Australia issues IoT security code of practice

  • September 16, 2020
  • Steve Rogerson

The Australian government has released a voluntary code of practice to improve the security of the IoT in the country.

The code includes everyday devices such as smart fridges, smart televisions, baby monitors and security cameras.

“The Covid-19 pandemic has highlighted how much we live and work online, with more Australians and Australian businesses connecting than ever before,” said a government statement. “This increased connectivity exposes more people, businesses and livelihoods to greater cyber security risks, particularly through internet-connected devices plugged into home networks.”

The code says that poor security features of these devices can expose consumers’ personal information and data to cyber criminals. The code outlines the security features the Australian government expects of internet-connected devices available in Australia.

Following nationwide consultation earlier this year, the government has worked closely with industry partners to develop the voluntary code, which is accompanied by information for Australian consumers to help them consider security features when purchasing internet-connected devices.

The code includes 13 principles: no duplicated, default or weak passwords; implement a vulnerability disclosure policy; keep software securely updated; securely store credentials; ensure that personal data are protected; reduce exposed attack surfaces; ensure communication security; ensure software integrity; make systems resilient to outages; monitor system telemetry data; make it easy for consumers to delete personal data; make installation and maintenance of devices easy; and validate input data.

The government recommends industry prioritises the top three principles because action on default passwords, vulnerability disclosure and security updates will bring the largest security benefits in the short term.

“Ensuring the security and integrity of IoT devices will enhance the way we live and work,” says the code. “By improving the overall cyber security of these devices, we also deter the risks they pose to Australian families, our economy and national security.”