UK government proposes mandatory 'security' labels for smart devices
Most internet-connected (IoT) devices are vulnerable to hacking, and with over 40% of homes worldwide using at least one smart device, the risk of a cyberattack is high.
To curtail potential risks, the UK government has proposed a new Secure By Design code of practice that could see connected devices, like smart TVs, speakers, toys and watches, carry a security label to help inform consumers how easy (or difficult) they are to hack.
The labels, at first, will be introduced on a voluntary basis, but eventually will become mandatory. Products which fail to carry such labels could be banned, according to the new plans introduced by UK’s digital minister Margot James.
“Many consumer products that are connected to the internet are often found to be insecure, putting consumers privacy and security at risk,” James said. The proposed code of practice, which is currently being consulted on, is meant to ensure “products have safety features built in from the design stage and not bolted on as an afterthought”.
Stickler for security
The code also lays down three basic rules that the label will need to carry: consumers have to be told not to use identical passwords, they need to be informed how long the device will be supported with fresh software updates, and also provide a point of contact so users can report vulnerabilities.
It has also been proposed that retailers will be mandated to not sell any products that don’t meet the above standards.
The proposed regulations are aimed at preventing serious hacks, like distributed denial of service (DDoS) attacks, which the UK government said “pose a risk to the wider economy”.
To ensure the success of this scheme, the UK will need to work with international partners, especially for smart devices that have global distribution, but whether other countries will adopt a similar stance on protecting their citizens from cyberattacks remains to be seen.