Smart home devices could be secured under new laws

The measures would apply to everything from smart TVs through to home appliances and toys connected to the Internet of Things (IoT).

Following the Secure by Design Code of Practice, manufacturers would be required to fulfil three specific criteria to receive an approved IoT security label.

Initially, the scheme would be voluntary to help consumers, but the intention of the Government is to make it mandatory in the future.

Other options are also being discussed, including the possibility of forcing retailers not to sell products which don't follow the major requirements of the Code of Practice.

Protection against cyber attacks

This consultation aims to address the security vulnerabilities which may be putting UK networks at risk via the millions of smart items already in use across the country.

The Government wants to address the dangers posed by the Internet of Things, with one of the suggestions being a labelling system which tells customers what they're buying meets certain security criteria:

• Passwords on IoT devices must be unique and should not be able to reset to a universal factory setting
• Manufacturers must provide a public point of contact
• Manufacturers must explicitly state a minimum period where a device will continue to receive security updates

These measures would bring IoT devices into line with the Secure by Design Code of Practice which requires software to be built with a focus on minimising security vulnerabilities.

While labelling is evidently the Government's preferred option, they have also indicated that retailers could be mandated to only sell products which meet the criteria.

Why is this an issue?

More devices than ever are connected to the internet, with experts predicting there will be 320 million of them in the UK alone by 2022.

This includes wearable fitness monitors like the Fitbit Versa and through to smart energy meters and cars.

At the latest Consumer Electronics Show (CES), smart belts and even smart toilets were shown off to the world.

All this means there are more opportunities than ever for systems to be hacked and compromised, disrupting lives and making everyday activities risky.

Helping consumers choose gadgets that are as secure as possible will help maintain the security of the Internet of Things, and the Government has decided to step in.

Making the future secure

In recent years, there have been several examples of cyber attacks focusing on the Internet of Things rather than traditional hacking methods.

A distributed-denial-of-service (DDoS) attack in 2016 harnessed the power of smart appliances to send torrents of traffic to popular websites including Twitter, Netflix and Spotify.

These proposals by the Government follow a voluntary code of practice being published for manufacturers of smart gadgets in October 2018.

This incorporated the Secure by Design Code of Practice and HP and HIVE Centrica signed up at the time, with Panasonic backing the measures later.

By proposing labelling of devices, the Government are placing control in the hands of consumers and allowing them to make positive purchasing decisions.

However, cyber experts have warned that manufacturers may seek to dilute the strength of the regulations during the consultation phase, so it remains to be seen what the final proposal will look like.

The consultation is open for five weeks.