Are Cyber Criminals Hiding in your Fridge?
The Internet of Things
The Internet of Things (IoT) is a term used to describe the network of physical devices, vehicles, home appliances, and other items embedded with sensors, software, and network connectivity that enables them to collect and exchange data. Essentially, the IoT refers to a vast array of everyday objects that are connected to the internet and can communicate with each other and with humans, including, but not limited to:
- Connected safety-relevant products such as smoke detectors and door locks
- Connected home automation and alarm systems
- Internet of Things base stations and hubs to which multiple devices connect
- Smart home assistants
- Smartphones
- Connected cameras
- Connected fridges, washers, freezers, coffee machines
Risks
With forecasts suggesting that there could be up to 50 billion connectable products worldwide by 2030, and on average nine in each UK household, IoT is quickly becoming a staple of modern life.
However, the adoption of cyber security requirements within these products is poor, and while only 1 in 5 manufacturers embed basic security requirements in consumer connectable products, consumers overwhelmingly assume these products are secure.
Whilst connectable consumer products have previously had to comply with existing regulation to ensure that they will not directly cause physical harm from issues such as overheating, environmental damage or electrical interference, they have not been regulated to protect consumers from cyber harm such as loss of privacy and personal data. To close this regulatory gap, the Product Security and Telecommunications Infrastructure Act 2022 has now been enacted into law.
The Law
The Product Security and Telecommunications Infrastructure Act 2022 is a recently passed law which:
- Requires manufacturers, importers and distributors to ensure that minimum security requirements are met
- Provides a robust regulatory framework that can adapt and remain effective in the face of changes
- Requires product compliance by 29th April 2024
Secured Connected Devices
The national police security initiative, Secured by Design (SBD), launched the Secure Connected Device accreditation scheme in 2022 in response to the pending legislation, coupled with a growing demand from industry and current members seeking to gain SBD accreditation for IoT products.
The SBD Secure Connected Device IoT Assessment identifies the level of risk associated with an IoT device and its ecosystem, providing recommendations on the appropriate certification routes with one of the SBD approved certification bodies.
Read More
Find out more about the SBD Secure Connected Device accreditation.
For more information on The Product Security and Telecommunications Infrastructure Act 2022, read the full article here.