A new cybersecurity code of practice for manufacturers of safety and security systems has been launched by the British Security Industry Association’s (BSIA) Cybersecurity Product Assurance Group (CySPAG).
The code has been designed to build confidence throughout the supply chain, promoting the secure connection of products and services and delivering client assurance regarding connected solutions. It will assist in the duty of care to other network users, particularly with respect to protecting the integrity of existing cybersecurity countermeasures, or the implementation of such countermeasures in new solutions, says the BSIA.
The issue of IoT device vulnerability has also been addressed by the UK Government in recent weeks, as it announced plans for a new law to make sure ‘virtually all smart devices’, including smartphones, meet minimum requirements. The BSIA’s CySPAG also launched a cybersecurity code of practice for installers in 2020.
Included within the new code of practice is advice on vulnerability threat analysis, default credentials and how to keep devices cyber-secure for remote access.
Steve Lampett, Technical Manager, BSIA, said: ‘Here at the BSIA we have long considered and debated how our industry sector can provide effective cyber-secure solutions to end-users via its supply chain and we feel that to do this our supply chains must find ways to collaborate and support processes that achieve this.
‘The publication of this new code of practice now provides a complete process for supply chains when utilised together with installers adhering to the Installation of safety and security systems – cybersecurity code of practice. This should provide peace of mind for end-users in terms of the cybersecurity of their systems, not only when they are installed but throughout the entire contract period.’
Also Read: Empathy in AI
‘The release of this code of practice is the next step in acknowledging a collective stakeholder effort of installers, manufacturers, and designers in providing a cybersecurity solution.’
‘We hope to continue to drive the sector forward with this practical approach when addressing and managing cybersecurity risks. The idea is to steer safety and security practitioners into thinking outside the box on using new technology and equipping our industries with professional tools for the future.’
The recommendations of this code of practice apply in addition to other standards and codes of practice relating to systems and equipment to be installed. Any documentation or checklists mentioned in this code of practice may be combined with those required by the other standards or codes of practice, applying to safety and security systems and their components but can be applied to other devices and systems.
(With inputs from agencies)
