The United Kingdom has announced plans to introduce new IoT laws aimed at boosting the security of connected devices.
The law has three basic principles:
- Devices must have unique passwords that cannot be reset to a universal factory setting
- Manufacturers must provide a public point of contact as part of a ‘vulnerability disclosure policy’
- Manufacturers must explicitly state the minimum length of time that a device will continue to receive security updates as part of an ‘end of life policy.’
This kind of regulation shows that governments are increasingly worried about the lack of firewalls or antivirus software in IoT devices.
This could be a first step towards establishing secure and standardized framework for further IoT development.