From today, new laws enforcing consumer protections against hacking and cyber attacks will take effect in the UK.
The new laws will enforce consumer protections, mandating that internet-connected smart devices meet minimum security standards by law.
Under the new regime, manufacturers will be banned from having weak, easily guessable default passwords like ‘admin’ or ‘12345’. If there is a common password, the new law will have manufacturers prompt the user to change it on start-up.
The laws are coming into force as part of the Product Security and Telecommunications Infrastructure regime, designed to ensure cyber attacks do not impact the UK and the global economy.
Data and Digital Infrastructure Minister, Julia Lopez, said: “Today marks a new era where consumers can have greater confidence that their smart devices, such as phones and broadband routers, are shielded from cyber threats, and the integrity of personal privacy, data and finances better protected.”
Mitigating harmful cyber attacks
This measure aims to mitigate risks such as the harmful Mirai attack in 2016, during which 300,000 smart devices were compromised due to vulnerabilities in their security features.
The compromised devices were used to attack major internet platforms and services, leaving much of the US East Coast without internet access.
Since then, UK banks have experienced similar attacks leading to disruption for customers.
Boosting the UK’s resilience towards cyber crime
The move marks a step towards boosting the UK’s resilience against cyber attacks.
Recent figures show that 99% of UK adults own at least one smart device, and UK households, on average, own nine connected devices.
Customers will also be given confidence in buying and using products, which will help businesses and the economy.
An investigation conducted by Which? revealed that a home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in just one week.
With 57% of households owning a smart TV, 53% owning a voice assistant and 49% owning a smartwatch or fitness wristband, the new law highlights the government’s dedication to directly confronting the societal and economic risks posed by these technologies.
Security protections introduced to tackle cyber attacks
The new measures will introduce improved security protections, including:
- Common or easily guessable passwords will be banned to prevent vulnerabilities and hacking
- Manufacturers will have to publish contact details so bugs and issues can be reported and dealt with
- Manufacturers and retailers must communicate to consumers the minimum timeframe within which they can anticipate receiving critical security updates
NCSC Deputy Director for Economy and Society, Sarah Lyons said: “Businesses have a major role to play in protecting the public by ensuring the smart products they manufacture, import or distribute provide ongoing protection against cyber attacks.
“This landmark Act will help consumers to make informed decisions about the security of products they buy.”
Consumers and cyber security experts can play an active role in protecting themselves from cyber criminals by reporting any products that don’t comply with the Office for Product Safety and Standards (OPSS).
The new regime intends to increase consumer confidence in the security of the products they buy and use. They are part of the government’s £2.6bn National Cyber Strategy to protect the UK online.