- UK and Singapore work together to boost protections for
consumers through joint cyber security standards for devices.
- New global cyber security label to smooth the way for devices
to come to international markets.
- Measures to boost consumer confidence and support the growth
behind the government's Plan for Change.
The UK is cementing its position as a global leader in cyber
security, with a number of countries set to follow and adopt
Britain's minimum protections for connected devices - delivering
robust protections for consumers, as part of our plan for
national renewal.
In a major agreement struck as part of Singapore International
Cyber Week (23 October), the UK and Singapore will work together
to deliver seamless protections for both sets of citizens,
showing how partnership can build a Britain built for all.
As part of this agreement, devices which meet Singapore cyber
security standards for devices will now be protected under the
UK's own Product Security and Telecommunications Infrastructure
(PSTI)
regime. This was the first piece of legislation anywhere in the
world to introduce minimum cyber security requirements for
consumer devices such as smartphones, games consoles and smart
doorbells.
This includes everything from the banning of default passwords
commonly used like ‘admin' or ‘12345' to greater
transparency over how long devices will receive vital software
updates for. This will not only create a shared baseline to
protect consumers, but cut excessive red tape to get safe and
secure products in their hands faster than ever.
More and more countries are now using the standard used by the
UK's PSTIRegime
(EN 303 645)
to inform their own approaches to securing consumer devices.
Capitalising on this, international partners including the:
- UK
- Singapore
- Brunei
- Australia
- Germany
- Finland
- Republic of Korea
- Japan
- Hungary
have launched the new Global Cyber Security Labelling Initiative.
In simple terms, this will mean devices which share common safety
standards - like the approach set out by the UK and Singapore -
will be accepted by more and more international markets -
lowering costs for business, speeding up access to safer
products, and raising the floor on device security without
additional red tape.
Earlier this week (Monday 20 October), Australia became the
latest country to follow in the trail already blazed by the UK -
setting out a voluntary code of practice for app stores and
developers. This has been designed to closely mirror the UK's
own Code of
Practice for App
Store operators and app developers, giving industry
consistent steps to make apps secure. These include better
reporting of software vulnerabilities to developers and more
transparency for users on the security and privacy of apps. Taken
together, these moves give app stores and developers a simpler,
clearer rulebook across borders while better protecting
consumers.
Cyber Security Minister said:
Cyber threats are a shared challenge so seeing more and more
countries following the example we've set in the UK to protect
consumers will mean they're better protected and also give
certainty to developers with a single baseline to build to, fewer
retests, and clear rules on updates and reporting.
This is about safer products for people, clearer rules for
business and less duplication across borders. By moving in step
with allies and setting clear standards at home, we are backing
business, securing our economy and keeping people safer online to
build a better Britain for all.
At home meanwhile, the Good Business Charter -
an independent accreditation for responsible business - has now
added cyber risks to its core framework. By signposting to
government and NCSC guidance such as
the Cyber Governance Code of Practice and Cyber Essentials, the
Charter sends a clear signal to firms to treat cyber security as
a critical business issue. With 1,000 accredited organisations
across sectors, this change will help normalise good cyber
governance and strengthen resilience in light of recent attacks
on UK firms.
It follows a recent letter from
government ministers including the Technology Secretary,
Chancellor and Business Secretary to business leaders and
FTSE350
firms, urging them to beef up their cyber defences to face down
the growing range of threats targeting the UK's leading
organisations. The Cyber Security and Resilience Bill, which is
to be introduced to Parliament, will also strengthen protections
for essential and digital services, and help improve cyber
resilience for organisations across the UK economy.
This package highlights how UK's leadership in cyber will drive
growth and deliver on the government's Plan for Change - giving
developers more certainty and consumers more confidence in the
devices they use.
