Become a Member

We are launching a ‘Secure by Design’ cyber security conformance scheme

We have recently announced plans to launch a cyber security conformance scheme building on the UK Government’s Secure by Design programme. The aim of the Secure by Design (SBD) conformance scheme will be to provide reassurance that a product meets the cyber security guidelines laid out by Government. It also aims to provide consumers and retailers with the confidence that their connected devices are protected against cyber attacks.

Manufacturers will be able to display the SBD conformance mark on a product if it meets the minimum requirements and receives certification that it is adequately secure. The SBD conformance specifications will be developed based on the Government’s Code of Practice for Consumer IoT Security, published in October 2018, and corresponding ETSI standard TS 103 645.

The first three guidelines in the Code of Practice, which will be the initial/primary focus of the scheme, are:

  1. No default passwords – All IoT device passwords shall be unique and not resettable to any universal factory default value.
  2. Implement a vulnerability disclosure policy – All companies that provide internet-connected devices and services shall provide a public point of contact as part of a vulnerability disclosure policy in order that security researchers and others are able to report issues. Disclosed vulnerabilities should be acted on in a timely manner.
  3. Keep software u­­­pdated – Software components in internet-connected devices should be securely updateable. Updates shall be timely and should not impact on the functioning of the device. An end-of-life policy shall be published for end-point devices which explicitly states the minimum length of time for which a device will receive software updates and the reasons for the duration of the support period. The need for each update should be made clear to consumers, and an update should be easy to implement. For constrained devices that cannot physically be updated, the product should be isolatable and replaceable.

Our next steps are to work with the industry, with the support of Connect Devices Ltd. and other partners, to develop the SBD scheme and launch it for consumer electronics related to the TV industry initially. A full list of included product types will be confirmed later.

In conjunction with the scheme, we will be hosting a free interactive workshop for DTG Members only that explores the scheme and what it signifies for the industry. If  you would like to attend, please register here as spaces are limited.

Contact us