DTG launches 'secure by design' scheme | Security | News | Rapid TV News
By continuing to use this site you consent to the use of cookies on your device as described in our privacy policy unless you have disabled them. You can change your cookie settings at any time but parts of our site will not function correctly without them. [Close]
Aiming to strengthen cyber security in TV products, Digital TV Group (DTG), the centre for digital TV deployment and enhancement in the UK, has announced plans to launch a cyber security conformance scheme.

DTG 14Sep2019 Cyber Security 2Building on the UK Government’s Secure by Design (SBD) programme, the aim of the scheme is to provide consumers and retailers with the confidence that their connected devices are protected against cyber-attacks.

The first three guidelines in the new Code of Practice, which will be the initial/primary focus of the scheme are: no default passwords; implement a vulnerability disclosure policy; and keep software updated.

This will aim to see All IoT device passwords be unique and not resettable to any universal factory default value. In addition it will strive to see all companies that provide internet-connected devices and services shall provide a public point of contact as part of a vulnerability disclosure policy in order that security researchers and others are able to report issues. Disclosed vulnerabilities should be acted on in a timely manner.

In addition the DTG believes that software components in internet-connected devices should be securely updateable. It says that as part of its plan, updates would be timely and would not impact on the functioning of the device. An end-of-life policy should be published for end-point devices which explicitly states the minimum length of time for which a device will receive software updates and the reasons for the duration of the support period. The need for each update should be made clear to consumers, and an update should be easy to implement. For constrained devices that cannot physically be updated, the product should be isolatable and replaceable.

Manufacturers will be able to display the SBD conformance mark on a product if it meets the minimum requirements and receives certification that it is adequately secure. The SBD conformance specifications will be developed based on the Government’s Code of Practice for Consumer IoT Security, published in October 2018, and corresponding ETSI standard TS 103 645.

“The DTG will lead the way by helping our industry to navigate the increasingly complicated policy and regulatory environment and, in doing so, help protect both consumers and industry as IoT increasingly permeates our daily lives,” said DTG CEO Richard Lindsay-Davies. “The UK SBD scheme will be developed with industry, with the support of Connect Devices Ltd and other partners, ultimately increasing consumer confidence in device security. We look forward to engaging with industry as we build on the DTG’s work from over the past two decades, helping manufacturers provide consumer-trusted products as we continue to grow with the industry as technology evolves.”

The DTG’s next steps are to work with its members to develop the scheme and launch it for consumer electronics related to the TV industry initially. A full list of included product types will be confirmed in the near future.