Smart devices that can monitor everything from your fridge temperature to your heartbeat whilst exercising and then send this data to an app on your smartphone are no longer in the realm of science fiction and are being used by more and more of us every day.
This IOT (Internet of Things) technology takes the use of the Internet beyond just passing data back and forth and means that real-world physical devices can be measured and even controlled remotely. The use of IOT is growing exponentially with the average UK home now containing 9 such connected devices, and the forecast is that by 2030 there could be up to 50 billion such products being used Worldwide.
While this technology has undoubtedly improved our lives drastically, there are some significant risks that are often not even considered by the user.
In the first half of 2021, there were 1.5 Billion attempted compromises of IOT devices (double the 2020 figure) and the rate of incidents is growing all the time. Users’ data and even identities can be subject to theft from the use of such devices with inadequate security in place. The average consumer purchasing a modern IOT device is often of the belief that if the product is available for sale, then it must be safe when in fact many are not.
To take steps to address this, the UK Government has introduced a new law which will require manufacturers, importers and distributors of digital technology which connects to the internet or other products to make sure they meet new cyber security standards – with significant fines for those who fail to comply.
The PSTI (Product Security and Telecommunications Infrastructure Bill) was introduced to Parliament at the end of 2021 and is currently at the report stage in the House of Lords with the aim to have the bill in effect by the end of 2022.
The bill will apply to the entire IOT industry including manufacturers, importers, and retailers of foreign-manufactured devices. Some of the new standards that will come into effect for manufacturers include:
- Banning easy-to-guess default passwords
- Security update and patch communication to new customers
- Providing a public point of contact for users to report flaws and bugs
The new bill will be overseen by a regulator who will have the power to fine companies for non-compliance up to £10 Million or four percent of their global turnover.
Devices that the bill will apply to will include:
- TVs, cameras, speakers
- Home automation and alarm systems
- Wearable fitness trackers
- Connected children’s toys and baby monitors
To accommodate businesses wanting to ensure that their IOT devices being used and sold will be compatible with upcoming legislation the British Standards Institute (BSI) have expanded its offering to include IOT testing and now offer a specific Kitemark for such devices.
This sets the trend for the future, and as the devices that we use daily to gather, process and manage our data continue to expand and evolve then the laws required to regulate them will have to evolve to offer maximum protection also. It will then be crucial for companies involved with such technologies to ensure that they are utilising the best testing and compliance procedures to meet the demands of any upcoming regulations.
Vassallo Associates can advise on all aspects of business processes, and information security. Contact us today for a free, no-obligation assessment of how we can assist you.