Smart device security law banning easy-to-guess passwords edges a step closer
MPs are set to debate a new law to keep consumers’ phones, tablets, smart TVs, fitness trackers and other devices secure from cybercriminals today.
It will place new cyber security requirements on the manufacturers and sellers of consumer tech which can connect to the internet or other devices.
Heading for its second reading today, the Product Security and Telecoms Infrastructure Bill will ban easy-to-guess default passwords which come programmed into digital devices and present an easy target for cybercriminals will be banned.
Under the new law, manufacturers will have to be more transparent to customers about the length of time products will receive security updates for connectable products and create a better public reporting system for vulnerabilities found in those products.
Failure to uphold the measures could result in fines of up to £10m or four per cent global turnover, plus up to £20,000 per day in the case of an ongoing breach.
Ahead of introducing the bill in the House of Commons, Digital Secretary Nadine Dorries said: “Whether it’s your phone, smart speaker or fitness tracker, it’s vital that these devices are kept secure from cybercriminals.”
“Every product on our shelves has to meet all sorts of minimum requirements, like being fire resistant or a choking hazard and this is no different for the digital age where products can now carry a cyber security risk.”
Part of the move is also about enabling faster and more reliable broadband and mobile networks, making it easier for operators to upgrade and share infrastructure.
The reforms hope to encourage quicker and more collaborative negotiations with landowners hosting the equipment with the aim of reducing instances of lengthy court action holding up the construction of infrastructure.
However, some have criticised the implications on rent cuts on local landowners, as reported by City A.M.
A regulator, to be announced at a later date, will oversee the new cyber security regime and ensure in-scope businesses comply with the measures in place. It will have the power to issue notices to companies requiring they comply with the security requirements, recall insecure products or stop selling or supplying them altogether.
The bill applies to ‘connectable’ products. This includes all devices which can access the internet such as smartphones, smart TVs, games consoles, security cameras and alarm systems, smart toys and baby monitors, smart home hubs and voice-activated assistants, and smart home appliances such as washing machines and fridges.
It also applies to products which can connect to multiple other devices but not directly to the internet. Examples include smart light bulbs, smart thermostats and wearable fitness trackers.
Hamish MacLeod, Chief Executive at Mobile UK, said: “Mobile operators need a robust legal framework to meet the UK’s connectivity ambitions. The Electronic Communications Code as it stands is not working. Mobile operators welcome the measures within this Bill that will tackle this and will engage closely with Parliament to ensure that it delivers on this objective.”