We’ve got gadgets and gizmos aplenty …..
At the end of November, the UK government introduced their new, updated Product Security and Telecommunications Infrastructure Bill (PTSI). The Bill is in two parts: product security, which provides a minimum baseline for compliance with security requirements to IoTs (Internet of Things) and telecommunications infrastructure.
Part 1 essentially means that manufacturers of IoTs ((e.g. smart TVs, smart speakers, toys, wearables, smart appliances and other connectable gizmos and gadgets) will have to ensure that internet connected devices are more secure against cyber attacks and protect your privacy.
Default, factory set, weak password will no longer be allowed and all relevant devices will have to have unique passwords that cannot be reset to the factory default.
If products that are sold in the UK do not meet the baseline security requirements, then they cannot be sold. This includes transparency about security flaws and fixes and the creation of a better public reporting system for vulnerabilities found in those products.
Heavy fines will be issued to those companies that fail to comply – these have been set at £10million or up to four per cent of an organisation’s global revenue. In addition, manufacturers of internet connectable devices must provide a point of contact so that anyone can report a security vulnerability and be assured that it will be acted on in a timely manner. These reports of security vulnerabilities must be published publicly.
Manufacturers must also explicitly state the minimum length of time for which the device will receive security updates at point of sale, either in store or online. If the device cannot receive updates or patches, this must be declared.
These product security measures come after talks and engagement with several groups, including the National Cyber Security Centre, tech and retail industry stakeholders, consumer groups and academia.
The DCMS has set out how it sees Part 2 of the Bill, Telecommunications Infrastructure tackle many of the issues with the Electronic Communications Code through a range of measures that are designed to foster more collaborative and quicker negotiations and better working relationships between mobile operators and landowners.
The legislation is the first step in shoring up security on smart devices and is designed to be adapted over time so that it remains effective. We’ve got gadgets and gizmos aplenty, whozits and whatzits galore – and now, finally, they may be much more secure than before!