Monday 17 April 2023

Bill to ensure safety of IoT products becomes law


The Product Security and Telecommunications Infrastructure Act 2022 has now been enacted into law having received Royal Assent on 6th December 2022.

The new law applies to all consumer IoT products, including:

  • connected safety-relevant products such as smoke detectors and door locks
  • connected home automation and alarm systems
  • Internet of Things base stations and hubs to which multiple devices connect
  • smart home assistants
  • smartphones
  • connected cameras

Consumer connectable products, such as those listed above offer huge benefits for people and businesses to live better-connected lives with a lower carbon footprint. It is a rapidly growing area of emerging technology: forecasts suggest that there could be up to 50 billion connectable products worldwide by 2030, and on average there are nine in each UK household.

However, the adoption of cyber security requirements within these products is poor, and while only 1 in 5 manufacturers embed basic security requirements in consumer-connectable products, consumers overwhelmingly assume these products are secure. 

However, whilst connectable consumer products have previously had to comply with existing regulations to ensure that they will not directly cause physical harm from issues such as overheating, environmental damage or electrical interference, they have not been regulated to protect consumers from cyber harm such as loss of privacy and personal data. To close this regulatory gap, the Product Security and Telecommunications Infrastructure Act 2022 has now been enacted into law.

The Product Security and Telecommunications Infrastructure Act 2022 requires manufacturers, importers, and distributors to ensure that minimum security requirements are met in relation to consumer-connectable products that are available to consumers and provides a robust regulatory framework that can adapt and remain effective in the face of rapid technological advancement, the evolving techniques employed by malicious actors, and the broader international regulatory landscape.


 
Secure Connected Device accreditation for IoT products

The national police security initiative, Secured by Design (SBD), launched the Secure Connected Device accreditation scheme in 2022 in response to the pending legislation, coupled with growing demand from industry and current members seeking to gain SBD accreditation for IoT products.

The SBD Secure Connected Device accreditation scheme, developed in consultation with the Department for Digital, Culture, Media & Sport (DCMS), helps companies to get their products appropriately assessed against all 13 provisions of the ETSI EN 303 645 standard, a requirement that goes beyond the Government’s legislation so that companies can not only demonstrate their compliance with the legislation but protects them, their products and customers.

The SBD Secure Connected Device IoT Assessment identifies the level of risk associated with an IoT device and its ecosystem, providing recommendations on the appropriate certification routes with one of the SBD-approved certification bodies. 

Once third-party testing and independent certification for a product has been achieved, the company can apply to become an SBD member, with the product receiving the SBD’s Secure Connected Device accreditation, a unique and recognisable accreditation that will highlight products as having achieved the relevant IoT standards and certification.

Why is the Secure Connected Device accreditation for IoT products important?

The risk of a cyber attack or breach against an IoT device can be reduced as SBD-accredited devices have been tested to ensure they have been built to the required security standards.

The Secure Connected Device accreditation is the only way for companies to obtain police recognition for the security of their IoT products in the UK.

SBD continually monitors national crime trends to keep pace with changing patterns of criminal behaviour and new technology, ensuring that standards are updated to reflect these changes.

View from the expert

Michelle Kradolfer is the Internet of Things (IoT) Technical Officer at Police CPI and the lead for Secured by Design’s Secure Connected Devices accreditation. Michelle graduated from University with a Master of Cyber Crime and Digital Investigation (with Distinction) and has worked at INTERPOL, with the Research and Innovation team within the Cyber Innovation & Outreach Directorate, as well as a Cyber Development Officer with the Police Digital Security Centre.


Michelle said:
“Without the appropriate levels of security, any internet-connected device or app is at risk of providing cyber criminals with a key to enable them to access and steal personal data. It is therefore vitally important to ensure that all IoT products have the right level of security in place to protect consumers and reduce the risk of them falling victim to cybercrime. Adverse publicity due to a cyber incident could be catastrophic to the reputation of the product and company. 
“Compliance with the ‘Secure Connected Device’ accreditation sends a clear message to the wider industry of the importance of IoT security and companies accredited to this new SBD standard will lead by example and be at the forefront of the IoT revolution and in doing so will help to keep their customers and the public safer from the risk of a cyber breach”.
The Police Preferred Specification

SBD has operated an accreditation scheme on behalf of the UK Police Service for products or services that have met recognised security standards for nearly 25 years. These products or services – which must be capable of deterring or preventing crime - are known as being of a ‘Police Preferred Specification’.

There are many hundreds of companies that produce thousands of individual attack-resistant crime prevention products, in more than 30 different categories, which have met the exacting standards of the Police Preferred Specification. This includes doors, windows, external storage, bicycle and motorcycle security, locks and hardware, asset marking, alarms, CCTV, safes, perimeter security products, and many others.

SBD is the only way for companies to obtain police recognition for security-related products in the UK.

Find out more on SBD’s Secure Connected Device accreditation at www.securedbydesign.com/Internet-of-Things





Why not Sign-up to Receive these Articles by Email each Day on our newsfeed site

>> Scroll down to read more articles like this which have been published recently on this blog <<

You can also read additional current and archived articles on our dedicated magazine website

Low Cost and Free Publicity - Your company can easily benefit from some publicity like the posts above for a contribution towards our layout costs (£75 to £95 plus VAT), payable in advance or you can receive the service absolutely free of charge if you advertise (see below).

We post articles up to twice a day and never delete them - we only archive them each year so that they continue to remain visible to search engines.

To have your story published - just send us your news item, logo and image(s) and we will review the material, make any necessary changes to the wording / wordcount and then advise you when it will be published.

If you are a regular advertiser in our printed and online publications, placing series bookings for adverts or subscribing to our VIP Packages, you will qualify for a specific number of free postings on this blog while you continue to advertise with us. See our media pack for more details.

Also, if you purchase one of our Online and Print Combo packages, Featured Articles or Advertorial packages shown in our media pack, posting on this blog is included in the price.

For details and rates for all of our advertising options in print and online, download our media pack contact us or visit our website.

Door Industry Journal is a trading style of Avalon Innovations LLP - Company No. OC364751

No comments: