Become a Member
News

DTG to launch ‘Secure by Design’ scheme to strengthen cyber security in TV products

12/09/19

The aim of the Secure by Design (SBD) conformance scheme will be to provide reassurance that a product meets the cyber security guidelines laid out by Government.

LONDON, THURSDAY 12 SEPTEMBER 2019: Digital TV Group (DTG), the centre for UK digital TV, have announced plans to launch a cyber security conformance scheme building on the UK Government’s Secure by Design programme. The aim of the scheme is to provide consumers and retailers with the confidence that their connected devices are protected against cyber attacks.

Minister for Sport, Media and Creative Industries Nigel Adams said:

“As more of our technology becomes digitally connected, it’s vital that products are secure from cyber threats at the design stage. It’s great that the Digital TV Group are taking this seriously and setting up their own assurance scheme for smart TVs that builds on our world-leading Internet of Things security Code of Practice. This is a positive step forward and another incentive for manufacturers to take cyber threats seriously and not bolt it on as an after-thought.”

Manufacturers will be able to display the SBD conformance mark on a product if it meets the minimum requirements and receives certification that it is adequately secure. The SBD conformance specifications will be developed based on the Government’s Code of Practice for Consumer IoT Security, published in October 2018, and corresponding ETSI standard TS 103 645.

The first three guidelines in the Code of Practice, which will be the initial/primary focus of the scheme are:

  1. No default passwords – All IoT device passwords shall be unique and not resettable to any universal factory default value.
  2. Implement a vulnerability disclosure policy – All companies that provide internet-connected devices and services shall provide a public point of contact as part of a vulnerability disclosure policy in order that security researchers and others are able to report issues. Disclosed vulnerabilities should be acted on in a timely manner.
  3. Keep software u­­­pdated – Software components in internet-connected devices should be securely updateable. Updates shall be timely and should not impact on the functioning of the device. An end-of-life policy shall be published for end-point devices which explicitly states the minimum length of time for which a device will receive software updates and the reasons for the duration of the support period. The need for each update should be made clear to consumers, and an update should be easy to implement. For constrained devices that cannot physically be updated, the product should be isolatable and replaceable.

The DTG’s next steps are to work with its members to develop the SBD scheme and launch it for consumer electronics related to the TV industry initially. A full list of included product types will be confirmed later.

Dr Ian Levy, National Cyber Security Centre (NCSC) Technical Director, said:

“The IoT Code of Practice was the culmination of work carried out by the NCSC and DCMS in partnership with industry and academia, and it’s great to see DTG building on it in this way.

“The DTG’s conformance scheme will give consumers the confidence that the technology they are bringing into their homes is safe, and I hope it is the first of many industry initiatives based on the Code.”

Richard Lindsay-Davies, CEO for DTG, said:

“The DTG will lead the way by helping our industry to navigate the increasingly complicated policy and regulatory environment and, in doing so, help protect both consumers and industry as IoT increasingly permeates our daily lives.

The UK SBD scheme will be developed with industry, with the support of Connect Devices Ltd and other partners, ultimately increasing consumer confidence in device security. We look forward to engaging with industry as we build on the DTG’s work from over the past two decades, helping manufacturers provide consumer-trusted products as we continue to grow with the industry as technology evolves.”

 

-ENDS-

About Digital TV Group

About the DCMS Secure by Design programme

The Government’s Secure by Design programme was set up to improve the cyber security of internet-connected consumer products, and thus enable consumers and industry to harness the full potential of the Internet of Things. In October 2018, the Government published the Code of Practice for Consumer IoT Security, which provides essential guidance for manufacturers to achieve a good level of product security. The Government also published, in May this year, its proposals for new regulation on IoT security as part of a public consultation.

ETSI Technical Specification 103 645, launched in February, is the first globally applicable industry standard on consumer IoT security. Building on the Code of Practice, the standard has been designed to work for European and wider global needs. TS 103 645 is currently being transposed into a European Standard (EN).

PR Contact
Georgie Wilks-Wiffen
Marketing Communications Manager
[email protected]
+44 20 7840 6514

Written by DTG Team
 

DTG Resources

The DTG has a wealth of resources available to its Members which includes reports, papers, infographics and presentations. We also have an extensive DTG Archive which covers broadcast industry developments over almost a quarter of a century. However some DTG publications are available by email on a complimentary basis.

Find Out More

The DTG Bulletin

The DTG Bulletin is a weekly curation of industry news and events with informed comment from DTG industry experts and Members. It also includes details of Member Offers which entitle DTG Members to discounts. To register your interest in receiving the DTG Bulletin please click the button below.

Sign up Today
Contact us