COMMERCIAL SECURITY
> Continued from page 40 >
The legislation covers the following three main security features :
- Consumer IoT devices will not be allowed to have universal default passwords This makes it easier for consumers to configure their devices securely to prevent them being hacked by cyber criminals - Consumer IoT devices will have to have a vulnerability disclosure policy This means manufacturers must have a plan for how to deal with weaknesses in software which means it ’ s more likely that such weaknesses will be addressed properly - Consumer IoT devices will need to disclose how long they will receive software updates This means that software updates are created and released to maintain the security of the device throughout its declared lifespan
The robust regulatory framework within the law contains an enforcement regime with civil and criminal sanctions aimed at preventing insecure products being made available on the UK market within it . This enforcement regime enables the government to take a range of actions against companies that are not compliant with the law . This includes : - Enforcement Notices : Compliance notices , Stop notices and Recall notices - Monetary penalties : the greater of £ 10 million or 4 % of the company ’ s qualifying worldwide revenue - Forfeiture : of stock which is in the possession or control of any manufacturer , importer or distributor of the products , or an authorised representative
These minimum security requirements contained within the law are based on the UK ’ s Code of Practice for Consumer IoT security , the leading global standard for consumer IoT security ETSI EN 303 645 , and on advice from the UK ’ s technical authority for cyber threats , the National Cyber Security Centre .
The regime will also ensure other businesses in the supply chains of these products play their role in preventing insecure consumer products from being sold to UK consumers and businesses .
Secured by Design ’ s ( SBD ) Secure Connected Device accreditation , developed in consultation with the Department for Science , Innovation and Technology ( DSIT ), helps companies to get their products appropriately assessed against all 13 provisions of the ETSI EN 303 645 standard , a requirement that goes beyond the Government ’ s PSTI Act legislation so that companies can not only demonstrate their compliance with the legislation but help protect themselves , their products and customers . It is a unique and recognisable accreditation that highlights products as having achieved the relevant IoT standards and certification .
In addition , the Secure Connected Device accreditation ensures compliance with evolving government requirements and cyberthreats , via an annual appraisal .
For further information on products and services available from Abloy UK , and how its solutions can help your business reduce energy consumption and implement sustainable security and access control , visit https :// bit . ly / 4dEDmay call 01902 364 500 , or email info @ abloy . co . uk
42
MAY 2024
locksmithjournal . co . uk