The Australian Government has aced the cyber security game since it has released the most recent voluntary IoT cybersecurity code of practice, which is based on 13 core principles and is applicable to all IoT devices across the country. This code was released back in 2020.

In Australia, the Government has released a voluntary code of practice for safeguarding IoT devices.

This voluntary Internet of Things Consumer Security Code of Practice is designed to bestow the industry with best-practice guidance on how to build these devices with improved cybersecurity capabilities.

It will apply to any IoT devices in Australia that connects to the internet to transfer data, including commonplace gadgets like smart televisions, smart refrigerators, baby monitors, and security cameras.

All manufacturers of such gadgets should build security into their products from the start. The Government also recommended individuals examine these security aspects when acquiring these devices in order to protect themselves from cybercriminals’ uninvited access.

The following principles underpin this voluntary code of conduct:

• There are no passwords that are repeated, weak, or default. 
• Implement a vulnerability disclosure policy that applies to all IoT service providers, manufacturers of IoT devices, and mobile app developers.
• Keep all software, including firmware on IoT devices, up to date, including third-party and open-source software.
• Credentials should be stored safely on devices and on services.
• It is assuring that personal information is secured under data protection legislation such as the Privacy Act 1988 and the Australian Privacy Principles.
• Using the ‘principle of least privilege’ reduces the number of attack surfaces that are exposed.
• Ensure communication security by using remote management and encryption to preserve data confidentiality and integrity.
• Secure boot technologies are used to verify software integrity on IoT devices.
• Make systems resilient to outages by considering the probability of power and data network failures.
• Check for security irregularities in system telemetry data obtained from IoT devices and services.
• Make it simple for customers to remove personal information through a transfer of ownership or whenever they want to delete or dispose of the device.
• Installation and maintenance of IoT devices should be simple, requiring only a few steps and adhering to the Australian Government’s best practices.
• Validate data that comes in through user interfaces, APIs, and network interfaces.

Manufacturers must ensure that personal data is protected in accordance with data protection legislation such as the Australian Privacy Principles and the Privacy Act 1988, according to the code.

The ACSC (Australian Signals Directorate’s Australian Cyber Security Centre) has released an integrated guide to help manufacturers apply the IoT code of practice alongside the code of practice.

It has also released an IoT handbook for small and medium-sized organizations and consumers on how to protect oneself from cyber dangers when buying, using, and disposing of IoT devices.

Minister for Defence Linda Reynolds ensured that improving the security and integrity of internet-connected devices is vital to reap the benefits and conveniences without falling prey to cybercriminals.

Following the release of a draught version by the Australian Government and a nationwide consultation with industry across sectors, including cybersecurity, Government, critical infrastructure providers, non-profit advocacy groups, and domestic and international consumers, the code of practice was published.

The Australian Government has also joined the Five Eyes nations in London to sign a declaration of intent on IoT security. According to the Government, this voluntary code of practice complements and expands on the UK’s detailed guidelines while keeping compliant with other applicable international standards.

For more blogs checkout: Blogs