The United Kingdom has been very pro-active in regulating the most important cybersecurity concerns. Bruce Schneier (Cyber Guru ) often suggests that it is time for the govt’s to act & regulate on the IoT devices. In recent times, U.K govt has done phenomenal job regulating following important security concerns.
- GDPR (General Data protection regulation)
- The UK sets new cyber security standard for self-driving vehicles.
- Code of Practice for IoT devices
Apart from regulations, The significant part is that UK govt partner with private companies to come up with solutions. Many govt’s hesitate to take other stakeholders onboard.
Who are the audiences of Code of Practice regulation?
- Device Manufacturer
- IoT Service Providers
- Mobile Application Developers
So, What are the security Concerns on IoT devices?
- Consumer privacy: Many devices are more of spy devices & keep track of every user movement, private conversation, video recording etc. Experts tell us that Privacy isn’t a right anymore in today’s world & We should get over it. However, It can still be controlled with the right tools.
- Consumer security: Biggest concern is that consumer security. The more you can connected the more you are vulnerable. Unlock home, remotely hacking home video, smart TV etc are normal nowadays.
- Unsecured manufacturing & Retailing: Most of the IoT devices are unsecured. And, Organizations has huge controlled on it. A consumer does not have the authority to ask for more security. If someone can unlock the door because of misconfiguration, Manufacturer & service providers are not liable.
- Used these unsecured devices in large hacking (i.e DDOS): You might be familiar with distributed denial of service. These IoT devices help to achieve that.
Code of Practice regulation applies in following types of devices
- Connected children’s toys and baby monitors
- Connected safety-relevant products such as smoke detectors and door locks
- Smart cameras, TVs and speakers
- Wearable health trackers
- Connected home automation and alarm systems
- Connected appliances (e.g. washing machines, fridges)
- Smart home assistants
Code of Practice Guidelines
- No default passwords
- Implement a vulnerability disclosure policy
- Keep software updated
- Securely store credentials and security-sensitive data
- Communicate securely
- Minimize exposed attack surfaces
- Ensure software integrity
- Ensure that personal data is protected
- Make systems resilient to outages
- Monitor system telemetry data
- Make it easy for consumers to delete personal data
- Make installation and maintenance of devices easy
- Validate input data