The UK Department for Digital, Culture, Media and Sport (DCMS) is consulting on regulatory proposals regarding consumer Internet of Things security. The UK Government takes the issue of consumer IoT Security very seriosuly and recognize the urgent ned to improve the security for these devices for the cosumer. The consumer is always the weakest link when it comes to IoT Security.
Experts Comments:
Peter Carlisle, Vice President at nCipher Security:
Consumers and businesses are discovering and benefiting from the opportunities the IoT provides each day. Yet, IoT devices have also become one of the most vulnerable entry points for attackers. The IoT exposes consumers and businesses to new security vulnerabilities due to its increased network connectivity and the devices within it not being secured by design. It is so vast and complex that finding data protection solutions which can span across the entire network, providing scalable encryption key management and not impeding data analytics can be a serious challenge.
By encouraging ‘Security by Design’ and introducing a new labelling system to tell users whether an IoT device can be trusted, the proposed legislation signals a positive step in the right direction. It could ensure that security is baked into IoT devices, protecting both businesses and consumers from the offset and going a step further than the voluntary “code of practice” announced last year.
After all, when it comes to cybersecurity prevention is always better than a cure.”
Jake Moore, Cyber Security Specialist at ESET:
“This is an extremely productive and positive step proving that the government is listening to the cyber security industry and prioritising the safety of its users.
“IoT devices having unique passwords by default would have an immense effect on the protection of not only the devices, but it could also thwart other attacks such as DDOS, which affects thousands of sites around the world. Even though it will help people immediately “out of the box”, in turn it will help raise cyber awareness on the power of security updates and having a point of contact to turn to in desperate times. This proposed law could even have a knock on effect on other lines of defence. Making devices two factor authenticated by default could be the next step which would provoke another monumental change in protection of the public.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.