The UK government is taking action to improve the security of enterprise IoT devices. Recent research exposed significant vulnerabilities in these products. Testing by NCC Group revealed numerous issues, including critical and high-severity flaws. These weaknesses could allow attackers to gain control or install backdoors. Outdated software and insecure configurations were also common findings across the tested devices.
These security shortcomings have prompted the government to propose new “policy interventions.” Their goal is to establish a higher baseline of security for enterprise IoT devices sold in the UK. This approach mirrors their previous efforts with consumer IoT security legislation. The government intends to publish a code of practice outlining security principles.
They are also considering various policy measures to encourage the adoption of essential security requirements within the industry.
Several proposals are under consideration to enhance enterprise IoT security. One idea is a voluntary pledge for manufacturers to demonstrate their commitment to security. Another is the development of a new global security standard based on the code of practice. This could build upon existing standards for consumer devices. The government is also exploring legislation to enshrine the security principles into law, potentially by expanding the current PSTI Act.
The government acknowledges that businesses often have more resources for security than consumers. This includes dedicated IT staff and a better understanding of network security.
Therefore, they are considering placing specific obligations on businesses and end-users to implement necessary security measures. The aim of these interventions is to create a more secure environment for enterprise IoT deployments in the UK.
Reference:
