The National Cyber Security Centre ('NCSC') published, on 20 October 2022, Lindy Cameron's, CEO of the NCSC, speech on the security of the Internet of Things ('IoT') sector and smart cities at Singapore International Cyber Week. In particular, the NCSC stated that Cameron emphasised the importance of connected technologies being made 'secure by design' to shield against attacks and vulnerabilities that might be exploited in connected ecosystems. In this regard, Cameron highlighted the pressing need for securing the IoT sector, the risks associated with their use of IoT systems in connected ecosystems, and the UK's approach in doing so. In this regard, Cameron noted that a specific area the UK government has focused on is securing foundations by building resilient semiconductors. 

Furthermore, Cameron noted the following key standards and legislation relevant to securing IoT systems:

• a 13-point Code of Practice developed for the IoT industry in 2018, with the goal of creating a more easily manageable cybersecurity picture for connected technology, so called 'secure by default', influencing design of IoT from the start;
• the ETSI Standard on Connected Product Security; EN 303 645;
• the UK Product Security and Telecommunications Infrastructure Bill, seeking to enshrine in law the 'secure by design' principles, which is currently making its way through Parliament; and
• the 'Connected Places Cyber Security Principles', issued by the NCSC, which outlines how governments and organisations can securely design, manage, and build smart cities.

You can read the press release here and the speech here.