Goodbye, "12345". The PSTI Act comes into force after two years of disputes and discussions.
From today, manufacturers of smart devices in the UK are required to follow new rules aimed at tightening security measures for phones, tablets and other smart gadgets. The Product and Telecommunications Infrastructure Security Act of 2022 (PSTI Act ) introduces minimum security standards that all devices must meet.
One of the main requirements is that devices should not be delivered with factory passwords, which can be easily picked up. Simple passwords like "12345" can no longer be used.
Professor Alan Woodward, a security expert at the University of Surrey, located in the British city of Guildford, supports this law, calling it "an excellent first step" and points out that most successful attacks involve simple security breaches, such as weak passwords.
The law also requires manufacturers to provide a contact for reporting security issues and inform about the minimum time frame for updating the device's security.
The PSTI Act applies to any consumer smart device connected to the Internet or home network, including entertainment devices, home surveillance systems, home appliances, and wearable devices.
Against the background of the introduction of new rules, the National Cyber Security Center of Great Britain (NCSC) even released a brochure with recommendations for creating passwords from three random words.
Tim Callan, Chief User Experience Officer at Sectigo, said the new law still lags behind recommended standards in Europe. He noted that UK legislation requires only three of the thirteen standards of the European Telecommunications Standards Institute (ETSI) to be met.
The Product Safety and Standards Office (OPSS) is responsible for enforcing the new regulations, which is logical given its previous role in regulating product safety in the country.
Professor Woodward also expressed concerns about whether the government would effectively enforce the new law, stressing that fines of up to £10 million or 4% of global turnover (whichever is greater) could force manufacturers to pay attention to the law's requirements.
In conclusion, Woodward emphasized the length of the road to these changes, noting that many industry experts have long advocated for such measures, but only now the law has officially entered into force.
From today, manufacturers of smart devices in the UK are required to follow new rules aimed at tightening security measures for phones, tablets and other smart gadgets. The Product and Telecommunications Infrastructure Security Act of 2022 (PSTI Act ) introduces minimum security standards that all devices must meet.
One of the main requirements is that devices should not be delivered with factory passwords, which can be easily picked up. Simple passwords like "12345" can no longer be used.
Professor Alan Woodward, a security expert at the University of Surrey, located in the British city of Guildford, supports this law, calling it "an excellent first step" and points out that most successful attacks involve simple security breaches, such as weak passwords.
The law also requires manufacturers to provide a contact for reporting security issues and inform about the minimum time frame for updating the device's security.
The PSTI Act applies to any consumer smart device connected to the Internet or home network, including entertainment devices, home surveillance systems, home appliances, and wearable devices.
Against the background of the introduction of new rules, the National Cyber Security Center of Great Britain (NCSC) even released a brochure with recommendations for creating passwords from three random words.
Tim Callan, Chief User Experience Officer at Sectigo, said the new law still lags behind recommended standards in Europe. He noted that UK legislation requires only three of the thirteen standards of the European Telecommunications Standards Institute (ETSI) to be met.
The Product Safety and Standards Office (OPSS) is responsible for enforcing the new regulations, which is logical given its previous role in regulating product safety in the country.
Professor Woodward also expressed concerns about whether the government would effectively enforce the new law, stressing that fines of up to £10 million or 4% of global turnover (whichever is greater) could force manufacturers to pay attention to the law's requirements.
In conclusion, Woodward emphasized the length of the road to these changes, noting that many industry experts have long advocated for such measures, but only now the law has officially entered into force.
