Grants available to support improvement of consumer assurance
The government has launched a grant funding programme to support the development and uptake of kitemarks and other assurance standards for internet of things technology.
The scheme has a total funding pot of £400,000, with individual grants of up to £170,000. The government is looking for organisations to propose industry-led initiatives to “catalyse industry take-up and implementation of cybersecurity good practice… through product-assurance schemes” for IoT device manufacturers and retailers.
Proposals could either address the entirety of the IoT sector, or just a specific segment, such as smart televisions or connected toys.
“Typically, such schemes provide consumers with an assurance label or kitemark that demonstrates that the product has undergone independent testing or a robust and accredited self-assessment process,” the application pack said. “In that way, assurance schemes can be vital in enabling consumers to make security-conscious purchasing decisions. In addition, feedback from the testing process which forms the basis of these assurance schemes can be communicated privately to manufacturers to help them improve their product.”
Implementing these schemes has been “challenging” so far, the government said, partly because of the breadth of IoT products available, and the variance in what constitutes “appropriate security”. Other challenges include the frequency with which security needs change – particularly when software updates that take place after a product has been assess “can drastically change security risks associated” with it.
But the lack of effective assurance programmes has created a market where many products thus far “lack basic cybersecurity provisions”.
The government claimed that 87% of IoT device manufacturers assessed last year “had no form of public vulnerability disclosure policy”.
“Universal default passwords, which often allow a device to be easily compromised, are still commonplace,” it added. “Consumers are generally not aware of the lack of essential cybersecurity provisions in their IoT devices. Moreover, information about cyber security of IoT products is usually not provided to consumers at the point of sale, this is despite the fact that consumers rate cybersecurity as an important product feature.”
Bids for funding are open until 30 June, with money due to be awarded by the end of the current financial year.
Digital minister Matt Warman said: “We are committed to making the UK the safest place to be online and are developing laws to make sure robust security standards for consumer internet-connected products are built in from the start. This new funding will allow shoppers to be sure the products they are buying have better cyber security and help retailers be confident they are stocking secure smart products.”
Alongside the funding scheme, the government is also in the process of implementing new legislation that is designed to ensure that all consumer IoT products sold in the UK adhere to three principles: mandatory unique passwords with, no option to reset to a default; a clear point of contact for consumers to report issues directly to manufacturers; clear information at point of sale on the length of time for which security updates will be provided.