UK National Cyber Security Centre’s Lindy Cameron calls for clear, workable international standards to improve the cybersecurity of the internet of things (IoT), connected devices, and smart cities. Credit: Your Photo / Getty Images A secure by design approach is vital to protecting the internet of things (IoT) and smart cities, according to Lindy Cameron, CEO of the UK National Cyber Security Centre (NCSC). Cameron spoke during Singapore International Cyber Week, calling for swift ongoing action to ensure connected devices are designed, built, deployed, and managed securely to prevent malicious actors, improve national resilience, and reap the benefits of emerging technologies.Growth of IoT giving rise to increased security threatsThe scale of consumer-, enterprise-, and city-level IoT has exploded in the last decade, Cameron said, and the magnitude of changes coupled with growing dependency on connected technology has introduced significant security risks. “That is why now is the time to make sure we’re designing and building them properly,” she added. “We all know that connected places are an evolving ecosystem, comprising a range of systems that exchange, process and store sensitive data, as well as controlling critical operational technology. Unfortunately, this makes these systems an attractive target for a range of threat actors. The threat posed by nation states is particularly acute.”Some countries will seek to obtain sensitive commercial and personal data from other nations, including from the UK, while countries may also seek to influence a supplier or cause disruption to overseas services, Cameron said. “Suppliers that are part of corporate groups based in these countries may be subject to influence from the host government to access and exfiltrate data from connected places, in support of that government’s security and intelligence services.” Such suppliers may also be used as vectors for attempts to take down essential services overseas, causing possible destructive impact and endangering local citizens if systems were switched off, she said. Standards, legislation are key to securing IoT, smart citiesWorkable international standards hold the key to shepherding connected technology towards a more secure future, Cameron said, citing the UK Product Security and Telecommunications Infrastructure Bill – currently working its way through the UK Parliament – which seeks to enshrine secure by design principles in law. The bill places new cybersecurity standards on manufacturers, importers, and distributors of internet-connectable devices, along with ensuring the security of connected devices on the market. The guidelines, combined with the availability of new international IoT standards, make legislation much simpler to put in place and for industry to follow, Cameron said. “However, if they are going to have effect then we need the commitment of governments and manufacturers around the world to enforce these standards. That’s why we’ve not just focused on the UK – we’ve worked with others to take a similar approach that shapes the market for this tech.” Collaboration, cooperation, and the ability to learn from each other, while reflecting our own cultures and values in our use of technology, will all help to keep everyone safer and more secure, she said. “There’s no point in hoping this problem will go away. Without swift, decisive, and ongoing action, it will only get harder – and more expensive – to break nations of their dependence on insecure connected devices. We make faster progress and produce longer lasting results together.” Related content news Iranian hackers harvest credentials through advanced social engineering campaigns Mandiant observed several malicious campaigns with threat actors impersonating journalists and harvesting the victim’s cloud environment credentials. By Shweta Sharma May 02, 2024 4 mins Hacker Groups Social Engineering news Dropbox Sign hack exposed user data, raises security concerns for e-sign industry The names and email addresses of those customers were also exposed who had never created an account with Dropbox Sign but had “received or signed a document through Dropbox Sign.” By Gyana Swain May 02, 2024 5 mins Data Breach news UnitedHealth hack may impact a third of US citizens: CEO testimony Despite paying a $22 million ransom in Bitcoin to regain access to encrypted files, the company cannot confirm whether copies of the data were made or published online. By Prasanth Aby Thomas May 02, 2024 4 mins Data Breach Ransomware Hacking news Most interesting products to see at RSAC 2024 Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out. By CSO Staff May 02, 2024 6 mins RSA Conference Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe