This Week in Cyber: Nov 22nd – 26th 2021

At the end of last week, it was reported that around six million Sky routers had a significant software bug that could have allowed hackers to take over home networks. The problem has been fixed – but researchers say it took Sky 18 months to address. The vulnerability could have affected anyone who had not changed the router’s default admin password

Article type: Blog
author Lara

Commenting on this, and appearing in IT PRO, John Goodacre, director Digital Security by Design and Professor of Computer Architectures at Manchester University, said

“The home router is the gateway between consumers and their digital life. The UK Government’s Department for Digital, Culture, Media and Sport (DCMS) are working to ensure these “smart” devices are more secure, with security built in from the start through their “Secure by Design” policy. This policy is currently focused on regulating IoT products to deliver a more secure solution by default. The Government also has an initiative, being delivered by UKRI, known as Digital Security by Design (DSbD) in which the exploitation of software bugs and vulnerabilities can also be blocked, by design.  Together, an increased consumer awareness of cybersecurity best practices, manufacturers delivering products to be secured by default with the underlaying component being secured by design, the tide will turn against the ever-increasing impacts of cybercrime across the digital world.”

John Goodacre, director Digital Security by Design and Professor of Computer Architectures at Manchester University

A piece of legislative news that caught our eye this week was that The Department of Digital, Culture, Media & Sport (DCMS) introduced a new cyber law to protect people’s personal tech from hackers to parliament. The Product Security and Telecommunications Infrastructure (PSTI) Bill will allow the government to ban universal default passwords, force firms to be transparent to customers about what they are doing to fix security flaws in connectable products and create a better public reporting system for vulnerabilities found in those products. The Bill will also speed up the roll out of faster and more reliable broadband and mobile networks by making it easier for operators to upgrade and share infrastructure.

Discussing the newly imposed bill, and covered by Professional Security MagazineIT PRO and the entire ISMG Network, John said

Technology is relied upon by nearly everyone in today’s society in all aspects of our day to day lives. It reaches our children’s toys, our in-home entertainment systems, speakers and of course our smartphones. This policy provides a basis for the security requirements of those goods to be considered by manufacturers and distributors of goods. However, the policy accepts that vulnerabilities can still exist in even the best protected consumer technologies with security researchers regularly identifying security flaws in products. In today’s world, we can only continue to patch these vulnerabilities once they are found, putting a plaster over the wound once damage may have already been done. Further initiatives are needed for technology to block such wounds from happening at the foundational level. One such initiative, funded by the UK Government through UK Research and Innovation is the Digital Security by Design Programme. Working with Industry and Academia, the programme aims to limit the impact of these vulnerabilities by taking the next step to cyber security by strengthening the hardware foundation on which software runs.”

John Goodacre, director Digital Security by Design and Professor of Computer Architectures at Manchester University

You can find out more about the Industrial Strategy Challenge Fund here

Sign up to the newsletter

Sign up to the Digital Security by Design newsletter to stay up to date with our events, news, insights and opportunities. Be the first to know about our work and ways to get involved.

UKRI DSbD Councils
Website delivered by Digital Catapult as part of the Technology Access Programme, funded by UKRI through the Digital Security by Design Programme