Documents to download

Cyber Security of Consumer Devices Image

Key Points:

  • There is a growing UK market for internet-connected devices such as smart home appliances and home monitoring systems. These devices can provide economic and social benefits, but stakeholders have expressed concerns about the poor security of many devices.
  • The poor cyber security of these devices can lead to data loss, privacy infringements and risks to physical safety and security. Large-scale attacks involving many insecure devices have resulted in the widespread disruption of online services. Common targets include devices with default or common passwords, known software vulnerabilities, or software that is out-of-date.
  • A lack of economic incentives, fragmented industry standards, and some user behaviours contribute to poor cyber security.
  • Both manufacturers and consumers may lack incentives to invest in security features. The economic costs of large-scale cyber-attacks often fall on third parties, such as online service providers. Consumers may not have the information and technical expertise that is required to purchase and set-up devices securely.
  • The UK Government has produced a voluntary Code of Practice for the development, manufacturing and retail of connected consumer devices, which it may decide to enforce through regulation. The guidelines aim to encourage a “secure by design” approach, reducing the burden on consumers to ensure that their devices are secure. The Government is also considering a labelling scheme to help inform consumers.
  • Challenges to improving the cyber security of consumer devices include the complexity of supply chains, difficulties assessing security, and a shortage of cyber security expertise.
  • Among stakeholders, there is currently debate over the introduction of mandatory standards or labelling schemes for connected consumer devices, as well as the adequacy of product safety, liability and consumer rights laws.

Acknowledgements

POSTnotes are based on literature reviews and interviews with a range of stakeholders, and are externally peer reviewed. POST would like to thank interviewees and peer reviewers for kindly giving up their time during the preparation of this briefing, including:

  • Arm Ltd*
  • British Retail Consortium*
  • BSI Group*
  • Cyber Aware*
  • David Rogers, Copper Horse Ltd
  • Department for Digital, Culture, Media & Sport*
  • Department for Business, Energy & Industrial Strategy
  • Dr Greig Paul, University of Strathclyde
  • Dr John Blythe, University College London & CybSafe*
  • Dr Leonie Tanczer, University College London*
  • Dr Madeline Carr, Research Institute in Science of Cyber Security & University College London*
  • Dr Simon Parkin, University College London*
  • The European Consumer Organisation (BEUC)*
  • National Cyber Security Centre*
  • Ofcom*
  • Office for National Statistics*
  • Professor Andy Stanford-Clark, IBM*
  • Professor Carsten Maple, WMG’s Cyber Security Centre, University of Warwick*
  • Professor Jim Norton
  • Professor Martyn Thomas, Gresham College*
  • Professor Ross Anderson, Cambridge Cybercrime Centre, University of Cambridge*
  • Professor Shane Johnson, Dawes Centre for Future Crime, University College London
  • Royal Academy for Engineering*
  • techUK*

*Denotes those who acted as external reviewers of the briefing.


Documents to download

Related posts

  • Smart Cities

    "Smart cities" describes places that incorporate a range of technologies (especially those that collect and use data) to address economic, social, and environmental challenges. Projects usually take place in urban areas, but are also deployed in rural settings. This POSTnote looks at smart city innovation in the UK and the technologies involved. It considers the factors driving the adoption of smart city technologies, and the potential benefits, barriers and risks associated with their implementation.

    Smart Cities
  • Energy sector digitalisation

    The incorporation of digital technologies in the energy sector can support progress towards key UK objectives such as achieving Net Zero emissions targets. It can also transform current methods of energy generation, transmission, regulation, and trading. This POSTnote presents an overview of key digital technologies and their main applications in the energy sector. It provides an overview of the potential benefits to using these technologies, and recent developments in this area. It describes the role of data in underpinning digital technologies in the sector, and some of the issues raised by its use. It also discusses broader challenges associated with energy sector digitalisation and measures that could help address them, including issues related to technology, regulation, and impact on consumers.

    Energy sector digitalisation