Skip to content

  • Home
  • COVID-19 Guide
  • Podcast library
  • Client results
  • Expertise
  • News & Insights
  • People
  • Our DNA
  • Inclusion and Diversity
  • Join us
  • Contact Us
Home / NEWS & INSIGHTS / Insight / Commonwealth Government releases IoT Security Code of Practice
Insight 17 November 2020

Commonwealth Government releases IoT Security Code of Practice

After a period of significant public consultation, including consideration of submissions from over 4,000 organisations, on 3 September 2020, the Commonwealth Government of Australia released its Code of Practice: Securing the Internet of Things for Consumers (Code).

The Code sets out a voluntary set of 13 principles that vendors of Internet of Things (IoT) devices (as well as service providers in related fields (such as connectivity providers) can comply with, and is intended to act as a public reference point, so that vendors specifically reference their compliance with particular principles. For instance, it is anticipated that vendors will promote their devices as saying, for example,
“Our organisation has complied with principles X, Y, and Z of the Code of Pr-actice: Securing the Internet of Things for Consumers”.

Many of the principles will be familiar to those working in the cyber security fields, although some cross over into broader privacy and consumer protection related fields. Their purpose is to create a market where mass market IoT devices are fundamentally designed with usability and security in mind. This is of course of fundamental importance when you consider the anticipated explosion in IoT device sales over the coming years. With the market increasingly populated with connected versions of previously ‘dumb’ devices like vacuums, fridges and even security systems, there is an ever-increasing attack surface, and so this initiative is a welcome step in the right direction to enable consumers to make wise choices.

The principles are:

  • No duplicated default or weak passwords;
  • Implement a vulnerability disclosure policy;
  • Keep software securely updated;
  • Securely store credentials;
  • Ensure that personal data is protected;
  • Minimise exposed attack surfaces;
  • Ensure communication security;
  • Ensure software integrity;
  • Make systems resilient to outages;
  • Monitor system telemetry data;
  • Make it easy for consumers to delete personal data;
  • Make installation and maintenance of devices easy; and
  • Validate input data.

As an adjunct to the Code, the Australian Cyber Security Centre has also developed and published a guide to help consumers understand how to buy, use and dispose of Internet of Things devices securely. With this combination of consumer awareness and education, and market-led security improvements, we can expect that IoT will continue to develop as an attractive consumer proposition while not creating widespread and unmanageable cyber vulnerabilities.

This publication covers legal and technical issues in a general way. It is not designed to express opinions on specific cases. It is intended for information purposes only and should not be regarded as legal advice. Further advice should be obtained before taking action on any issue dealt with in this publication.

About the authors

  • Alex Hutchens

    Partner

In other news

New domain name Licensing Rules to come into effect in Australia from 12 April 2021

5 March 2021Insight

Tax administration lessons learnt from COVID-19 (and promptly forgotten)

24 February 2021Insight

Queensland’s new project trust regime to commence on 1 March 2021

15 February 2021BIF Act Amendment Series, Insight

McCullough Robertson strengthens its National Construction and Infrastructure team with key Partner hire in Brisbane

27 January 2021News

VIEW ALL NEWS & INSIGHTS

BRISBANE

Level 11, 66 Eagle Street
Brisbane QLD 4000
GPO Box 1855
Brisbane QLD 4001
Tel +61 7 3233 8888
Fax +61 7 3229 9949

 

GET IN TOUCH

    Contact form

    We handle your personal information in accordance with our privacy policy.

    sydney

    Level 32, MLC Centre
    19 Martin Place
    Sydney NSW 2000
    GPO Box 462
    Sydney NSW 2001

    Tel +61 2 8241 5600
    Fax +61 2 8241 5699

     

    GET IN TOUCH

      Contact form


      We handle your personal information in accordance with our privacy policy.

      melbourne

      Level 27, 101 Collins Street
      Melbourne VIC 3000
      GPO Box 2924
      Melbourne VIC 3001

      Tel +61 3 9067 3100
      Fax +61 3 9067 3199

       

      GET IN TOUCH

        Contact form

        We handle your personal information in accordance with our privacy policy.

        follow us

        CLIENT LOGIN

        newcastle

        Level 2, 16 Telford Street
        Newcastle NSW 2300
        PO Box 394
        Newcastle NSW 2300

        Tel +61 2 4914 6900
        Fax +61 2 4914 6999

         

        GET IN TOUCH

          Contact form


          We handle your personal information in accordance with our privacy policy.

          canberra

          Level 9, 2 Phillip Law Street
          Canberra ACT 2601

          Tel +61 2 6243 3699
          Fax +61 2 8241 5699

           

          GET IN TOUCH

            Contact form


            We handle your personal information in accordance with our privacy policy.

            © 2017 McCullough Robertson. Site map Disclaimer Privacy Policy Statement of Business Ethics Credit Reporting Policy

            X