The Australian government has released a guide named the Code of Practice: Securing the Internet of Things for Consumers to steer the industry into building IoT devices with more robust cybersecurity features.
Government and companies are fighting to make the IoT space more secure, but obstacles include fragmentation of the market, the lack of regulations and many others. And, as if the cybersecurity problem is not enough, many of these smart devices can’t talk to each other as they often need dedicated solutions.
The new guide lays out 13 principles elaborated by the Department of Home Affairs, in partnership with the Australian Signals Directorate’s Australian Cyber Security Centre. It’s also the result of consultation with the industry and the Australian public.
The instructions in the guide are tenets that the cybersecurity industry has espoused for years. Most security incidents can be traced to situations in which companies ignored these unwritten principles.
The guide mentions principles such no duplicated default or weak passwords, an industry-wide vulnerability disclosure policy, keeping software security updated, securing stored credentials and protecting personal data.
The other principles on the list include more focused ideas, like minimizing the exposed attack surface, secure communications, ensure software integrity, making systems resilient to outages, monitoring system telemetry data and validating input data.
The remaining two principles are directed towards user experience. Developers and hardware makers must try to make installation and device maintenance a simple process and to make it easy for consumers to delete stored personal data.
The government designed this Code of Practice to work as a voluntary set of principles, but there’s no telling if such principles won’t become compulsory if the IoT industry doesn’t follow it, especially for products released in Australia.