Notice Board
Brisant Secure adds smart lock to Secured by Design range
» THE ULTION NUKI PLUS HAS successfully achieved the SBD Secure Connected Device accreditation , an SBD membership requirement for any IoT connected product or service to have achieved .
Founded in 2013 , Brisant Secure took the market by storm with built-in real-life security standards based on consumer expectations that redefined security in the hardware industry . The Ultion family of locks offers homeowners the very best in security and protection .
Nick Dutton , CEO of Brisant Secure , said : “ At Brisant , it ’ s all about making people feel safe , whether it ’ s protecting their home from break-ins or guarding against cyber threats . This new accreditation shows that we ’ re serious about keeping up with both physical and digital security , and we ’ re proud to offer homeowners a smart lock that truly does both .”
The Product Security and Telecommunications Infrastructure Act became law in December 2022 , with compliance with the law mandated by 29th April 2024 . The law requires manufacturers , importers and distributors to ensure that minimum security requirements are met in relation to consumer connectable products such as connected cameras , door locks and alarm systems .
The legislation covers the following three main security features :
• Consumer IoT devices will not be allowed to have universal default passwords
• Consumer IoT devices will have to have a vulnerability disclosure policy
• Consumer IoT devices will need to disclose how long they will receive software updates
The robust regulatory framework within the law contains an enforcement regime with civil and criminal sanctions aimed at preventing insecure products being made available on the UK market within it . This enforcement regime enables the government to take a range of actions against companies that are not compliant with the law . This includes :
• Enforcement Notices : Compliance notices , Stop notices and Recall notices
• Monetary penalties : the greater of £ 10 million or 4 % of the company ’ s qualifying worldwide revenue
• Forfeiture : of stock which is in the possession or control of any manufacturer , importer or distributor of the products , or an authorised representative
These minimum security requirements contained within the law are based on the UK ’ s Code of Practice for Consumer IoT security , the leading global standard for consumer IoT security ETSI EN 303 645 , and on advice from the UK ’ s technical authority for cyber threats , the National Cyber Security Centre .
The regime will also ensure other businesses in the supply chains of these products play their role in preventing insecure consumer products from being sold to UK consumers and businesses .
How can SBD ’ s Secure Connected Device accreditation help with compliance ?
» SECURED BY DESIGN ’ S ( SBD ) Secure Connected Device accreditation , developed in consultation with the Department for Science , Innovation and Technology ( DSIT ), helps companies to get their products appropriately assessed against all 13 provisions of the ETSI EN 303 645 standard , a requirement that goes beyond the Government ’ s PSTI Act legislation so that companies can not only demonstrate their compliance with the legislation but help protect themselves , their products and customers . It is a unique and recognisable accreditation that highlights products as having achieved the relevant IoT standards and certification .
The SBD Secure Connected Device IoT Assessment identifies the level of risk associated with an IoT device and its ecosystem , providing recommendations on the appropriate certification routes with one of the SBD approved certification bodies . Once third-party testing and independent certification for a product has been achieved , the company can apply to become SBD members , with the product receiving the SBD ’ s Secure Connected Device accreditation .
In addition , the Secure Connected Device accreditation ensures compliance with evolving government requirements and cyberthreats , via an annual appraisal .
Compliance with the Secure Connected Device accreditation also sends a clear message to the wider industry of the importance of IoT security and companies accredited to this SBD standard will lead by example and be at the forefront of the IoT revolution and in doing so will help to keep their customers and the public safer from the risk of a cyber breach .
The Secure Connected Device accreditation is the only way for companies to obtain police recognition for the security of their IoT products in the UK .
To start the SBD Secure Connected Device accreditation process or find out more , visit www . securedbydesign . com / IoT
14
NOVEMBER 2024
locksmithjournal . co . uk Issue Sponsor