UK sets forth a Code of Practice for secure IoT for connected devices and smart homes

IoT security concerns moving forward. As IoT continues to move into homes, the UK Department for Digital, Culture, Media & Sport (DCMS), with the National Cyber Security Centre (NCSC), has published an updated guide on Gov.UK outlining a Code of Practice for consumer development of Internet of Things (IoT) products. It lays out 13 guidelines for IoT manufacturers, service providers, app developers, and retailers intended to improve the security of consumer IoT products and associated services. The aim is to protect consumer privacy and safety, plus mitigate the threat of Distributed Denial of Service (DDoS) hacking attacks which have vectored in on products from the simple–children’s toys–to the more complex systems in smart homes, home automation including security systems, and health trackers. Following the Code of Practice may also help with data compliance, notably the EU General Data Protection Regulation (GDPR).

The thirteen guidelines range from eliminating default passwords that have to be reset by the consumer (which usually doesn’t happen) to ensuring software integrity and system resilence.

DCMS has pledged to revisit the Code every two years. Comments may be made to securebydesign@culture.gov.uk. What’s missing, of course, are two things: an enforcement mechanism and a comparable code of practice for commercial use.