Governance
UK launches first IoT security law
The Product Security and Telecommunications Infrastructure (PSTI) of the United Kingdom has introduced the world’s first law to legally mandate cybersecurity standards for IoT devices, aiming to shield consumers from cyber threats and boost the nation’s resilience against rising cybercrime. The new …
Headline
The Product Security and Telecommunications Infrastructure (PSTI) of the United Kingdom has introduced the world’s first law to legally mandate cybersecurity standards for IoT devices, aiming to shield consumers from cyber threats and boost the nation’s resilience against rising…
Context
The Product Security and Telecommunications Infrastructure (PSTI) of the United Kingdom has introduced the world’s first law to legally mandate cybersecurity standards for IoT devices, aiming to shield consumers from cyber threats and boost the nation’s resilience against rising cybercrime. The new laws, which came into force this Monday, require manufacturers to build security protections into any product with internet connectivity, such as prohibiting easy-to-guess passwords on IoT devices, like “admin” or “12345”.
Evidence
Pending intelligence enrichment.
Analysis
Also read: What is the most prevalent cyber threat from IoT devices? Also read: What are two major concerns regarding IoT devices? Manufacturers are also required by the new regime to publish vulnerability disclosure policies for reporting security flaws, state minimum periods for providing security updates and provide mechanisms for securely updating software. “From today, consumers will have greater peace of mind that their smart devices are protected from cyber criminals, as we introduce world-first laws that will make sure their personal privacy, data, and finances are safe,” stated Viscount Camrose, Minister for Cyber.
Key Points
- The UK has become the first country to legally mandate cybersecurity standards for IoT devices. The new laws, which came into force on April 29, aim to shield consumers from cyber threats and boost the nation’s resilience against rising cybercrime.
- Manufacturers are required to build security protections and hard-to-crack passwords, publish vulnerability disclosure policies for reporting security flaws, state minimum periods for providing security updates and provide mechanisms for securely updating software.
- The automotive industry was not included in the new regime and the government is now pursuing alternative cybersecurity regulations specific to internet-connected vehicles.
Actions
Pending intelligence enrichment.
