Cybersecurity Member News July 2019 Minister announces regulatory plans at Internet of Things conference UK Digital Minister Margot James chose the IET- PETRAS ‘Living in the IoT’ conference at Savoy Place in May as the place to announce the Government’s regulatory plans for internet connected devices. The Minister revealed that Government will be consulting on a new mandatory labelling scheme that will tell consumers how secure their products such as smart TVs, toys and appliances are. The move means that retailers would only be able to sell products with an Internet of Things (IoT) security label. The consultation also focuses on mandating the top three security requirements set out in the Government’s ‘Secure by Design’ code of practice, launched last year. The security requirements include unique passwords for IoT devices, as well as manufacturers providing a public point of contact as part of a vulnerability disclosure policy and explicitly stating a minimum length of time for which devices will receive security updates. The IET/PETRAS conference brought together government, industry and academia to discuss realising the socioeconomic benefits of an interconnected world, while also addressing safety and security issues. Professor David De Roure, from Oxford e-Research Centre, who chaired the event, said: “It’s been a great conference with some critical conversations. As well as highlighting the intersection of the social and the technical, we’ve had key insights into the past and future, and the urgency in addressing IoT privacy, safety and security. We are already discussing responses to the consumer IoT consultation, which is key to influencing future legislation in this crucial area.” If you’re interested in getting involved in the next ‘Living in the IoT’ conference, please get in touch by emailing eventsa1@theiet.org 15 Industry isn’t ready for cyber threats, according to survey An IET survey has revealed that UK engineering and technology companies still have work to do to protect themselves against cyber threats. One in five (20%) of 450 businesses surveyed said they are not prepared or don’t feel that cybersecurity challenges are relevant, while 41% are partially prepared. The IET commissioned the survey to discover to what level industry is embracing cybersecurity, given that it can protect competitive advantage, revenue growth and consumer trust in businesses. A core group of IET members assessed the survey results and contributed to the final report. Other findings –  Significant challenges exist in delivering cybersecurity through the supply chain. Just under a third (31%) of firms work with suppliers/ customers on digital issues, and only 38% of respondents include cybersecurity terms in contracts. –  Accessing cybersecurity skills remains a challenge. Only 35% of those that employ engineering staff at a professional level report that their business has all the cybersecurity skills it needs. –  Training is not being delivered to enable engineers with cybersecurity skills and competencies. A high volume of companies (66%) hasn’t supplied cybersecurity training to engineering or technical staff in the last 12 months. –  73% of respondents say that their business keeps up to date with cyber developments that affect engineering and technology. But only 28% of respondents say that they have sought external guidance on cybersecurity matters in the last three years. For further information and recommendations from the report, please visit theiet.org/cyber-survey or contact SEP@theiet.org