UK Government announces new security by design guidelines for IoT devices

The Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC) have published new measures to combat the insecurity of the Internet of Things, a recent news report has been able to suggest.

As part of these measures, embedded security measures will become a must, as opposed to a bolt-on or extra to be configured at a later date.

The Code defines 13 guidelines for manufacturers, service providers, developers and retailers to implement in order to ensure that IoT products are safe to use. They are:

• No default passwords
• Implement a vulnerability disclosure policy
• Keep software updated
• Securely store credentials and security-sensitive data
• Communicate securely
• Minimise exposed attack surfaces
• Ensure software integrity
• Ensure that personal data is protected
• Make systems resilient to outages
• Monitor system telemetry data
• Make it easy for consumers to delete personal data
• Make installation and maintenance of devices easy
• Validate input data

Minister for Digital Margot James said that these pledges are “a welcome first step,” but “it is vital other manufacturers follow their lead to ensure strong security measures are built into everyday technology from the moment it is designed.”

HeatingSave low-cost building management system – providing superior security and peace of mind

The HeatingSave building management system features multiple sensors – temperature, flow and return temperature, PIRs, LUX, air quality, etc. – all contributing to the achievement of the ultimate goal – that of helping you drive down energy costs, while keeping your building comfortable and secure.

HeatingSave collects and stores meter readings each minute so that you have the granularity to be able to see the cause and effect. The same applies to other inputs such as temperatures, air quality and occupancy.

The starting point for the normalisation of most energy consumption related to heating is degree-day analysis. Since the outside temperature can vary significantly for site to site within a local geographical area, HeatingSave calculates the degree-days for each day for each site.

However, unlike some other competitors, data generated by HeatingSave is stored on the system itself – users can access it any given time. We don’t have access to the data (unless granted by the users when carrying out system diagnostics), and the data is most certainly not shared with any third party. Furthermore, HeatingSave has top-level security protocols in place, meaning that even when you’re controlling your system remotely (for example, via the smart phone app), the security and privacy of your data are guaranteed.