The UK’s Department of Digital, Culture, Media and Sport (DCMS) has published its Security by Design report containing proposed IoT security guidelines.
The UK’s Department of Digital, Culture, Media, and Sport (DCMS) has announced the publication of its Security by Design report. The report contains a proposed Code of Practice for consumer IoT products.
Among its recommendations to ensure security is a ban on default passwords, mandated firmware and software updates, and the implementation of a vulnerability disclosure policy. The IoT Security Foundation (IoTSF) says they welcome the report and its recommendations and appreciate the strong message it sends to industry about how crucial the security of IoT devices is and what they need to consider to achieve it.
“We welcome the publication of the DCMS Code of Practice launched today. We believe it helps vendors recognize the duty of care needed when producing connected products in clear and simple language which all can understand. To support the Code of Practice we have further outlined the technical elements necessary to meet both the Code of Practice and IoTSF’s Compliance Framework, which is intended for a more technical audience. We are therefore delighted to work with Government as a partner as achieving fit for purpose security across Internet-connected applications is a collaborative endeavor and this is a positive development,” said Professor Paul Dorey, chairman of IoTSF.
See also: IoT security vulnerabilities are driving people away?
To further assist manufacturers and vendors in meeting the technical requirements that adhere to the Code of Practice recommendations, the IoTSF has detailed the necessary security controls from its publically accessible IoT Security Compliance Framework. The details have been published in an application note that can be downloaded from the IoT Security Foundation website. It’s designed for IoT device makers, retailers, application developers and service providers.
The Security by Design Report and proposed Code of Practice can be found here. The IoT Security Foundation Compliance Framework can be found here.