Australia Drafts IoT Code of Practice

Australia Code Featured

As we’ve covered before, the world of IoT has a severe security issue. The problem is, companies and consumers believe that if they don’t adopt IoT right now, they’ll be left behind by those who do. The end result is people who feel “forced” to buy into systems they know are unsafe to use.

Fortunately, things are being done to make it a necessity for IoT to be secure. For example, Australia is currently drafting an IoT code of conduct to better regulate the devices coming in.

What Is the Code of Conduct About?

The Australian Government Department of Home Affairs recognizes that the world of IoT is a huge security risk. They state that IoT devices are currently very insecure and pose a threat to “individuals, [their] economy and national security.”

Australia Code Writing

As such, they want to publish an official code of conduct that covers all the bases that an IoT should meet. This would then set a standard that all IoT developers should strive to meet if they want to sell their products in Australia.

What Does the Code Cover?

You can take a look at the draft of this code of conduct on the Australian Government Department of Home Affairs webpage. Under “who can contribute” is a PDF link that goes into more detail on this new code.

As the PDF claims:

The draft Code of Practice is a first step to improve the security of IoT devices in Australia. It is designed for an industry audience and comprises 13 principles. The first three principles are the highest priority to achieve the greatest security benefit.

The first three principles tackle the following areas:

  1. Passwords should be randomly generated for every IoT device. The generated password should also be hard to crack.
  2. Developers should have an open channel of communication through which they can receive alerts about vulnerabilities from security experts.
  3. Developers should keep their software and firmware updated without harming the device or the user’s settings.

The report then mentions the other ten principles that are of a lower priority. These “low priority” points include securely storing personal details, which is surprising to see given the damage a database leak can do.

Is the Draft Final?

The draft hasn’t been finalized yet – that’s why it’s a draft! In fact, it’s so early in the development stages, they’re still listening to feedback on the draft.

Australia Code Negotiation

On the page linked above, you may have noticed that you can submit a response to the draft. The website says that the feature is mainly meant for industry professionals, but anyone can give a reply to the code of conduct.

This is a great feature, as it shows that the code of conduct is being produced with everyone in mind. Both consumers and developers can put their thoughts forward and help shape the future of Australia’s IoT.

Code of Honor

The biggest flaw of IoT is its security, but it doesn’t have to stay that way. With IoT becoming more central to our lives, it forces countries to take note and create rules and regulations. Australia is taking the first step in this direction, with its code of conduct aimed at both consumers and developers.

Do you think every country needs an IoT code of conduct? Let us know below.

One comment

  1. Governments can pass all the legislation, manifestos, codes of conduct they feel like. If they do not back it up with EFFECTIVE enforcement, all that bloviating is not worth the paper it is written on, and certainly not worth the time wasted on debating and formulating the blarney.

    What will the Australian government do when IoT devices get hacked? Will they condemn the hack in the strongest language possible and leave it at that or will they slap the manufacturer, as well as the hacker with a hefty fine and/or a prison term?

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.