The UK, Canada, and Singapore are joining forces to improve the security of IoT devices.
In a joint statement, the governments of the respective countries noted the economic and social benefits of IoT devices. However, they also warned of the risks of insecure IoT devices not just to consumers’ own security, privacy, and safety, but also to the broader economy through large-scale cyberattacks.
Many record-breaking cyberattacks have taken advantage of the often poor security practices of IoT device manufacturers. With malicious nations increasingly turning to cyberattacks to cause damage to rivals – using plausible deniability to avoid repercussions – it’s more imperative than ever to improve cybersecurity measures.
Here’s the full statement:
“The continued growth in network connectable (also known as Internet of Things, or ‘IoT’) products offers great benefits to citizens, and a revolution in connectivity. However, many of these products currently lack even basic cyber security provisions. The result is that consumers’ security, privacy and safety are at risk, with the wider economy vulnerable to large-scale cyber-attacks that can be launched through insecure IoT.
The governments of Canada, Singapore and the United Kingdom are united in our belief that connected products offer tremendous economic and social benefits, and that appropriate cyber security requirements must be built into these products from the design stage, rather than placing this burden on consumers. Our approach supports growth and innovation, and allows citizens to benefit from the remarkable opportunities offered by this connected revolution.
To protect consumers across the globe requires coordinated efforts from like-minded governments, academia, and civil society. Our three governments are working together to promote and support the development of international standards and industry guidance, to foster innovation, and to encourage approaches that incorporate internationally recognised security requirements and avoid fragmentation. Through this global alignment we can reduce duplication of testing and similar assessments and the challenge for industry of needing to apply to multiple schemes underpinned by identical or very similar requirements.
We endorse the emerging baseline security requirements for these products, and encourage international recognition and alignment with them. We are united in our view that international standards can facilitate strong security practices and we encourage the adoption of international standards to mitigate these cyber risks. We are committing to continue working closely together, and we will continue to promote global alignment on best practices and encourage the recognition of aligned schemes to reduce unnecessary barriers to trade and industry.”
On the day of launching its unprovoked invasion of Ukraine, Russia launched a cyberattack on satellite operator Viasat to disrupt Ukrainian communications. Spillover from the attack impacted wind turbines in Germany.
In April, members of the Five Eyes intelligence alliance – which includes the UK and Canada – issued a joint cybersecurity advisory warning of increased attacks on critical infrastructure from Russia. These attacks could target countries that have supported Ukraine, especially those that have lawfully provided conventional weapons to help the country defend itself from an invading force.
The UK and Canada are members of NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) which is open to like-minded countries that aren’t part of the wider military alliance. Amid increasing global cybersecurity threats, CCDCOE membership is growing rapidly.
This week, Japan announced that it had joined the CCDCOE. In May, the centre added South Korea, Canada, and Luxembourg to its membership. In March, the CCDCOE voted to accept Ukraine into its fold as a contributor.
Cybersecurity alliances – including the CCDCOE and the IoT security partnership announced this week between the UK, Canada, and Singapore – will be crucial in tackling increasing cyber threats now and into the future.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.