LONDON--(BUSINESS WIRE)--Digital TV Group (DTG), the centre for UK digital TV, have announced plans to launch a cyber security conformance scheme building on the UK Government’s Secure by Design programme. The aim of the scheme is to provide consumers and retailers with the confidence that their connected devices are protected against cyber-attacks.
Minister for Sport, Media and Creative Industries Nigel Adams said:
"As more of our technology becomes digitally connected, it's vital that products are secure from cyber threats at the design stage. It's great that the Digital TV Group are taking this seriously and setting up their own assurance scheme for smart TVs that builds on our world-leading Internet of Things security Code of Practice. This is a positive step forward and another incentive for manufacturers to take cyber threats seriously and not bolt it on as an after-thought."
Manufacturers will be able to display the SBD conformance mark on a product if it meets the minimum requirements and receives certification that it is adequately secure. The SBD conformance specifications will be developed based on the Government’s Code of Practice for Consumer IoT Security, published in October 2018, and corresponding ETSI standard TS 103 645.
The first three guidelines in the Code of Practice, which will be the initial/primary focus of the scheme are:
- No default passwords - All IoT device passwords shall be unique and not resettable to any universal factory default value.
- Implement a vulnerability disclosure policy - All companies that provide internet-connected devices and services shall provide a public point of contact as part of a vulnerability disclosure policy in order that security researchers and others are able to report issues. Disclosed vulnerabilities should be acted on in a timely manner.
- Keep software updated - Software components in internet-connected devices should be securely updateable. Updates shall be timely and should not impact on the functioning of the device. An end-of-life policy shall be published for end-point devices which explicitly states the minimum length of time for which a device will receive software updates and the reasons for the duration of the support period. The need for each update should be made clear to consumers, and an update should be easy to implement. For constrained devices that cannot physically be updated, the product should be isolatable and replaceable.
The DTG’s next steps are to work with its members to develop the SBD scheme and launch it for consumer electronics related to the TV industry initially. A full list of included product types will be confirmed later.
Dr Ian Levy, National Cyber Security Centre (NCSC) Technical Director, said:
“The IoT Code of Practice was the culmination of work carried out by the NCSC and DCMS in partnership with industry and academia, and it’s great to see DTG building on it in this way.
“The DTG’s conformance scheme will give consumers the confidence that the technology they are bringing into their homes is safe, and I hope it is the first of many industry initiatives based on the Code.”
Richard Lindsay-Davies, CEO for DTG, said:
“The DTG will lead the way by helping our industry to navigate the increasingly complicated policy and regulatory environment and, in doing so, help protect both consumers and industry as IoT increasingly permeates our daily lives.
The UK SBD scheme will be developed with industry, with the support of Connected Devices Ltd and other partners, ultimately increasing consumer confidence in device security. We look forward to engaging with industry as we build on the DTG’s work from over the past two decades, helping manufacturers provide consumer-trusted products as we continue to grow with the industry as technology evolves.”
-ENDS-
NOTES TO EDITORS
About Digital TV Group
The DTG is the UK’s not-for-profit organisation that makes digital TV work. It brings together key players from across industries to achieve tried and tested interoperability- and deliver a seamless viewer experience. It works with members and industry to create a great television experience now and into the future. It underpins the free-to-air platforms Freeview, Freesat and YouView, and supports the development of Sky, Virgin Media, BT and TalkTalk. It has been central to the distribution of TV in the UK for over two decades through the collaborative development of industry standards and best practice. The DTG is currently embracing the convergence of content and networks across industries to focus on the efficient delivery of video to all screens - mobile, tablet and TV - in all formats: standard, high and ultra-high definitions.
The DTG supports the next generation of digital TV and related technologies through its work in the delivery of video to mobile devices, television on tablets, spectrum coexistence management, TV white space, home networking, connected TV, accessibility and the UK UHD Forum. For more details, please visit dtg.org.uk and dtgtesting.com.
About the DCMS Secure by Design programme
The Government’s Secure by Design programme was set up to improve the cyber security of internet-connected consumer products, and thus enable consumers and industry to harness the full potential of the Internet of Things. In October 2018, the Government published the Code of Practice for Consumer IoT Security, which provides essential guidance for manufacturers to achieve a good level of product security. The Government also published, in May this year, its proposals for new regulation on IoT security as part of a public consultation.
ETSI Technical Specification 103 645, launched in February, is the first globally applicable industry standard on consumer IoT security. Building on the Code of Practice, the standard has been designed to work for European and wider global needs. TS 103 645 is currently being transposed into a European Standard (EN).