MPs have recommended that the UK introduce a new kitemark system to warn people of cybersecurity risks.
The suggestion has been made by the Public Accounts Committee, which has expressed concerns over a lack of awareness of the risks associated with certain devices and websites.
The committee has described the UK as “vulnerable to attack from hostile countries, criminal gangs and individuals” and believes that a kitemark system may help mitigate this.
What is a kitemark?
The kitemark is a UK certification symbol awarded by the British Standards Institution to products that demonstrate high standards in safety after meeting certain requirements.
It is most often used for products where safety is paramount, such as fire extinguishers, plugs and sockets or safety helmets.
In the context of cybersecurity, MPs have said that a similar system could be introduced to indicate how securely a company, device or website stores user data. If a certification system was in place, consumers would be able to make more informed decisions with regards to cybersecurity.
According to computing.co.uk, the committee has said that there is “currently no ‘traffic light’ or kitemark system to inform consumer choice on how cyber secure the products they buy are, unlike recognised standards in other areas such as food safety” and that the government needs to outline “how they plan to measure success in protecting consumers”.
Cybersecurity kitemark: “Regulations continue to lag far behind other industries”
Although a step in the right direction, Wai Man Yau, VP and GM international at Sonatype believes that the proposal is an attempt to play catch-up:
“While the recommendation to introduce a kitemark system got connected devices is a positive move by UK MPs, cybersecurity regulations continue to lag far behind other industries. This proposal is more an attempt to play catch up than anything revolutionary.
“In the UK one in eight software components contain a known vulnerability, meaning cybersecurity flaws are being designed into our connected devices right from the beginning. No other manufacturing industry is permitted to sell products with known defective parts, so it’s surprising that software security has been so poorly regulated to date.
“Kitemarks will be helpful to raise both consumer awareness and industry standards, but to be truly impactful, legislation needs to tackle the root cause of cybersecurity issues: flawed software.”