New UK PSTI Act Explained: Secure by Design, and Why ISP's should offer a Managed Wi-Fi service?

In 2022 the Government introduced the Product Security and Telecommunications Infrastructure (PSTI) Act to enhance the security of Internet-connected devices. This law has now been enforced starting this week. Read below to understand how these measures can help protect you and your home, and what GigabitIQ are doing to further enhance cybersecurity measures to protect your network & connected devices.

This new legislation is timely as the popularity of IoT (Internet of Things) and smart home devices grows exponentially, along with the risks they bring. Notable cyber-attacks, such as the Mirai botnet incident that affected thousands of TalkTalk routers, have highlighted the vulnerabilities in devices like home routers and cameras, which can threaten personal privacy, businesses, and even national infrastructure.

The PSTI Act imposes "Secure by Design" requirements on manufacturers, importers, and distributors of digital products. This includes issuing devices with unique passwords, establishing ways for the public to report security vulnerabilities, and clearly communicating the duration of support with security updates. This aims to eradicate the common practice of setting weak default passwords like "admin", "password" or "1234...", which are easy targets for hackers.

This change means that consumers can expect more security enabled devices, reducing the risk of cyber-attacks and data breaches. However, manufacturers might pass the increased costs of compliance onto consumers through higher prices, though standardisation may offset these costs over time by reducing the frequency and impact of cyber incidents.

Although these advancements are promising, the effectiveness of the PSTI Act hinges on rigorous enforcement and active participation from consumers, which might not be the ideal strategy, particularly when retailers or ISPs include routers or smart home devices as part of their services. Additionally, there's a need for greater consumer awareness and education. This is crucial so that consumers don't just depend on manufacturers but also take proactive steps to improve their home network security. Such steps include regularly changing default passwords, updating firmware, utilising two-factor authentication, and using antivirus software.

At Grayshott Gigabit, we are taking further steps to protect consumers with our ProtectIQ service via the GigabitIQ Managed Wi-Fi service. ProtectIQ provides robust, network-level security, shielding connected devices like Thermostats, EV Home Chargers, IP cameras and baby monitors—devices often overlooked by manufacturers for regular updates—from cyber threats. This service uses a comprehensive cloud database to block viruses and ransomware, safeguarding our customers’ home networks 24/7. It works in the background, and can be managed & viewed by any customer enabling ProtectIQ as a managed service on the Gigabit IQ App. Check out our YouTube video: You have a Lock for your Home! Why don't you have a Lock to protect devices on your home broadband? (youtube.com)

Part of the problem to date has also been that many ISPs in the UK provide retail level routers & Wi-Fi MESH that are unmanaged. Which? identified in a report that up to 7.5million routers across the UK provided by ISP's like TalkTalk, Virgin Media, Vodafone, Sky had major security flaws: Millions of people in the UK at risk of using insecure routers - Which? News. Despite regulatory frameworks and guidance by the National Cyber Security Centre or more recent Telecommunications Security Act through Ofcom, there are still many ISPs that provide unmanaged CPE's. Tools are available to ISPs for remote device management, and so they should be able to provision regular security updates for customer premises equipment (CPE) and routers, and overcome these "Secure by Design" flaws.

We often get asked what is Managed Wi-Fi? Simply, our aim is to elevate our customers broadband experience and offer a stress free managed service. We can support customers with Wi-Fi setup, password reset & changes, connect legacy devices, identifying threats/viruses/malware, set guest networks, support parental controls, add MESH, set priorities for work from home/gaming, and most importantly troubleshoot Wi-Fi issues in the home with our management platform whereby customers can contact our support teams. Furthermore, with our GigabitIQ app we help customers take control of their Wi-Fi experience for total control and peace of mind via our mobile application, that supports all of the features listed above. With us as providing support in the background, our customers know that if its connected then its protected with our GigabitIQ Managed Wi-Fi Service.