This week, the UK Parliament Culture, Media & Sport (DCMS) Committee shared its final report on ‘Connected tech: smart or sinister?’ investigating the impacts of the increasing prevalence of smart and connected technology and how they can be rolled out safely and securely.
The DCMS Committee launched its inquiry in May last year to consider both the potential benefit and harms of connected technology. NCC Group’s Research Director, Matt Lewis, was invited as an ‘expert witness’ to give evidence to the Committee about the cyber security risks of connected technologies and what can be done to mitigate them.
NCC Group is pleased that the Committee have adopted several of their recommendations within the report and hopes that with the support of the Government, we can continue to address the growing security and safety risks associated with connected technologies like home cameras and smart cities.
Here, expert in connected systems security, and member of the UK Government’s Secure Connected Places External Advisory Group - Research Director, Matt Lewis, comments on the report:
“In the current trajectory of technological advancements, we are witnessing a concurrent and complex expansion of the cyber security threat landscape. As global connectivity intensifies, each point of connection represents a potential point of compromise. It is incumbent upon all stakeholders; particularly manufacturers of products and systems and service operators that underpin our connected world, to implement robust and adaptive security measures.
This report presents a pragmatic view on how the UK can achieve a strong, resilient security posture in the connected word, and moreover, the steps, skills, resources, investment and commitment needed to accomplish this.”
What does the report say?
The report highlights the evolving risk landscape associated with connected technologies, welcoming recent legislative efforts to improve the cyber security of smart devices, but calling on the Government to go further. Specifically, it recommends that the Government:
- Codifies the remaining guidelines set out in the 2018 Code of Practice for Consumer IoT Security in phases as the regime matures and industry adapts, in order to stay ahead of emerging cyber threats;
- Closes the gaps for both consumer and enterprise connected tech in the product security regime by requiring that providers adopt network-level, storage and cloud-based security to the same standards as it requires for connected devices;
- Addresses the cyber security skills shortage, taking steps to support the availability of free courses across the country, encouraging more professionals to become cyber security educators and improving the provision of core professional skills among the existing workforce;
- Establishes responsibility for cyber policy within the dedicated Department for Science, Innovation and Technology, ensuring collaboration between the Department and other cyber-focused teams distributed across Whitehall;
- Ensures the National Cyber Security Centre (NCSC) has the capacity to meet demands for its services.
What happens next?
The UK Government is now required to digest and respond to each of the Committee’s recommendations setting out how it is implementing the recommendation, or explaining why it is not. In the meantime, the DCMS Committee will continue to examine the impacts of the increasing prevalence of smart and connected technology and what needs to be done to ensure it is safe and secure for its users.
NCC Group is passionate about sharing our insights from operating at the ‘coalface’ of cyber security with policymakers, so that they can make informed decisions about the regulation of emerging technologies. We look forward to continuing to engage with the UK Government, and policymakers globally, to support a more secure and resilient digital future for all.