The U.K. has introduced new legislation that the government says will better protect consumers from cybersecurity threats. Cybersecurity is becoming an increasing cause for concern in recent years, with numerous cases of hacks and data breaches coming to light during the pandemic. While phishing has emerged as one of the biggest problems, ransomware attacks have also been on the rise. One of the most significant such attacks in recent times was the Colonial Pipeline hack earlier this year that resulted in a massive fuel shortage across vast parts of the United States.

As for the U.K. government, it is trying to get ahead of the game by looking to address two of the biggest concerns of the modern era — climate change and cybersecurity. While the new cyber bill seeks to keep citizens safe from malicious actors in cyberspace, a separate legislation proposed earlier this week aims to ease the transition to electric cars by mandating that all new homes and commercial buildings in the country have charging points for EVs.

Related: Proposed Law Would Require 7 Years Of Smartphone Security Updates, But Why?

Called the 'Product Security and Telecommunications Infrastructure Bill' (PSTI), the new legislation introduced in the British parliament on Wednesday addresses some of the critical concerns of cybersecurity experts as it looks to protect consumers from hackers and cyber-criminals. In a press release, the government said it believes the new bill will protect phones, smart TVs and other connected devices from malicious actors and prevent people from becoming unwitting victims of cyber-crime. Among other things, the bill proposes to ban easy-to-guess default passwords (like 'admin' or '0000') that are typically preloaded on devices like routers, for example. The bill mandates that all factory-loaded default passwords in new devices must be unique and "not resettable to any universal factory setting."

Vendors Must Declare Update Roadmaps For Smart Devices

Some smart home devices

The new legislation will also require companies to declare the minimum time that the products will receive essential security updates. This will also be a welcome step because of the sorry state of affairs with most IoT devices, which are often sold on an as-is-where-is basis without any security updates once the product rolls out of the factory. The new rules also require the companies to streamline the process for cybersecurity researchers to report flaws and vulnerabilities in smart gadgets.

The bill also proposes to instill a new regulator that will oversee compliance with the new law. The regulator will be able to impose fines, mandate recalls, or even order companies to stop selling certain products in cases of noncompliance. There will be provisions for fines up to £10m (around $13.32 million) or up to four percent of the company's global revenue if they fail to comply. The new law will also bar retailers from selling non-compliant products in the U.K. market. The rules will apply to smart products and IoT devices, such as smartphones, smart TVs, smart alarms, smart hubs, smart toys, devices with voice assistants and smart home devices like fridges and washing machines.

Next: Google Updates Titan Security Keys With New Simpler Options

Source: Gov.uk