IoTSecurity: IoT Code of Practice by UK Govt

The United Kingdom has been very pro-active in regulating the most important cybersecurity concerns. Bruce Schneier (Cyber Guru ) often suggests that it is time for the govt’s to act & regulate on the IoT devices. In recent times, U.K govt has done phenomenal job regulating following important security concerns.

Apart from regulations, The significant part is that UK govt partner with private companies to come up with solutions. Many govt’s hesitate to take other stakeholders onboard.

Who are the audiences of Code of Practice regulation?

  • Device Manufacturer
  • IoT Service Providers
  • Mobile Application Developers
  • Retailers

So, What are the security Concerns on IoT devices?

  • Consumer privacy: Many devices are more of spy devices & keep track of every user movement, private conversation, video recording etc. Experts tell us that Privacy isn’t a right anymore in today’s world & We should get over it. However, It can still be controlled with the right tools.
  • Consumer security: Biggest concern is that consumer security. The more you can connected the more you are vulnerable. Unlock home, remotely hacking home video, smart TV etc are normal nowadays.
  • Unsecured manufacturing & Retailing: Most of the IoT devices are unsecured. And, Organizations has huge controlled on it. A consumer does not have the authority to ask for more security. If someone can unlock the door because of misconfiguration, Manufacturer & service providers are not liable.
  • Used these unsecured devices in large hacking (i.e DDOS): You might be familiar with distributed denial of service. These IoT devices help to achieve that.

Code of Practice regulation applies in following types of devices

  • Connected children’s toys and baby monitors
  • Connected safety-relevant products such as smoke detectors and door locks
  • Smart cameras, TVs and speakers
  • Wearable health trackers
  • Connected home automation and alarm systems
  • Connected appliances (e.g. washing machines, fridges)
  • Smart home assistants

Code of Practice Guidelines

  1. No default passwords
  2. Implement a vulnerability disclosure policy
  3. Keep software updated
  4. Securely store credentials and security-sensitive data
  5. Communicate securely
  6. Minimize exposed attack surfaces
  7. Ensure software integrity
  8. Ensure that personal data is protected
  9. Make systems resilient to outages
  10. Monitor system telemetry data
  11. Make it easy for consumers to delete personal data
  12. Make installation and maintenance of devices easy
  13. Validate input data

Reference

https://www.gov.uk/government/publications/secure-by-design/code-of-practice-for-consumer-iot-security

Advertisements


Categories: Cyber Security, Internet of things, IoT Regulation, IOT security, security policy

Tags: , , , , ,

1 reply

Trackbacks

  1. CyberNews: British Airways faces £183 million for data breach – Cyber Security: Awareness is the key

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.