Manufacturers of smart wearables and internet enabled devices, commonly known as the Internet of Things (IoT), are going to be expected to build in further security measures in the future to prevent cyber threats and exploitation.
This has potentiality been on the horizon for some time now, as the infamous Dyn DDoS attack of 2016 was orchestrated by hackers exploiting internet enabled devices.
Victims included smart fridges, clever thermostats, and internet enabled cat flaps.
The “Security by Design” review recommends a range of security and preventative measures to protect individuals’ data, privacy, and safety is instilled at the core of product design and manufacture — not as an afterthought.
Botnet attacks are a growing concern, as they are a proven method to disable infrastructures, and internet enabled devices are growing in popularity.
While large attacks on corporations and networks is a concern, users can be directly affected by someone accessing their smart watch, smart fitness monitor, or home CCTV network.
The full review aims to provide practical guidance for manufacturers to follow, including fundamentals such as:
• All devices out of the box to have unique passwords, and not to be set to a factory default.
• Software should be automatically updated on devices.
• Consumers can completely remove their personal data from devices and products.
The review also proposes a consumer friendly product labelling system, so as well as comparing factors such as water resistance, battery life, RAM, and processor capability, consumers will be able to compare product security features in a similar fashion.
This step will also lead to a more educated and security savvy consumer market.
That said, the more the consumer demands the technology, prices will inevitably start to rise, so the additional cost of implementing these technologies should be driven down by competitiveness in the market place.
The full draft policy can be read here, and the Government are currently asking for feedback (cut-off date April 25th).