A new UK law has been introduced to improve the security of “smart” devices and embedded systems writes Cyber Security Technologist James Galbraith.
Among the new regulations, manufacturers must not leave passwords blank or easy-to-guess.
What is covered by the law?
Among the products covered by this new law are:
– Smart speakers
– Televisions
– Baby monitors
– Security cameras
– Domestic appliances
– Fitness trackers
– Tablets
– Smartphones
– Games consoles
– Embedded systems
– Routers
Why this matters:
Using easily guessable / publicly available passwords enables hackers to gain access to these devices. Once they’re in, they can then attack other sections of your network. For example, in the U.S. hackers used default passwords to gain entry to embedded systems and disrupted waste and wastewater systems significantly, causing operations to be stopped at huge financial cost. The example highlights the importance of securing these devices and the relevance of the new law.
The Cyber Essentials Scheme
The Cyber Essentials Scheme highlights the best practices for businesses to take when securing their network, and one of the most important areas of this is eliminating the usage of any default passwords, and making sure to change the default passwords when receiving a new device. With these controls in place, businesses can stay ahead of the curve when it comes to securing their business’ digital security.