The Australian Government released a voluntary IoT cybersecurity code of practice a couple of years back, which is based on 13 core principles and is applicable to all IoT devices in the country.
In Australia, the Government has released a voluntary code of practice for safeguarding IoT devices.
The voluntary Internet of Things Consumer Security Code of Practice is designed to give the industry best-practice guidance on how to build these devices with improved cybersecurity capabilities.
It will apply to any IoT devices in Australia that connect to the internet to transfer data, including commonplace gadgets like smart televisions, smart refrigerators, baby monitors, and security cameras.
All manufacturers of such gadgets should build security into their products from the start. The Government also recommended individuals examine these security aspects when acquiring these devices in order to protect themselves from cybercriminals’ uninvited access.
The following 13 principles underpin this voluntary code of conduct:
- There are no passwords that are repeated, weak, or default. IoT gadget
- Implement a vulnerability disclosure policy that applies to all IoT service providers, manufacturers of IoT devices, and mobile app developers.
- Keep all software, including firmware on IoT devices, up to date, including third-party and open-source software.
- Credentials should be stored safely on devices and on services.
- Assuring that personal information is secured under data protection legislation such as the Privacy Act 1988 and the Australian Privacy Principles.
- Using the ‘principle of least privilege,’ reduce the number of attack surfaces that are exposed.
- Ensure communication security by using remote management and encryption to preserve data confidentiality and integrity.
- Secure boot technologies are used to verify software integrity on IoT devices.
- Make systems resilient to outages by considering the probability of power and data network failures.
- Check for security irregularities in system telemetry data obtained from IoT devices and services.
- Make it simple for customers to remove personal information through a transfer of ownership or whenever they want to delete or dispose of the device.
- Installation and maintenance of IoT devices should be simple, requiring only a few steps and adhering to the Australian Government’s best practices.
- Validate data that comes in through user interfaces, APIs, and network interfaces.
Manufacturers must ensure that personal data is protected in accordance with data protection legislation such as the Australian Privacy Principles and the Privacy Act 1988, according to the code.
The ACSC (Australian Signals Directorate’s Australian Cyber Security Centre) has released an integrated guide to help manufacturers apply the IoT code of practice alongside the code of practice.
It’s also released an IoT handbook for small and medium-sized organizations and consumers on how to protect oneself from cyber dangers when buying, using, and disposing of IoT devices.
Minister for Defence Linda Reynolds said that “improving the security and integrity of internet-connected devices is vital to ensuring that the benefits and conveniences they provide may be enjoyed without falling prey to cybercriminals.”
Following the release of a draught version by the Australian Government and a nationwide consultation with industry across sectors, including cybersecurity, Government, critical infrastructure providers, non-profit advocacy groups, and domestic and international consumers, the code of practice was published.
The Australian Government’s 2020 CyberSecurity Strategy includes this code of practice as a key deliverable. Australia joined the Five Eyes nations in London to sign a declaration of intent on IoT security. According to the Government, this voluntary code of practice complements and expands on the UK’s detailed guidelines while keeping compliant with other applicable international standards.
For More Blogs Checkout: Blogs
No Comments