UK Government opens £200k funding scheme to assess cyber security of office-based enterprise IoT products

A new funding scheme opened by the Department for Digital, Culture, Media and Sport (DCMS) will provide the successful bidder with £200,000 to research potential vulnerabilities in popular office-based Internet of Things devices.

Designed to better protect the UK’s businesses against cyber risks, the findings will help to make sure current security measures and guidance are robust enough to combat evolving threats, explains DCMS.

Organisations based in the UK can apply for funding to support research into the cyber security of office devices which can connect to the internet, such as cameras, printers, and room booking systems, to ensure they are cyber resilient and properly protected against hackers.

Smart devices in the workplace can collect sensitive data which can be accessed by other users, making them an attractive target for cyber criminals to exploit. While devices may have some protections built-in, products with poor cyber security can leave companies using them at risk.

For example, in 2019 Microsoft’s researchers found Russian hackers were compromising conference phones and office printers in organisations across many sectors, though Microsoft was able to successfully block the attacks before they could cause any damage.

The successful bidder will be awarded up to £200,000 to test popular devices and help identify if current security measures and guidance, such as international standards and NCSC device security principles.

“People less mindful of security risks posed by IoT devices”

Cyber minister Julia Lopez said: “Technology played a pivotal role in keeping British businesses going during the pandemic, helping the pivot to hybrid working and boosting productivity ever since.

“This research will ensure we have the right measures in place to protect our economy and keep our offices and workers safe from cyber security threats.”

Steven Furnell, IEEE Senior Member and Professor of Cyber Security at the University of Nottingham: “IoT devices have the potential to collect and access a large amount of personal information about users and sensitive data relating to their environment. Devices are often linked to the accounts that consumers use on other devices.

“The difference is that on these other devices they are more readily protected against unauthorised use. On the smart device people may set them up initially and forget that they are essentially ‘logged in’ all the time. Added to this, people are often less mindful of the security risks posed by IoT devices, as they do not necessarily think the devices as storing and communicating data in the same way as traditional computing devices.

“Most IoT devices are not doing any ongoing checks on who is using them, they are set up and can then be controlled equally by anyone, albeit maybe with a password or PIN required to get into the ‘Settings’ menu. However, introducing a check each time someone wants to do something would not be possible if we rely on traditional methods. Biometrics open the door to making the checks in a friendly and tolerable manner, with the potential for seamless transitioning between users of shared devices.”

Part of the UK National Cyber Strategy

The grant is part of the government’s £2.6 billion National Cyber Strategy to protect the UK from cyber threats and grow the digital economy. It is designed to support the UK’s objective to take the lead in the technologies vital to cyber power and secure the Internet of Things and connected technologies used by consumers and enterprises.

This work complements the Product Security and Telecommunications infrastructure bill (PSTI) going through parliament which aims to strengthens the cyber resilience of consumer IoT devices, such as smart speakers and smart TVs.

Applications will close on 28 October 2022 and all funding must be spent by 31 March 2023. Find out more about the application process, here.