AuthorSolicitor, Advocate. Director Ashmans Solicitors Archives
August 2023
Categories
All
|
Back to Blog
Cyber Laws8/8/2023 Cyber laws
The government has introduced a "new world-leading law" to protect consumers from hackers on their phones, smart TVs, fitness trackers, tablets and other devices that connect to the internet. Why? Research has shown that four in five UK manufacturers must place appropriate security measures. Products capable of connecting to the internet include things you may not immediately think of, such as speakers, thermostats, printers and toys. The law will prevent selling items in the UK that do not meet the required security standards. The ownership of devices capable of connecting to the internet has risen massively in recent years, with an average of ten devices per household. Some forecasts suggest up to 50 billion devices worldwide by the year 2030. An investigation by Which? The average home could be exposed to over 12,000 scanning or hacking attacks weekly. The UK's National Cyber Security Centre says it dealt with 777 incidents in the last 12 months, which was unprecedented. They also report an increase in ransomware attacks and significant global incidents. In 2017 data was stolen from a North American casino where the attackers gained access through an internet-connected fish tank, showing that the most innocuous items can be a security risk. What? The Bill is called the Product Security and Telecommunications Infrastructure Bill and has been introduced to Parliament. The law would allow the government to:
Which devices? The Bill concerns connectable products and items that can access the internet. Such items include smartphones, smart TVs, baby monitors, security systems, voice-activated assistants and smart home appliances. Devices connecting to other devices but not directly to the internet are also included, such as smart light bulbs and fitness trackers. Second-hand products will not be included as this would be impractical, placing obligations on businesses and consumers that would outweigh the benefits. An antivirus software market already serves desktops and laptops and has security features, so they are outside the scope. Default passwords A ban would be introduced on easy-to-guess or default passwords such as admin or 123456, preloaded on devices and targeted by hackers. All new devices will have to be provided with a unique password and not be capable of being restored to a universal factory setting. Security updates Manufacturers would be required to tell customers about the minimum length of time that a product would receive security updates and patches at the point of sale. Alternatively, customers must be told if a product does not come with security updates. This would mean that customers would know when and if any items they bought would become vulnerable. Reporting Manufacturers would also be required to provide a public point of contact to make reporting flaws and bugs in a product more accessible. Businesses In-scope businesses will have a duty to investigate compliance failures and to produce records and statements of compliance. Regulator The new regime will be overseen by a regulator with the power to impose financial penalties for non-compliance. The maximum fine will be £10 million or four per cent of global turnover and up to £20,000 per day in an ongoing infringement. The regulator will also be able to issue notices to companies requiring the recall of products, prohibiting the sale or supply of products, or requiring them to comply with security requirements. Research Cyber Security Breaches 2023 The National Cyber Security Centre Data stolen from North American Casino Cyber flashing as a new law Comments are closed.
|