UK “setting global benchmark” on cyber security standards

As part of this agreement, those devices which meet Singapore cyber security standards will now be protected under the UK’s own Product Security and Telecommunications Infrastructure (PSTI) Act 2022 regime. This was the first piece of legislation anywhere in the world to introduce minimum cyber security requirements for consumer devices such as smart phones, games consoles and smart doorbells.

This includes everything from the banning of commonly used default passwords (eg ‘admin’ or ‘12345’) through to greater transparency focused on how long devices will continue to receive vital software updates. The idea is to create a shared baseline to protect consumers.

More and more countries are now adopting the standards underpinning the UK’s PSTI regime (ie EN 303 645) to inform their own approaches towards securing consumer devices. Capitalising on this, international partners including the UK, Singapore, Brunei, Australia, Germany, Finland, the Republic of Korea, Japan and Hungary have launched the new Global Cyber Security Labelling Initiative. As such, devices sharing common safety standards (much like the approach set out by the UK and Singapore) will be accepted by more and more international markets, lowering costs for business, speeding up access to safer products and raising the bar on device security without additional red tape.

Australia is the latest country to follow in the trail already blazed by the UK, duly setting out a voluntary Code of Practice for app stores and developers. This has been designed to closely mirror the UK’s own Code of Practice for App Store operators and app developers, thereby affording industry consistent steps to make apps secure. These include better reporting of software vulnerabilities to developers and more transparency for users on the security and privacy of apps. Taken together, these moves give app stores and developers a simpler and clearer rulebook across borders while better protecting consumers.

Shared challenge 

Cyber Security Minister Liz Lloyd said: “Cyber threats are a shared challenge. Seeing more and more countries following the example we’ve set in the UK to protect consumers will mean they’re better protected and also give certainty to developers with a single baseline to build towards, fewer retests and clear rules on updates and reporting.”

Lloyd continued: “This is about safer products for people, clearer rules for business and less duplication across borders. By moving in step with allies and setting clear standards at home, we are backing business, securing our economy and keeping people safer online.”

In a further development, the Good Business Charter (an independent accreditation for responsible business) has now added cyber risks to its core framework. By signposting to Government and National Cyber Security Centre guidance such as the Cyber Governance Code of Practice and Cyber Essentials, the Good Business Charter sends a clear signal to firms to treat cyber security as a critical business issue. With 1,000 accredited organisations across sectors, this change will help normalise good cyber governance and strengthen resilience in light of recent attacks on UK firms.

The news follows on from a recent letter sent by Government ministers including the Technology Secretary, the Chancellor and the Business Secretary to business leaders and FTSE 350 firms, urging the latter to embolden their cyber defences in facing down the growing range of threats targeting the UK’s leading organisations.

Strengthening protections

The Cyber Security and Resilience Bill, which is to be introduced to Parliament, will also strengthen protections for essential and digital services and help to improve cyber resilience for organisations across the UK’s economy.

This package highlights how UK’s leadership in cyber will drive growth and deliver on the Government’s Plan for Change, giving developers more certainty and consumers more confidence in the devices they use.