IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
James Moore is the Managing Editor of IFSEC Insider, the leading online publication for security and fire news in the industry.James writes, commissions, edits and produces content for IFSEC Insider, including articles, breaking news stories and exclusive industry reports. He liaises and speaks with leading industry figures, vendors and associations to ensure security and fire professionals remain abreast of all the latest developments in the sector.
The Product Security and Telecommunications Infrastructure (PSTI) Bill is designed to better protect citizens, networks and infrastructure against threats from insecure consumer connected products, as well as to support the future rollout of 5G networks and gigabit-capable broadband.
Figures show that 49% of residents have purchased at least one smart device since the COVID-19 pandemic began, while 57% reported an increase in their household use of internet connected devices.
However, industry professionals and security experts have been warning for years about the potential vulnerabilities in poorly protected consumer products – often due to a lack of standards, regulation and password security – which could leave them open for easy cyber-attacks.
Part 1 of the Bill is focused on making consumer IoT products more secure, following engagement with the National Cyber Security Centre, tech and retail industries, consumer groups and academics.
It proposes three key measures:
Ensure that consumer connectable products, such as smart TVs, internet-connectable cameras and speakers, are more secure against cyber-attacks
Require manufacturers, importers and distributors to comply with new security requirements relating to consumer connectable products
Create an enforcement regime with civil and criminal sanctions aimed at preventing insecure products being made available on the UK market
The requirements, to be set out in regulations, will:
Ban default passwords
Require products to have a vulnerability disclosure policy
Require transparency about the length of time for which the product will receive important security updates
The Department for Digital, Culture, Media & Sport (DCMS) believes that while IoT consumer products offer huge benefits, the adoption of cyber security measures and requirements in these products is poor. According to research, only one in five manufacturers embed basic security protocols in their products.
The legislation will apply to manufacturers, importers and distributors. Those affected will be given 12 months’ notice following Royal Assent of the Bill to comply and adjust their business practices before the legislative framework comes into full force.
Part two of the bill will focus on telecommunications infrastructure, such as supporting the quick and efficient rollout of 5G networks and optimising existing infrastructures.
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Promises to better protect UK consumers against insecure IoT products with launch of Product Security and Telecommunications Infrastructure BillThe Product Security and Telecommunications Infrastructure Bill is designed to better protect citizens against threats from insecure IoT products.
James Moore
IFSEC Insider | Security and Fire News and Resources
Related Topics
Violent criminals pose more threat to UK company security than other European countries, according to report
Physical security incidents cost companies $1 trillion in 2022, according to new report