UK Introduces New Cybersecurity Legislation for IoT Devices

UK Introduces New Cybersecurity Legislation for IoT Devices

The UK government has today introduced new legislation to Parliament that aims to better protect consumers’ IoT devices from hackers.

The Product Security and Telecommunications Infrastructure (PSTI) Bill places new cybersecurity standards on manufacturers, importers and distributors of internet-connectable devices, such as phones, tablets, smart TVs and fitness trackers. The legislation will also apply to products that can connect to multiple other devices but not directly to the internet, like smart light bulbs and smart thermostats.

These requirements include banning universal default passwords, forcing firms to be transparent about actions they are taking to fix security flaws in their products and creating a better public reporting system for any vulnerabilities discovered. In addition, these companies will have a duty to investigate compliance failures, produce statements of compliance and maintain appropriate records of this.

Failure to comply could result in heavy fines issued by a new regulator – up to £10m of 4% of their global turnover, as well as up to £20,000 a day in the case of an ongoing contravention. The regulator will also be given the power to require firms to comply with the security requirements, recall their products or stop selling or supplying them altogether. The legislation is further bolstered by the fact ministers will be able to mandate further security requirements as new threats emerge.

The legislation comes amid the surging use of IoT devices, with an average of nine in every UK household. Unsurprisingly, these devices have become increasingly targeted by cyber-criminals in recent years. For example, e ..

Support the originator by clicking the read the rest link below.