A proposal from the U.K. government stated that insecure IoT devices that are used in households and businesses could be banned from sale or removed from the market if they fail to meet the basic security standards. The new security regulations are intended to protect the digital infrastructure from the evolving cyberattacks on connected devices.
The U.K.’s Department for Digital, Culture, Media, and Sport (DCMS) and the National Cyber Security Centre (NCSC) have chalked three security requirements that IoT manufacturers need to comply with if they want to sell their devices in the country. Initial non-compliance may lead to a fine or penalties using civil enforcement, however, continued non-compliance may lead to criminal action in accordance with the scale of the offence.
The proposed security requirements include:
- Ban universal default passwords in consumer smart products
- Implement a means to manage vulnerability reports
- Provide transparency on for how long, at a minimum, the product will receive security updates
However, the government is also seeking feedback and suggestions from IoT manufacturers on the proposed regulations to collectively enhance IoT security.
“Manufacturers do not embed even the most basic approaches to cybersecurity into their products, leaving consumers unnecessarily exposed to a range of harms. Most consumers overwhelmingly assume that products available in store and online are safe by default; the reality is that a number of insecure consumer smart products remain stocked on our shelves,” said, Matt Warman, Minister for Digital Infrastructure.
“The government’s intention is to design future-proofed legislation that will remain relevant amidst the rapid pace of technological change and innovation across the consumer smart product sector. The government will therefore seek to design this legislative framework so that it could be rapidly updated as necessitated by the evolution of the consumer smart product landscape, in consultation with relevant stakeholders,” Warman added.
IoT Devices to Dominate the Market
Earlier, a research by Transforma Insights revealed that the number of active IoT devices globally is expected to grow from 7.6 billion in 2019 to 24.1 billion in 2030, thereby generating revenue of more than $1.5 trillion, at 11% CAGR. The findings also stated that North America, China, and Europe are expected to have a lion’s share in this growth of IoT devices with 26%, 24%, and 23% respectively of the total value.