UK Government proposes anti-hacker law to protect consumer devices
The UK Government has introduced a bill aimed at preventing cyber attacks on devices such as phones, tablets and smart TVs.
If enacted, the Product Security and Telecommunications Infrastructure Bill will allow the government to ban universal default passwords and will require manufacturers, importers and distributors of internet-enabled products to be transparent with consumers about what they are doing to fix any security flaws.
An as-yet undetermined regulator will have the ability to impose fines of up to £10m or four per cent of global turnover for non-compliance in addition to a maximum of £20,000 a day for an ongoing contravention.
By making it easier for operators to upgrade and share infrastructure, the bill is also expected to speed up the roll-out of faster broadband and mobile networks.
Conservative MP Julia Lopez, who has the ministerial brief for media, data and digital infrastructure, said the law has been drafted to “put a firewall around everyday tech from phones and thermostats to dishwashers, baby monitors and doorbells”.
She added that those who “fall foul of [the] tough new security standards” would be hit with “huge fines”.
A recent investigation by consumer magazine Which? found the proliferation of internet-connected technologies means a home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in a single week.
Meanwhile, the UK’s National Cyber Security Centre (NCSC) revealed last week that it had dealt with an unprecedented number of cyber incidents over the past year.
NCSC technical director Dr Ian Levy said the bill represents “the start of the journey to ensure that connected devices on the market meet a security standard that’s recognised as good practice”.
Which? director of policy and advocacy Rocio Concha added: “The government needs to ensure these new laws apply to online marketplaces, where Which? has frequently found security-risk products being sold at scale, to prevent people from buying smart devices that leave them exposed to scams and data breaches.”