Article

PETRAS work highlighted in Product Security and Telecommunications Infrastructure Bill debate

L I M

The PETRAS National Centre of Excellence for IoT Systems Cybersecurity’s work was highlighted in parliamentary debates on an amendment to strengthen cybersecurity in children’s products in the Product Security and Telecommunications Infrastructure Bill.

The Product Security and Telecommunications Infrastructure Bill creates a new regulatory scheme to make consumer-connectable products more secure against cyber-attacks and is developed in two parts. Part 1 creates a new regulatory scheme to make consumer-connectable products more secure against cyber-attacks, and Part 2 contains provisions intended to accelerate the deployment and expansion of mobile, full-fibre, and gigabit-capable networks across the UK.

In March 2022, whilst providing oral evidence at the Public Bill Committee, Professor Madeline Carr (UCL) referenced the huge challenges in aligning laws globally in this area and acknowledged how PETRAS has helped the UK lead the way on topics relating to IoT cybersecurity. When asked what specific security measures she would like to see in the Bill, Prof. Carr responded by saying a broader scope of devices should be included, especially when considering products used by and for children.

Based on this oral evidence, Prof. Carr was invited by Lord Fox and Lord Clement-Jones to design an amendment to strengthen security requirements for children’s products – including products intended for children’s use, products marketed to children, and products used by parents on their children.

In June 2022, during a reading of the Bill in the House of Lords (volume 823:debated on 21 June 2022), the PETRAS UK Code of Practice for Consumer IoT Security: where we are and what next, was directly referenced by Lord Fox (Liberal Democrat) when presenting an amendment relating to child security. He said:

“…here I am indebted to a report on cybersecurity, the UK Code of Practice for Consumer IoT Security produced by the PETRAS National Centre of Excellence for IoT Systems Cybersecurity. Noble Lords may be aware of this group; it has a very strong record in this area. It is a consortium of leading UK universities dedicated to understanding the critical issues of the privacy, ethics, trust, reliability, acceptability and security of IoT. I commend this organisation to the small number of noble Lords in this Chamber interested in this area.”

Continuing on, Lord Fox directly quoted the PETRAS UK Code of Practice for Consumer IoT Security: where we are and what next report:

“there are no indications that this will be addressed through market forces. Instead, the certainty of legislation to maintain standards would level the playing field and make clear for SMEs where they need to invest to make their toys market ready.”

The UK Code of Practice for Consumer IoT Security: where we are and what next was co-authored by Saheli Datta Burton (UCL), Leonie Maria Tanczer (UCL), Srinidhi Vasudevan (UCL), Stephen Hailes (UCL), and Madeline Carr (UCL) and is downloadable here.

The report includes insights into how widely the UK Government’s UK Code of Practice has spread since its publication in March 2018. A report informed by PETRAS’s Summary literature review of industry recommendations and international developments on IoT security, as part of the Government’s Secure by Design policy, aims to ‘ensure consumer “smart” devices are more secure, with security built in from the start.’

The related amendment on child safety did not progress, with the Government responding that “the Bill, and forthcoming secondary legislation, will cover products specifically designed to be used by or around children”, and that there is a “broader strategy to offer more comprehensive protection to children—including through the Online Safety Bill”.

PETRAS is grateful to all parties, in particular Professor Madeline Carr (UCL) and colleagues from UCL STEaPP’s Policy Impact Unit, Dr Jenny Bird and Florence Greatrix, for raising the profile of these key issues around child safety.

If you have any questions relating to this post or the research referenced here, please get in contact with PETRAS at petras@ucl.ac.uk.