Security by Design, a new report from the UK’s Department for Digital, Culture, Media and Sport (DCMS) proposes a Code of Practice for consumer Internet of Things (IoT) devices.
The most important, and interesting, part of the report is the ‘proposed code of practice for security in consumer IoT products and associated services.’
It details 13 steps for assuring that security is incorporated by design in newly developed IoT devices.
An IoT device is defined as a physical device, vehicle, home appliance, or other item with embedded electronics, software, sensors, actuators and/or connectivity which enables said device to exchange data.
To read the full report, including the 13 steps, click here.
Mark James, ESET IT Security Specialist, explains his thoughts on the report and why ‘security by design’ is so important for IoT devices.
“Security by design is a fantastic concept, when delivered correctly. It helps the user understand the requirements and encourages them to make the right decisions to ensure their safety and the safety of others is maintained at all times.
“The biggest issues for the consumer are not knowing they need protecting and understanding what they need protecting from.
“It’s not always easy to get this across so if we can implement measures from the ground up to take some of the decisions away from the user and have them “auto” or “default” then achieving that security will certainly be much easier.
“Two of the biggest issues we face with IoT devices are default passwords and keeping the product actively maintained and updated. If we could just solve those two issues, we will certainly be a lot more secure.
“The end user often does not understand the need to close these massive fissures in IoT security so if given the choice will often go for price or convenience over security.
“Of course for all this to work we have to maintain the “plug and play” aspect, that could be a stumbling block. Ensuring something is easy to install, reasonably priced and secure at the same time may not be as simple as it sounds.”
What do you think of the proposed code of practice? Let us know on Twitter @ESETUK.