Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what assessment she has made of the adequacy of the definition and application of trusted supplier in relation to cellular Internet of Things (IoT) modules.

Connected device security requires a layered approach that includes software, hardware and the processes that protect these devices against attack. Manufacturers of smart tech should use the device security principles, produced by the National Cyber Security Centre and the Department for Science, Innovation and Technology to identify which security mitigations should be included in their devices to protect against common cyber security threats and risks.

There is no single, formally defined, universally binding term called “trusted supplier”. The National Cyber Security Centre (NCSC) uses assurance schemes rather than the term “trusted supplier”. Suppliers are assessed against defined standards and buyers can rely on this assurance as a proxy for trust. Cellular internet of things modules are treated no different from any other technology device in this regard. If the supplier of a cellular internet of things device meets the defined standards and other requirements of the relevant assurance scheme then it will be assured as appropriate.