UPDATED! UK and EU Cyber Security Legislation for Connected Devices

UPDATED: Our exclusive walkthrough of connected device legislation, which affects all connected products on the UK and EU markets, has been updated ahead of the April 29^th deadline.

Get your copy now which:

Adds more guidance about the products (and businesses) in scope
Includes new detailed information for retailers, distributors and installers about the requirements on them
Expands the section about the Statement of Compliance and the specific conditions that need to be met
Updates key compliance dates for both UK and EU
Provides new information about how to make sure you are covered (or certified that you don’t need to be) by the April 29^th deadline.

From the requirements on all parts of the chain, to the criteria and standards you need to meet, we break down the issues in simple, straightforward language and outline the actions and solutions you need to put in place today.

Get it here

Oxford Professor warns government over smart speaker vulnerability

Oxford University Professor of Cybersecurity Sadie Creese has warned against the potential security threat from smart speakers while giving evidence to the Science, Technology and Innovation Select Committee.

She made particular reference, according to a piece in The Times to ‘senior leaders’ and the potential for threat actors to profile them and the way they live using vulnerabilities in the technology.

She told The Times: “… any devices that give away how you live — will make you more targetable. So I would advise people in those kinds of [senior leadership] positions, where they may well be targeted, against having these things in their environment. Just like I would advise against putting a camera in their living room. It just potentially gives an attacker more information about them that can be used to craft targeted attacks.”

The piece also highlights research that found 57% of connected devices were vulnerable to medium or high severity attacks.

SafeShark testing can allay these concerns by not only guaranteeing the cyber security compliance of connected devices with the new PSTI requirements, but because we test against the whole ETSI EN 303 645 specification (the harmonised international standard for cyber security of IoT devices), meaning manufacturers, retailers and their customers can have confidence in the security of their devices.

Get in touch to start your compliance journey with us today.

SafeShark selected for DSIT-funded cyber accelerator for second year running

SafeShark is delighted to have been selected for the DSIT-funded Cyber Runway scheme as part of the ‘Scale’ cohort of innovative cyber companies for 2024/25.

The largest cyber accelerator in the UK, Cyber Runway is part of the government’s £2.6bn National Cyber Strategy to protect and promote the UK online. The scheme is designed to address the biggest challenges facing cyber security by supporting the most promising innovators at various stages of growth. This includes an objective to strengthen the UK cyber security ecosystem and ensure we have a sustainable, innovative, and internationally competitive cyber and information security sector.

Having been selected as one of the ‘Grow’ cohort last year, it is a mark of SafeShark’s genuine innovation and standing in the market that it has again been selected as one of the most innovative SME’s operating in cyber security today – this year as part of the ‘Scale’ group.

SafeShark Director Alex Buchan said: “To have been selected for this fantastic scheme for a second time really is a badge of honour for SafeShark. It comes at a crucial time for us and for industry as the April 2024 compliance deadline races towards all manufacturers of connected devices.

“Being part of this scheme with other innovators in the cyber space ensures we are in the very best company with access to premium support, which in turn helps us support our customers. And it is a clear endorsement of SafeShark’s innovation, cyber credentials and credibility.”

Saj Huq, CCO and Head of Innovation at Plexal, commented: “We’re excited to welcome two cohorts to Cyber Runway’s Grow and Scale streams, helping some of the UK’s most promising young companies to develop their technologies, and in turn strengthen the UK’s digital economy and drive greater cyber resilience.”

In the UK the Product Security and Telecoms Infrastructure (PSTI) Bill is now law. All manufacturers of connected devices are legally obliged to comply with the new legislation by April 29th 2024.

SafeShark is the only PSTI and RED compliance specialist in the market. A joint venture between DTG Testing and Connect Devices and backed by BSI, we deliver UK and EU market access to consumer electronic devices through independent PSTI and RED compliance testing.

Our mission is clear: to grant swift and hassle-free access to UK and EU markets through our simple, trusted and continuous compliance testing. Download our guide to cyber security compliance here.

Unprotected connected devices enabling abuse say MPs

MPs from the Culture, Media and Sport Committee have called on the government to tackle the use of connected home devices as abuse enablers.

The committee heard evidence that the ‘vast majority” of domestic abuse cases now feature a cyber element, with unprotected smart devices – such as cameras, smart speakers or baby monitors – being used by malicious actors to capture recordings of victims and to harass them.

It also identified children as particularly in need of protection, both from abuse and from having their data and personal information exploited.

It is why the Government introduced the Product Security and Telecommunications Bill, which requires all businesses involved in the supply chains of connectable products to be compliant with a new security regime from 29th April 2024.

Failure to comply with the requirements could result in products not being able to access the UK market and/or fines impacting global turnover.

This is in addition to EU market access requirements which are coming in via the Radio Equipment Directive (RED).

SafeShark’s testing and certification service backed by the British Standards Institute (BSI) is the only complete one-stop route to compliance for both the UK and EU markets and trusted my major international brands. To find out more and start your compliance get in touch today.

Book a call back:

‘Smart’ is a major driver for those looking to move

A survey, carried out by Samsung, of 1,000 adults looking to move home in the next five years, combined with Google search trends analysis between March 2022 and March 2023, has shown that Smart is a key criteria for those looking for their next home.

A third of respondents would be much more likely to buy or rent a smart home (and pay up to 6.5% more for one) with a further third saying they would look to retrofit smart technology afterwards. A huge 86% said that ‘smart’ would be a consideration when selecting their next property.

The boom in demand and proliferation of devices and systems is, in part, what has driven the introduction of the Product Security and Telecommunications Bill by UK Government.

The legislation affects every single connectable device on the UK market and the deadline for compliance has now been confirmed as April 29th 2024.

Failure to comply with the requirements could result in products not being able to access the UK market and/or fines impacting global turnover.

This is in addition to EU market access requirements which are coming in from the 1st of August 2024 via the Radio Equipment Directive (RED).

SafeShark’s testing and certification service provides an efficient and trusted one-stop route to compliance for both the UK and EU markets.

We have worked with NCSC and UK Government since the outset of the Secure By Design initiative and throughout the legislative process, are active in standards bodies writing the requirements that underpins the legislation – ETSI EN 303 645 and trusted by major brands such as LG who have certified their TV platforms via SafeShark.

To find out more and start your compliance get in touch today.

Compliance deadline announced

Following the introduction of the Product Security and Telecommunications Bill last December, the UK Government has now set a date for when new cyber security regulations will apply to connectable products.

Businesses involved in the supply chains of connectable will need to be compliant with the new regime from the 29th April 2024. Failure to comply with the requirements could result in products not being able to access the UK market and/or fines impacting global turnover.

This is in addition to EU market access requirements which are coming in from the 1st of August 2024 via the Radio Equipment Directive (RED).

SafeShark’s testing and certification service backed by the British Standards Institute (BSI) provides a complete one-stop route to compliance for both the UK and EU markets.

SafeShark has been working with NCSC and UK Government since the outset of the Secure By Design initiative and is also active in standards bodies writing the requirements that underpins the legislation – ETSI EN 303 645.

We are trusted by major brands such as LG who have certified their TV platforms via SafeShark. To find out more and start your compliance get in touch today.

Full details on the UK requirements can be read here.

SafeShark shortlisted for Most Innovative Cyber SME 2023

We are so excited to have been shortlisted for the UK’s Most Innovative Cyber SME 2023. The award is given by Infosecurity Europe in partnership with The Department of Science, Information and Technology (DSIT) and judged by a panel of cybersecurity experts.

They have selected fourteen of the UK’s most creative and original information security businesses as finalists in the annual hunt for the UK’s Most Innovative Cyber SME… and we’re one of them.

Keep everything crossed for us until the winner is announced at Infosecurity Europe in June!

https://www.infosecurityeurope.com/en-gb/lp/register-to-attend.html

Has Adoption of ‘Connected Devices’ Outpaced Security?

“We’ve all seen the rush to deploy the new wave of connected devices but the speed at which these devices have been embraced may threaten fundamental security protocols.” Read this great article from Keysight Technologies VP Security Solutions Scott Register on EE Times as he explores the current IoT device landscape.

One of his key warnings: “There are no standards or real consistency for tracking security flaws across connected devices; the only way we can understand where the problems are is to test them ourselves.” Which is where SafeShark comes in…

Read the article in full here.

Three quarters of connected device manufacturers will be non-compliant

New research published today shows that the majority (73%) of IoT and connected device manufacturers would not be compliant with the imminent requirements of the Product Security and Telecoms Infrastructure bill. In fact, only just over one in four can rest easy knowing they will meet the initial bar. Read more here and get in touch if you want to move from non-compliant to competitive edge…

ENISA Threat Landscape 2022

The latest ENISA threat landscape publication highlights weak IoT cyber security as a major factor in an increase in denial of service attacks. Attacks are often launched from consumer devices and broadband routers - sometimes using vulnerabilities as much as 8 years old - showing how many users are slow to update products. As for the Geographical spread of attacks - the report found the following: Germany, the United Kingdom, France and Canada have been in the top places for the whole period (2021-2022).

SafeShark's Intercept test platform ensures that manufacturers have oversight of their product cyber security, can view their results in a dashboard, can download reports and can monitor that on a continuous basis - as software is updated and as threats changes.