UK Gov makes bold steps to tackle long-ignored security problem
The issue of digital security is one which has been long-running and frequently brushed aside. While it is now generally accepted 100% secure is an impossible ambition, embedding security into the building blocks of every product or service is a way to mitigate as much risk as possible. This idea has also been aired numerous times, with little apparent action, though new Code of Practice aims to correct this oversight.
“From smartwatches to children’s toys, internet-connected devices have positively impacted our lives but it is crucial they have the best possible security to keep us safe from invasions of privacy or cyber-attacks,” said Minister for Digital, Margot James. “The UK is taking the lead globally on product safety and shifting the burden away from consumers having to secure their devices.”
“With the amount of connected devices we all use expanding, this world-leading Code of Practice couldn’t come at a more important time,” said Ian Levy, the NCSC’s Technical Director. “The NCSC is committed to empowering consumers to make informed decisions about security whether they’re buying a smartwatch, kettle or doll. We want retailers to only stock internet-connected devices that meet these principles, so that UK consumers can trust that the technology they bring into their homes will be properly supported throughout its lifetime.”
As it stands, the digital world is not secure. Innovation is progressing at an exciting speed, though advancements in security or even investments in security departments and products, are not keeping pace. The world is currently sleep-walking into a digital environment tailor made for hackers and other nefarious actors to thrive in. These individuals might be in the vast minority, but that does not make the threat any less real.
The new guidelines are as follows:
1. No default passwords
2. Implement a vulnerability disclosure policy
3. Keep software updated
4. Securely store credentials and security-sensitive data
5. Communicate securely
6. Minimise exposed attack surfaces
7. Ensure software integrity
8. Ensure that personal data is protected
9. Make systems resilient to outages
10. Monitor system telemetry data
11. Make it easy for users to delete personal data
12. Make installation and maintenance of devices easy
13. Validate input data
Should the UK Government and the NCSC be able to nudge manufacturers into maintaining these principles, protections will certainly increase. This is not to say everything will be rosy, but by ensuring security is more than an afterthought in the design and manufacturing process, the right foundations are set.
“This government initiative is exactly what many in the industry have been craving for years,” said John Smith of CA Veracode. “Manufacturers have not really felt any market pressure to improve the security of these devices because consumers still have a lack of understanding of the security implications of IoT devices. Providing concrete guidance to manufacturers while also raising public awareness of these issues can only help address the gap that currently exists. It’s not just about the hardware anymore, it’s about the software behind it, and it’s really encouraging to see that the UK government wake up to the potential vulnerabilities in consumer IoT devices.”
These ideas are not new, more it is promising to see proactive action from the Government. Security experts have long discussed the merit of building security into the foundations of products, for example, Rik Ferguson of Trend Micro has previously suggested an official badge or certification for products which have been designed with the right security protocols and concepts in mind, similar to batteries. People don’t need to know the process of achieving the validation, but a properly audited process can provide peace of mind for the consumer.
However, it is critical the process is embraced by the majority and soon becomes an industry standard. Energy company Centrica has become one of the first to embrace the guidelines with its Hive smart energy devices, while HPE has also committed. This is a good start, and potentially sets the ball rolling for a process which is more official. Right now, the Code of Practice is voluntary.
Security has long been an ignored issue in the industry, mainly because it is incredibly difficult to deal with. If companies were honest with consumers about the threats of the digital economy, many would be turned off from taking more of their lives online. At least there is some positive action to addressing the significant problem of cybersecurity.
Müəllif
Metbuat.az
Qaynar xətt
0552252950
Həmçinin oxu
Süni intellekt üçün internet “Bakcell”dən
en.ictnews.az
DİGƏR XƏBƏRLƏR
Daha çox »Top xəbərlər
Layihələr
Son xəbərlər
Polad Həşimovun şəhadətə ucalmasından altı il ötür
Bu gün
·
00:12
İnsanlara güvənməyən ən şübhəçil 5 bürc
Bu gün
·
00:12
Azərbaycanda nə qədər ev ipotekadadır?
Dünən
·
23:55
D-8 Media Mükəmməllik Mərkəzinin strategiyası təqdim olundu
Dünən
·
23:53
Ən uzunömürlü 5 balıq: 200 ildən çox yaşayırlar
Dünən
·
23:52
ABŞ Hörmüzdə keçidlərin təhlükəsizliyini təmin edəcək - Tramp
Dünən
·
23:49
10 Avropa ölkəsi Antiballistik Raket Koalisiyası qurdu
Dünən
·
23:15
Bu tarixi sizin qədər bilən ikinci bir şəxs çətin ki, tapılsın - Prezidentdən Mirşahinə
Dünən
·
22:53
"Real"da Vinisiusun aqibəti bəlli oldu
Dünən
·
22:35
Peter Pelleqrini Azərbaycana rəsmi səfərə gəldi
Dünən
·
22:03
Pambıqdan yüngül planet kəşf edildi
Dünən
·
21:49
Bizim daxili risklərimiz yoxdur, bütün təhdidlər sərhədlərimizdən kənarda yaranır - İlham Əliyev
Dünən
·
21:16
Ərəblərdən ulduz futbolçuya təklif
Dünən
·
21:10
Azərbaycanın bu şəhərində evlər kütləvi satışa çıxarılır
Dünən
·
20:56
“Qalatasaray”da Sançes böhranı: gedir?
Dünən
·
20:51