of 2021 – a 100% increase on the same period in 2020.

Product security measures

Part 1 of the Bill is focused on making consumer IoT products more secure, following engagement with the National Cyber Security Centre, tech and retail industries, consumer groups and academics.

It proposes three key measures:

  • Ensure that consumer connectable products, such as smart TVs, internet-connectable cameras and speakers, are more secure against cyber-attacks
  • Require manufacturers, importers and distributors to comply with new security requirements relating to consumer connectable products
  • Create an enforcement regime with civil and criminal sanctions aimed at preventing insecure products being made available on the UK market

The requirements, to be set out in regulations, will:

  • Ban default passwords
  • Require products to have a vulnerability disclosure policy
  • Require transparency about the length of time for which the product will receive important security updates

The Department for Digital, Culture, Media & Sport (DCMS) believes that while IoT consumer products offer huge benefits, the adoption of cyber security measures and requirements in these products is poor. According to research, only one in five manufacturers embed basic security protocols in their products.

The legislation will apply to manufacturers, importers and distributors. Those affected will be given 12 months’ notice following Royal Assent of the Bill to comply and adjust their business practices before the legislative framework comes into full force.

Part two of the bill will focus on telecommunications infrastructure, such as supporting the quick and efficient rollout of 5G networks and optimising existing infrastructures.

Find out more about the Product Security and Telecommunication Infrastructure Bill.

Read IoT expert and member of the IoT Security Foundation, Sarb Sembhi’s thoughts on the bill, from last year: The impact of IoT security for consumer devices

Subscribe to the IFSEC Global weekly newsletter

Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Global's essential weekly newsletter. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.

Sign up now!

man reading a tablet, probably the IFSEC Global newsletter

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments