Security News > 2020 > January > Mandatory IoT Security in the Offing with U.K. Proposal
IoT device manufacturers must also provide a public point of contact so that anyone can report a flaw, to be "Acted on in a timely manner;" and, manufacturers must also explicitly state the minimum length of time for which devices will receive security updates at the point of sale.
The regulation was developed by the Department for Digital, Culture, Media and Sport after an extensive consultation period that kicked off in May 2019, when the U.K. announced it was accepting regulatory proposals for IoT security regulation.
Several more solidified attempts at IoT security regulation do exist globally.
The closest of these to become law in the U.S. is the California Senate Bill 327, which would require "Reasonable security feature or features that are appropriate to the nature and function of the device." SB-327, which was first proposed in 2018 and became law in January 2020, drew backlash from the security community, which said that it was a good first step but did not go far enough in regulating IoT security.
Researchers continue to find basic security issues in IoT devices that are on the market - from factory-set default passwords to disturbing privacy issues.
News URL
https://threatpost.com/mandatory-iot-security-uk-proposal/152217/