New standards and legislation for IoT devices cybersecurity are announced

Internet-connected devices have dramatically burst into multiple aspects of our lives, a situation that has taken even the most prominent cybersecurity experts by surprise, whose expectations about the use of this technology have been left far behind.

The new calculations mention that by 2025, there will be more than 75 billion active Internet of Things (IoT) devices worldwide. While it is increasingly common to find homes with smart speakers or security cameras with WiFi connection, many ignore the great challenge behind the usage of this technology: users’ security.

John Moor, director of the non-governmental organization IoT Security Foundation, has been raising concerns about the large-scale use of these devices and their consequent cybersecurity issues for more than five years, with special emphasis on common legal frameworks and minimum protection requirements.

Although this awareness-raising effort has taken years of hard work and collaboration with cybersecurity firms and other NGOs, it seems governments are finally listening to them, as the United Kingdom legislative system is in the process of passing a bill to set some security standards that IoT device manufacturers will meet in the near future. Broadly speaking, the law consists of three main points:

  • Setting a unique password for each device, in addition to remove the universal factory reset
  • Manufacturers will need to create a public contact medium for reporting security vulnerabilities affecting IoT devices
  • Manufacturers must set a minimum period for the release of updates to their devices

The best part is that these points were developed by British lawmakers in conjunction with specialists from the National Cybersecurity Centre and representatives of the most relevant private companies, so not a single element of this legislation has been proposed on an impromptu manner. “Our intention is that the United Kingdom will be, in a couple of years, the safest place to use IoT devices,” said Matt Warman, Minister of the UK Department for Digital, Culture, Media and Sport.

Manufacturers that do not meet the law that is about to be passed could face severe economic sanctions and even a ban on operations throughout British territory. This is an energetic step towards creating a complete cybersecurity environment, experts consider.