The UK Government has released a draft code of practice designed to help manufacturers and end users better safeguard their Internet of Things (IoT) devices.

These practices have yet to be finalized, but this step by the government proves that if no action is taken, then Parliament will be forced to enforce legislation. The increased adoption of IoT devices poses a significant threat to both commercial and critical infrastructure and has left the government with no other option but to intervene.

The rapid pace of IoT device production and adoption has resulted in basic security safeguards being blatantly ignored. Gartner predicts that by 2020 there will be over 20 billion connected devices in the world, the vast majority of which being riddled with security vulnerabilities. Unlike our familiar computing platforms like regular operating systems, tablets, and smartphones where manufacturers are responsible to factor in security to their design, IoT devices are seldom, if ever patched, upgraded or hardened against misuse.

Both the internet-enablement of more devices, combined with the increased adoption of more function-rich application runtimes/environments, including full operating systems, has rendered these things much more vulnerable to misuse. And in a meshed-network world where everything has access to everything else, the potential for harm has increased exponentially, as the rapid and widespread of WannaCry showed.

A seminal moment where the IoT threat became real was the infamous Mirai malware attack which took down some of the most popular websites including Twitter, Spotify, and PayPal. From connected security cameras to DVRs and Smart TVs, the Mirai attacks were perpetrated by millions of cheap connected devices.

This advice is long overdue and signifies that the government is fully aware of the very evident risks IoT presents to both individual and public safety. While these best practices are still in draft form and the UK government hoped the free market would make these changes itself, inaction will force their hand, “if this does not happen, and quickly, then we will look to make these guidelines compulsory through law.”

Dealing with the potential threat posed by IoT devices first requires understanding what you have. Regularly scan for all network-connected devices and identify what they are. Anything new must be checked for how it operates, what its functions/capabilities are, and how it can be secured.

Changing default username and passwords is always a good first step in any successful hardening program, but disabling UPnP services where possible and firewalling where not, should be key. Thereafter System Integrity Monitoring is a key practice in determining if any suspicious activity has taken place that could represent an IoT based attack.

NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
NNT logo New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
email [email protected]
UK Office
NNT logo New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified IBM Security
Copyright 2020, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.