The UK government claims to be leading the way with a newly released Code of Practice (CoP) designed to drive security-by-design in the manufacture of IoT products.
Developed in partnership with the National Cyber Security Centre (NCSC), the ICO and others, the "world first" CoP aims to improve baseline security in the sector and ensure smart devices that process personal data are aligned with the GDPR.
It’s focused initially on the consumer space.
HP and Centrica Hive are the first two IoT-makers to sign up, and the government hopes its mapping document will make it easier for others to follow.
Regulation is also being developed to improve the security of consumer-grade IoT products, according to the government.
The move can be seen as a response to the risks posed to individuals and businesses from unsecured consumer IoT devices, as exploited most famously by the Mirai botnet attacks of 2016.
It also comes as the British Standards Institution (BSI) readies a new kitemark scheme for consumers and businesses to help them better identify products they can trust to be reliable and secure.
The CoP received a cautious welcome from security experts, but many argued it doesn’t go far enough.
“A code of practice is a step in the right direction, but more needs to be done. The industry should follow best practices and self-regulate, before regulators put a static, cumbersome device security framework in place,” argued John Sheehy, VP of strategy at IOActive.