Does the UK’s new smart device security law go far enough to prevent cyberattacks?
Manufacturers will now have to follow tougher rules to sell smart devices in the UK after, what some consider, a long overdue law came into effect at the end of April.
In 2021, an investigation conducted by Which? consumer group discovered that a UK home filled with smart devices could be vulnerable to over 12,000 hacking attempts every week.
The law, known as the Product Security and Telecommunications Infrastructure act (PSTI act), has been described as “long overdue” by experts.
It is designed to ensure better security around devices such as smart doorbells, speakers, televisions, and other devices connected to the Internet, often called the Internet of Things (IoT).
The UK government said the “world first” law would provide “piece of mind” to consumers.
According to the Department for Science, Innovation and Technology, over half of UK households now own a smart TV, and more than half own a voice assistant, along with an average of nine other smart devices.
These devices can include anything from toys and game consoles to fridges and ovens.
Until recently, manufacturers had to follow security guidelines, but the new law adds three tougher requirements to meet:
Is the new law enough to fully secure smart devices?
Cybersecurity groups and experts have welcomed the new law, but some have raised concerns about its effectiveness in combatting the mass amount of rising threats.
Emma Christy, analyst in thematic intelligence at GlobalData, told Verdict that the law was a step in the right direction to strengthen the UK public’s resilience to cyberattacks.
“The new requirements help firms to protect consumers by mandating minimum standards, increasing transparency about the timing of security updates, and helping consumers to make more informed decisions when buying or using smart devices,” Christy said.
However, the question remains whether any fines are punitive enough to deter manufacturer non-compliance, Christy added.
Tim Callon, chief executive officer at cloud security company Sectigo, told VerdIct that despite the government’s steps to improve IoT cybersecurity, it has a long way to go.
“The UK government has taken steps to improve the security of unsafe IoT devices…