DCMS has announced that it plans to introduce new legislation to protect users of Internet of Things (“IoT”) household devices from cyber threats through heightened security requirements.
The proposed legislation includes the following security requirements:
- any password for consumer internet-connected devices must be unique and there must not be an option to reset to a universal factory setting;
- manufacturers of consumer IoT devices will be required to provide a public point of contact to allow reporting of any vulnerability discovered, such reports to be acted on in a “timely manner”; and
- at the point of sale, it must be clearly stated the minimum length of time for which manufacturers will provide security updates for consumer IoT devices.
The timescale for the introduction of such rules is not yet clear, but it is clear that those in the IoT space will need to watch out for further updates.