Government Promises IoT Security Enforcement Body

A new enforcement body could have the power to ban, recall or destroy insecure consumer IoT products, according to the latest government plans.

The UK is looking to take a global lead on IoT security with proposed legislation first published at the start of the year.

In an update yesterday it revealed that a new body would be set up to enforce the law, with powers to: temporarily ban sales while a product is tested, permanently ban insecure products and serve recall notices.

Under the proposals, it could also be granted the power to apply for a court order to confiscate or destroy a dangerous product or issue fines against the manufacturer.

Earlier in the year, the government revealed that the law will mandate three main security requirements for all smart gadgets sold in the UK.

These are: unique device passwords which are not resettable to factor defaults, a public point of contact at the manufacturer to report bugs to and clearly visible information stating the minimum length of time updates will be available for.

It remains to be seen how the UK would actually enforce a ban on the sale of non-compliant IoT kit, especially products manufactured abroad and sold online, as most are.

That hasn’t stopped the government trumpeting its efforts as a leader in this area: it claimed to have been instrumental in helping to develop the recently announced global ETSI standard for consumer smart devices.

The government is now requesting feedback from industry stakeholders to help it shape the final enforcement approach.

“Consumer IoT devices are increasingly delivering on their potential to improve consumers’ lives, with smart speakers, activity trackers and smart kitchen appliances a few notable examples,” said techUK CEO Julian David. “However, poor security practices have consistently slowed the adoption of these devices, acting as a barrier to UK citizens reaping the benefits of the latest innovations and products.”

What’s Hot on Infosecurity Magazine?