The government has promised up to £70 million in investment through its Industrial Strategy Challenge Fund to support research into the infusion of security and protection solutions into hardware and chip designs at the development stage, thereby signalling its intent to promote 'security by design' for all IoT devices used by businesses and individuals.
At the same time, the government has also promised to invest a further £30 million to ensure the safety and security of Internet-connected smart devices, 420 million of which would be deployed across the UK within the next three years.
Investment to boost the security of IoT devices
According to Business Secretary Greg Clark, the fresh round of investments to ensure the cyber security of IoT devices will make the UK a world leader in the race to eradicate some of the most damaging cyber security threats facing businesses and better protect consumers.
"This could be a real step-change in computer and online security, better protecting businesses, services and consumers from cyber-attacks resulting in benefits for consumers and the economy.
"With businesses having to invest more and more in tackling ever more complex cyber attacks, ‘designing in’ security measures into the hardware’s fabric will not only protect our businesses and consumers but ultimately cut the growing cybersecurity costs to businesses.
"This is our modern Industrial Strategy in action. Building on the UK’s heritage and strengths in computing and cyber security alongside the government and industry investing together to ensure the UK capitalises on its position to become a leader in the growing markets and technologies of tomorrow," he said.
To be disbursed by UK Research and Innovation, the £70 million investment into research on 'cyber security by design' is a result of the government's intent to boost its overall investment in research and development to 2.4% of GDP by 2027. The decision to invest this sum was taken after the Department for Digital, Culture, Media and Sport published the Code of Practice for Consumer IoT Security in October 2018 which contained guidelines to manufacturers to ensure their IoT products were secure by design.
The additional £30 million investment will also be used as part of the government's Ensuring the Security of Digital Technology at the Periphery programme and will be used to ensure the safety and security of IoT devices and in finding solutions to combine cyber and physical safety and security with human behaviour, influence new regulatory response and validate and demonstrate novel approaches.
"We want the UK to be a safer place to live and work online. We’re moving the burden away from consumers to manufacturers, so strong cyber security is built into the design of products. This funding will help us work with industry to do just that, improving the strength and resilience of hardware to better protect consumers from cyber-attacks," said Digital Minister Margot James.
Strong investment in technology & education the need of the hour
Commenting on the announcement of the new investments, Joseph Carson, Chief security scientist at Thycotic, said that even though the Business Secretary's announcement and vision are far from reality when it comes to a strategy on reducing the risks from cyber attacks, the decision to invest in cyber security research is a welcome move.
"The announcement that the UK will become a leader in cybersecurity resulting from a small investment in research is highly unlikely as hardware and research alone is not going to solve cybersecurity threats," he said.
"The solution to reducing cybersecurity threats is a balance between both technology and people. If we are really going to reduce the threats then it needs to start with an investment in education along with a strong investment in technology that is simple, easy to use and does not require highly skilled workforce to use it.
"The threats have moved away from traditional methods of attacking organisations and people are the target, Identity and Access Management is the new frontier to protecting both people and sensitive access.
"If the UK is to become a leader as Mr. Clark announces, then the UK will have to invest in a strong digital identity where both consumers and organisations can both benefit from government investment similar to that which Estonia launched back in 2002. The UK will face short term challenges when attracting global talent especially with Brexit looming so the UK will need to invest heavily in educating the local workforce," he added.
Security by design: greater need for governance?
How to mitigate security risk as IoT networks grow
Majority of companies cannot detect IoT device breaches, survey reveals
Brits demanding urgent government intervention to improve IoT device security