Smart products and the Internet of Things (IoT) are to be supported by a programme that aims to boost the development of the market of assurance schemes for consumers.
The assurance schemes should help demonstrate that a device has been independently tested or has been through a robust and accredited self-assessment process.
- Innovators encouraged to bid for funding to help security assurance of consumer smart devices
- Pot of £400k to support the market of industry-led assurance schemes for rapidly growing Internet of Things sector
- Smart device owners urged to change default passwords and regularly update apps and software
It means manufacturers can choose from a variety of schemes to demonstrate their product has undergone independent testing or a robust self-assessment process in line with the government's Code of Practice for Consumer IoT Security.
It should also help retailers make sure they are stocking secure internet-connected devices.
Research points to 75 billion internet-connected devices, such as televisions, cameras, home assistants and their associated services, in homes around the world by the end of 2025.
Digital minister Matt Warman said: “We are committed to making the UK the safest place to be online and are developing laws to make sure robust security standards for consumer internet-connected products are built in from the start.
“This new funding will allow shoppers to be sure the products they are buying have better cybersecurity and help retailers be confident they are stocking secure smart products.
“People should continue to change default passwords on their smart devices and regularly update the software to help protect themselves from cybercriminals.”
The move, led by the Department for Digital, Culture, Media and Sport (DCMS), comes as the government is progressing legislation to bring into law minimum security requirements for smart devices.
The laws announced earlier this year will make sure all consumer smart devices sold in the UK adhere to the three rigorous security requirements:
- Device passwords must be unique and not resettable to any universal factory setting
- Manufacturers must provide a public point of contact so anyone can report a vulnerability
- Manufacturers must state the minimum length of time for which the device will receive security updates.
The government is working in partnership with other governments and global standards bodies, such as ETSI, to drive a consistent, global approach to the cybersecurity of smart devices.