NCC : UK Government cements IoT security guidance with updated Secure by Design Code of Practice

Earlier this year, the Department for Digital, Culture, Media and Sports (DCMS) published a draft of its Secure by Design Code of Practice, which set out a number of guidelines on the security of consumer IoT devices.

Yesterday, DCMS, in partnership with the National Cyber Security Centre (NCSC), has published the final version of the Code. This defines the key stakeholders responsible for securing IoT devices and offers clear guidance with regards to their responsibilities for embedding security into every stage of the manufacturing process.

Reacting to this news, Ollie Whitehouse, global chief technical officer at NCC Group, commended DCMS and NCSC for their work to safeguard IoT devices, and highlighted the importance of collaboration in order to drive adoption of the Code across the board.

'Since the publication of the draft Code in March, significant steps have been made with initiatives launched on both national and international scales. But the UK's pragmatic and comprehensive response means that we've solidified our position at the forefront of IoT security. Today's revisions are further evidence of the DCMS' commitment to ensure the Code remains relevant as IoT technology, and its vulnerability to new threats, continue to evolve.

'Although challenges still remain within the realm of connected devices, it's encouraging to see the solid foundations that have been laid by DCMS and NCSC. It is now up to all of us to think further about how we drive the adoption of the Code's principles and encourage investment in the Security Development Lifecycle from the outset, in order to secure smart devices now and in the future. By committing to this, adopting assurance and TrustMark schemes, along with meeting procurement requirements, manufacturers will be making a good start.

'Improving cyber resilience across the IoT is not only increasingly important for consumers, but also for industries that utilise these devices in their own environments, especially when these concern critical infrastructures. Ensuring the robustness of the Code so that everyone can trust it is therefore essential for safeguarding the UK as a whole from modern-day threats. We hope that other governments will now take note of the UK's leadership on this matter and adopt similar principles.'

Published date: 15 October 2018