UK government gains support from HP and Centrica on IoT device security guidelines

Internet of things IoTThe UK government has introduced a code dedicated to strengthening the security of internet-connected devices – with the number of devices in use across the country expected to grow to more than 420m within the next three years.

With the growing number of smart devices, such as virtual assistants, toys, watches, and alarm systems, fears around cybersecurity have been heightened. Therefore, in a bid to stop any potential large-scale breaches, the Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC) worked together to introduce a new Code of Practice for internet of things (IoT) security. The first companies to sign up to implementing the code are HP and British Gas owner Centrica.

“From smartwatches to children’s toys, internet-connected devices have positively impacted our lives but it is crucial they have the best possible security to keep us safe from invasions of privacy or cyberattacks,” said Minister for Digital Margot James. “The UK is taking the lead globally on product safety and shifting the burden away from consumers having to secure their devices.

“The pledges by HP Inc. and Centrica Hive Ltd are a welcome first step but it is vital other manufacturers follow their lead to ensure strong security measures are built into everyday technology from the moment it is designed.”

The new code, which is part of the government’s £1.9bn National Cyber Security Strategy, sets out thirteen guidelines that manufacturers of consumer IoT devices should implement in order to keep users of their products safe. Guidelines include the secure storage of personal data, regular software updates, no default passwords, and making easier for users to delete their personal data off products, among others.

In order to help manufacturers to implement the guidelines and follow in HP and Centrica’s footsteps, the government has also published a mapping document to ease them through the process.

“Cyber-crime has become an industry and IoT ‘endpoint’ devices increasingly constitute the frontline of cybersecurity. At HP, we are reinventing the state of the art in device security to address modern threats,” said George Brasher, UK managing director at HP. “We are delighted to be joining forces with the UK Government in our shared ambition to raise the bar broadly in consumer IoT device security, starting with the connected printers we are all used to at home.”

Seb Chakraborty, CTO at Centrica Hive, added: “Meeting the privacy and data protection expectations of our valued customers is a priority.

“We invest heavily in the security of our products and we are delighted to support government in this global step forward, building strong security measures into devices at the point of design.”

Alongside the Code of Practice, the government has also worked with the NCSC, as well as consumer groups and the industry, to develop guidance for consumers regarding smart devices in their homes.