Home
 » ISP News, Key Developments » 
Sponsored Links

Gov Enforce New UK Internet Security and Broadband Boosting Law

Monday, Apr 29th, 2024 (12:01 am) - Score 4,480
Picture-of-a-cat-trying-to-hack-into-the-internet-Copilot-Image-for-MJ-on-280424

The UK Government has this morning announced that new laws, which are designed to help protect consumers from cyber criminals, such as by requiring that network devices, like broadband ISP routers, receive greater protection (e.g. regular security updates and stronger default passwords), have finally come into force.

The related Product Security and Telecommunications Infrastructure Act (PSTI) received royal assent in late 2022, which among other things included measures to make broadband and mobile infrastructure sharing, as well as network upgrades and related dispute resolution, easier to deliver (see our summary). But those elements, which involve changes to the Electronic Communications Code (ECC), are being implemented separately via Ofcom.

NOTE: The Gov says recent figures show 99% of UK adults own at least one smart device and UK households own an average of nine connected devices.

The PSTI also included measures to implement many of the original Secure by Design proposals (i.e. ensuring connected devices are better able to resist cyberattacks), which introduces tougher security standards for device makers and the ability to hit those that fail to comply (both retailers and manufacturers) with financial penalties.

Some examples of the changes include banning easily guessable default passwords (“admin“, “123456” etc.), as well as prompting users to change the default password, not to mention improved support for security issues and a requirement for related network products to state how long they will be supported by vital security patches (firmware updates) etc.

Some of the Improved Security Protections

➤ Common or easily guessable passwords like ‘admin’ or ‘12345’ will be banned to prevent vulnerabilities and hacking.

➤ Manufacturers will have to publish contact details so bugs and issues can be reported and dealt with.

➤ Manufacturers and retailers will have to be open with consumers on the minimum time they can expect to receive important security updates.

The changes touch everything from consumer broadband routers to phones, TVs, game consoles, internet-connected fridges and smart doorbells etc. However, the government allowed the industry a couple of years to adapt to all this, but from today the manufacturers of all such devices will now be required, by law, to implement minimum security standards against cyber threats.

The hope is that these measures will help to prevent threats, like the damaging Mirai attack in 2016 which saw 300,000 smart products compromised due to weak security features – included routers from various ISPs, like TalkTalk and KCOM etc. (here and here) – and used to attack major internet platforms and services. Since then, similar attacks have occurred on UK banks including Lloyds and RBS, leading to disruption to customers.

The government claims that the new regime will help to give customers confidence in buying and using products, “which will in turn help grow businesses and the economy.

Julia Lopez, UK Data and Digital Infrastructure Minister, said:

“Today marks a new era where consumers can have greater confidence that their smart devices, such as phones and broadband routers, are shielded from cyber threats, and the integrity of personal privacy, data and finances better protected.

Our pledge to establish the UK as the global standard for online safety takes a big step forward with these regulations, moving us closer to our goal of a digitally secure future.”

The government added that consumers and cyber security experts can also help by playing an “active role in protecting themselves and society from cyber criminals” by reporting any products which don’t comply to the Office for Product Safety and Standards (OPSS). But take note that the government is also beginning the legislative process for certain automotive vehicles to be exempt from the product security regulatory regime, as they will instead be covered by alternative legislation.

The changes might also have an impact on cheaper imported products, which might not normally adhere to UK rules as closely as they perhaps should. In addition, it’s possible there may be some problems around retailers that need to sell older stock, which might not offer the same length of support to those who buy them.

The UK Product Security and Telecommunications Infrastructure (Product Security) regime
https://www.gov.uk/../the-uk-product-security-and-telecommunications-infrastructure-product-security-regime

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
Mark-Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and .
Search ISP News
Search ISP Listings
Search ISP Reviews
Comments
21 Responses
  1. Avatar photo Buggerlugz says:

    Making companies selling these devices have in the instruction manual in big letters “Only use your guest network for this device” would be more beneficial.

    1. Mark-Jackson Mark Jackson says:

      The catch being that a lot of people may not have that feature or know how to set it up.

    2. Avatar photo Andrew says:

      The issue with that is guest networks have client isolation, which breaks many things

  2. Avatar photo Me says:

    Seems utterly pointless me. Routers are attacked due to holes
    In the firmware, not always weak passwords. Leave the router plugged in and force updates from manufactures. But then they’ll probably charge more for their equipment.
    And what planet are this government on (don’t answer) expecting consumers to report to them which routers are not following their guidelines? How is Jo Bloggs going to know that! I think they need some context on that as it reads as all members of the public, not just the tech savvy ones.

    1. Avatar photo Anonymous says:

      @Me I agree that many of these software updates and security changes can seem pointless or unnecessary, especially for tech-savvy individuals who have a deeper understanding of how technology works. However, we must acknowledge that a significant portion of consumers lack this level of technical knowledge, leaving them unaware of the intricacies involved in maintaining a secure computing environment.

      The saying “Perfect is the enemy of good” is particularly relevant in this context. While these updates may not represent a perfect solution, they are incremental steps toward improving overall security. Even seemingly small changes can contribute to a more robust security posture, especially when targeting a broad consumer base with varying levels of technical expertise.

      It’s important to recognise that cyber threats are constantly evolving, and the need for continuous enhancements and updates is crucial. What may appear insignificant to some could be a critical safeguard for those less knowledgeable about potential vulnerabilities and attack vectors. By embracing these regular updates and security improvements, we can collectively raise the bar for online safety and protect those who may not fully comprehend the underlying complexities.

    2. Avatar photo Me says:

      @Anonymous, yes very well said, in my mind I was thinking yes they can change the default passwords etc. but the key thing will be those security updates which router manufactures release, or should, anyway. However I guess I’m missing the fact many ISP routers do not receive regular updates. And a lot of people plug those in and use them as default and never change them. So your reply is very relevant.

  3. Avatar photo TrueFibre says:

    a few things they should change Universal plug-in play should off by default some are on but are off they be all off. Specially ISP Routers like the Vodafone’s Wi-Fi Hub it’s on by default universal plug in play is a major security risk.

    Sorry the spelling

    1. Avatar photo tech3475 says:

      They likely leave it enabled because certain devices/services can have issues if port forwarding isn’t enabled e.g. IoT, games, etc.

      Remember, we’re talking about devices aimed at the general consumer.

  4. Avatar photo DaveZ says:

    The problem with “weak default passwords” is as much the “default” as the “weak”. Devices need to insist a user sets a strong password on first usage. Good point about the UPnP. Damn thing should have been strangled at birth.

  5. Avatar photo David says:

    May I just say?
    “LOVE THIS PHOTO!”
    Thanks

    1. Avatar photo XGS says:

      Ditto! I feel seen!

    2. Mark-Jackson Mark Jackson says:

      You can thank Microsoft Copilot’s / Dall-E 3 AI image generation for that one, it gave me plenty of good options to work with :).

  6. Avatar photo Clearmind60 says:

    Security begins at home, use pfsense or opnsense.

    1. Avatar photo XGS says:

      Indeed. Give that to your average home broadband customer: what could go wrong?

      KISS.

    2. Avatar photo tech3475 says:

      I would sooner recommend a decent consumer orientated router with decent update support and features for the typical consumer over those two.

      For example, Asus on their higher end routers seems ok, at least parents RT-AC68U has received a decades worth of support so far.

      Even then though, I expect most people to just use the ISP router as the gateway.

    3. Avatar photo Me says:

      Little bit extreme, just a little, for the millions of nine tech savvy Joe Bloggs in the UK.

  7. Avatar photo True Fibre says:

    I have to agree with tech3475 routers support and updates for longer instead 3 years it be 5 to 6 years support

  8. Avatar photo Nick Roberts says:

    Keeping the routers and modems turned-off, until you need them, would assist security (As well the electricity bill) . . the less time they are on, they less time some wrong’un can attempt to break in.

    Have any these comms devices got a standby-mode in which they don’t respond to requests from outside the home network and from which they can only be aroused to action by a validated request coming from a device on the home network ? – like WOL with desktops, in reverse i.e. turning on your desktop, laptop, tablet or phone wakes the comms device. Perhaps a request for the supply of a second factor authorisation from another device (A dedicated key-pad or another device at your home that is connected to the home network could generate a random number authorising the comms device start-up).

    My ISP supplied router had none of the above. |Additionally, it was burning so much power that it heated the room in winter and tested the function of the air con in summer. So I swapped it out for separate modem and router . . .both of which run without generating any perceivable heat (5 microprocessor cores now doing the work done by one previously)

    1. Avatar photo XGS says:

      Answering this fully would be a very lengthy process as there are a lot of things to cover.

      No device inside a home network will accept requests from outside unless an inside device opens the path first. Requests won’t reach them, they’ll be stopped by the router.

      Neither modems or routers should be reachable from outside. Modems shouldn’t be able to route outside, should only answer on the local network with no gateway, routers should never accept connections from the Internet only forward them.

      Switching the modem and router off will accelerate their failure but are unlikely to add security. We are all constantly probed.

    2. Avatar photo tech3475 says:

      This might have been practical a couple of decades ago, but these days with the increased reliance on the internet, this could potentially cause more problems than it solves. For example, streaming, communication (VOIP, Imessages, WhatsApp. Etc.), IoT, etc.

      It could also potentially stop software updates being installed, which ironically could also decrease security.

      Although there may be ways to do it such as parental controls, adjusting firewall settings, etc.

      As for the power usage, I’d expect newer SoCs to be more power efficient, although I wouldn’t rely on heat alone and instead get an actual power meter or if supported monitor the actual processor e.g. if it under clocks.

    3. Avatar photo Clearmind60 says:

      Really, was it a class A amp?

Leave a Reply

Your email address will not be published. Required fields are marked *

Comment moderation is enabled. Your comment may take some time to appear.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

NOTE: Your comment may not appear instantly (it may take several hours) due to static caching or random moderation checks by the anti-spam system.
Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £26.00
132Mbps
Gift: None
Sky Broadband UK ISP Logo
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £27.99
145Mbps
Gift: None
Zen Internet UK ISP Logo
Zen Internet £28.00 - 35.00
100Mbps
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
BeFibre UK ISP Logo
BeFibre £19.00
150Mbps
Gift: None
YouFibre UK ISP Logo
YouFibre £19.99
150Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Large Availability | View All
The Top 15 Category Tags
  1. FTTP (5599)
  2. BT (3538)
  3. Politics (2561)
  4. Openreach (2316)
  5. Business (2290)
  6. Building Digital UK (2257)
  7. FTTC (2051)
  8. Mobile Broadband (2000)
  9. Statistics (1804)
  10. 4G (1688)
  11. Virgin Media (1644)
  12. Ofcom Regulation (1477)
  13. Fibre Optic (1410)
  14. Wireless Internet (1403)
  15. FTTH (1382)
Promotion
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact
Mastodon