The Internet of Things (IoT), which includes everyday smart devices that connect to the internet – such as smart TVs and home assistants – provides significant benefits to Australians; enhancing our convenience, comfort and efficiency. Many of these devices are developed with functionality as a priority, and security features are often absent or an afterthought. By 2030, it is estimated that there will be more than 21 billion IoT devices connected to the internet globally, with the highest estimations predicting over 64 billion devices. It is essential that these devices in our homes and businesses have cyber security provisions that defend against potential threats and malicious cyber activity.
The Code of Practice: Securing the Internet of Things for Consumers (Code of Practice) represents a first step in the Australian Government’s approach to improve the security of IoT devices in Australia. This Code of Practice is a voluntary set of measures the Australian Government recommends for industry as the minimum standard for IoT devices. The Code of Practice will also help raise awareness of security safeguards associated with IoT devices, build greater consumer confidence in IoT technology and allow Australia to reap the benefits of greater IoT adoption.
The Code of Practice was developed by the Department of Home Affairs, in partnership with the Australian Signals Directorate’s Australian Cyber Security Centre, and follows nation-wide engagement with industry and the Australian public. The Code of Practice was recognised as a necessary step to lifting the cyber security of internet-connected devices domestically.
The Code of Practice is designed for an industry audience and comprises 13 principles. The Australian Government recommends industry prioritise the top three principles because action on default passwords, vulnerability disclosure and security updates will bring the largest security benefits in the short term.
In acknowledgement of the global nature of this issue, the Code of Practice aligns with and builds upon guidance provided by the United Kingdom and is consistent with other international standards. The principles will help inform domestic and international manufacturers about the security features expected of devices available in Australia.
Ensuring the security and integrity of IoT devices will enhance the way we live and work. By improving the overall cyber security of these devices, we also deter the risks they pose to Australian families, our economy and national security. This Code of Practice will be reviewed on a regular basis to ensure it remains fit for purpose.