As we’ve covered before, the world of IoT has a severe security issue. The problem is, companies and consumers believe that if they don’t adopt IoT right now, they’ll be left behind by those who do. The end result is people who feel “forced” to buy into systems they know are unsafe to use.
Fortunately, things are being done to make it a necessity for IoT to be secure. For example, Australia is currently drafting an IoT code of conduct to better regulate the devices coming in.
What Is the Code of Conduct About?
The Australian Government Department of Home Affairs recognizes that the world of IoT is a huge security risk. They state that IoT devices are currently very insecure and pose a threat to “individuals, [their] economy and national security.”
As such, they want to publish an official code of conduct that covers all the bases that an IoT should meet. This would then set a standard that all IoT developers should strive to meet if they want to sell their products in Australia.
What Does the Code Cover?
You can take a look at the draft of this code of conduct on the Australian Government Department of Home Affairs webpage. Under “who can contribute” is a PDF link that goes into more detail on this new code.
As the PDF claims:
The draft Code of Practice is a first step to improve the security of IoT devices in Australia. It is designed for an industry audience and comprises 13 principles. The first three principles are the highest priority to achieve the greatest security benefit.
The first three principles tackle the following areas:
- Passwords should be randomly generated for every IoT device. The generated password should also be hard to crack.
- Developers should have an open channel of communication through which they can receive alerts about vulnerabilities from security experts.
- Developers should keep their software and firmware updated without harming the device or the user’s settings.
The report then mentions the other ten principles that are of a lower priority. These “low priority” points include securely storing personal details, which is surprising to see given the damage a database leak can do.
Is the Draft Final?
The draft hasn’t been finalized yet – that’s why it’s a draft! In fact, it’s so early in the development stages, they’re still listening to feedback on the draft.
On the page linked above, you may have noticed that you can submit a response to the draft. The website says that the feature is mainly meant for industry professionals, but anyone can give a reply to the code of conduct.
This is a great feature, as it shows that the code of conduct is being produced with everyone in mind. Both consumers and developers can put their thoughts forward and help shape the future of Australia’s IoT.
Code of Honor
The biggest flaw of IoT is its security, but it doesn’t have to stay that way. With IoT becoming more central to our lives, it forces countries to take note and create rules and regulations. Australia is taking the first step in this direction, with its code of conduct aimed at both consumers and developers.
Do you think every country needs an IoT code of conduct? Let us know below.