myLawrd

UK introduces cybersecurity bill to harden standards for IoT devices

The United Kingdom (UK) government has introduced a new cybersecurity bill to bring in tough standards with heavy fines for those who fail to comply. The bill will also eradicate default passwords and force companies to be more transparent to customers regarding security fixes.

According to the proposed law, companies could face fines up to £10 million or 4% of their global turnover if they fail to meet the standards. The bill follows a 2019 consultation and a 2020 call for views. Noting the importance of the step, it observes that the notorious ‘Mirai’ botnet left much of the US East Coast without Internet after infecting 300,000 products such as routers and smart cameras and using them to attack major internet platforms and services.

The Proposed Law

The bill in the discussion here is the Product Security and Telecommunications Infrastructure (PSTI) Bill. The Department for Digital, Culture, Media & Sports (DCMS) introduced the bill in Parliament on Wednesday.

At the moment, device makers only have to ensure that devices don’t cause harm to people because of overheating, electric shock, or sharp components. The new bill proposes to extend that responsibility and force device makers to protect consumers from cybersecurity/ data breaches.

The new bill will ensure that:

The proposed bill will bring within its purview smartphones, connected cameras, TVs, speakers, children’s toys and baby monitors, connected door locks, IoT base stations and hubs, wearable devices, connected appliances like washing machines and fridges, as well as smart home assistants.

Product Security Factsheet

A product security factsheet accompanies the UK cybersecurity bill. Besides recognising the impact of the Mirai botnet, it also makes the following observations:

Source: UK Govt.

Do subscribe to our Telegram group for more resources and discussions on tech-law & policy. To receive weekly updates, don’t forget to subscribe to our Newsletter.

Exit mobile version