Australian Government Releases IoT Code of Practice

2875
  • The code will be implemented after consultation with the public which will run till 1st March
  • The first three principles of IoT Code of practice are strong passwords, a vulnerability disclosure policy and regular software updates

The government of Australia has released the first version of its IoT Code of practice. It consists of 13 security principles that will represent the standards for IoT devices that are needed to be followed by device manufacturers, IoT service providers, and application developers. The code will be implemented after consultation with the public which will run till 1st March. According to the Department of Home Affairs and the Australian Signals Directorate, the department will review the final code iteratively.

The Australian government has worked with states and territories to further develop the code. IoT security initiatives will be explored through the Cyber Security Strategy 2020. The document includes recommendations for data storage, password standards and a requirement to establish a vulnerability disclosure policy.

Vulnerability disclosure policy

The vulnerability disclosure policy will include a public point of contact for reporting vulnerabilities. It also contains a principle that will make it more convenient for consumers to delete data stored on the device. The consumers can also delete the data stored in associated back end and cloud accounts and mobile applications.

Strong passwords, regular software updates

The Australian government claimed that the IoT code will help to establish best security practice without compromising functionality in IoT devices. It will also raise awareness about the growing security threat of interconnected devices.

The first three principles of IoT Code of practice are strong passwords, a vulnerability disclosure policy and regular software updates. Some other principles in the code include minimisation of exposed attack surfaces, monitoring of system telemetry data, protection of communication integrity.