UK: Government announces plans for new cybersecurity law to protect smart devices from cyberattacks
The Department for Digital, Culture, Media & Sport ('DCMS') announced, on 21 April 2021, Government plans for a new cybersecurity law to protect smart devices from cyberattacks, as part of releasing results of the Government public consultation on smart device cybersecurity. In particular, the Government outlined that it is planning to change the law to make smart products, such as televisions, cameras, and household appliances which connect to the internet, more secure for individuals to use. More specifically, the new Secure by Design legislation will ensure virtually all smart devices meet the following new requirements, among others:
- customers must be informed at the point of sale the duration of time for which a smart device will receive security software updates, by Apple Inc., Samsung Electronics Co., Ltd., Google LLC, and other manufacturers;
- a ban on manufacturers using universal default passwords, such as 'password' or 'admin,' that are often preset in a device's factory settings and are easily guessable; and
- manufacturers will be required to provide a public point of contact to make it simpler for anyone to report a vulnerability.
Lastly, the Government intends to introduce legislation as soon as parliamentary time allows.
In addition, the Government published two further research reports which provide supporting evidence for the new law.
You can read the DCMS press release here, the Government results of the public consultation here, the UK Code of Practice for Consumer IoT Cyber Security report here, and the Consumer Attitudes Towards IoT Security report here.