The Department of Digital, Culture, Media & Sport (DCMS) introduced a new cyber law to protect people’s personal tech from hackers to parliament today.
The Product Security and Telecommunications Infrastructure (PSTI) Bill will allow the government to ban universal default passwords, force firms to be transparent to customers about what they are doing to fix security flaws in connectable products, and create a better public reporting system for vulnerabilities found in those products.
The Bill will also speed up the roll out of faster and more reliable broadband and mobile networks by making it easier for operators to upgrade and share infrastructure.
The reforms hope to encourage quicker and collaborative negotiations with landowners hosting the equipment, to reduce instances of lengthy court action which are holding up improvements in digital connectivity.
Richard Horne, Cyber Security Chair at PwC, told City A.M. the move is “critical” and has been a “journey for the government”.
Drawing comparisons to standards for software, which has clear regulations and guidelines for dealing with hacks, Horne emphasised the importance of having basic standards and this bill is “the next logical step” alongside the development of new tech.
Julia Lopez MP, Minister for Media, Data and Digital Infrastructure, said: “Our Bill will put a firewall around everyday tech from phones and thermostats to dishwashers, baby monitors and doorbells, and see huge fines for those who fall foul of tough new security standards.”
A recent study by Which? found a home filled with smart devices could be exposed to more than 12,000 hacking or unknown scanning attacks from across the world in a single week. In the first half of 2021, there were 1.5 billion attempted compromises of Internet of Things (IoT) devices, double the 2020 figure.
The PSTI Bill will counter this threat by giving ministers new powers to bring in tougher security standards for device makers.
Any new regime will be overseen by a regulator, which will be designated once the Bill comes into force, and will have the power to fine companies for non-compliance up to £10m or four per cent of their global turnover, as well as up to £20,000 a day in the case of an ongoing contravention.
The move comes as part of a government crackdown on tech, and protecting members of the public.