There are expected to be more than 420 million internet connected smart devices in UK homes by 2020, and the number of attacks are on the rise, with a staggering 3,800 cyber-attacks on the smart home every day. Treating devices with the same level of caution that we do for our phones and desktops is vital, as well as making products that will be in millions of homes worldwide, as secure as possible.
The UK are currently leading global efforts to strengthen the security of smart devices and products. This week, the Government published a voluntary Code of Practice for manufacturers on how they can protect their products against common cyber-attacks.
Secure by Design
The Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC) set out plans in a Secure by Design review. The review will ensure that manufacturing businesses can strengthen the cyber security of their products during the initial design stage, rather than attempting to bolt it on after the product has been made.
A lot of manufacturers fail to have the correct safeguards on their products, and many consumers don’t have the tech knowledge to change default passwords or update any pre-installed software. The government has worked with industry partners to develop the Code of Practice to improve security and consumer safety.
Tech companies HP and Hive Centrica are the first companies to sign up to commit to the code, with hopefully many more to follow. The government has produced a mapping document to make it easy for other manufacturers to follow HP and Hive Centrica’s example.
Vital processes & security
The Secure by Design review really highlights how processes and security are vital in the development of every product and service. At Hyve, security is at the core of everything that we do, especially when our Cloud Architects design cloud infrastructures for our customers. We incorporate the physical security elements (such as hardware firewalls) in the infrastructure design, and then add several additional layers such as VPNs and DDoS Defence to the solution.
Whilst the Code of Practice is only voluntary at present, it will hopefully gain momentum and be rolled out as a legal requirement for all manufacturers in the future.