In this article, I’d like to highlight the importance of the IoT Code of Practice within the national security and privacy context springboarding the Department of Australian Home Affairs’ Vision, Strategy, and Action Plan updates articulated in the HomeAffairsSummit. The theme was maintaining a fine balance for our Integrity, Prosperity, and Security values creating a nationwide fusion emphasising the partnership of government, industry, and academia as clearly pointed out by the Secretary Michael Pezzulo.
Background
I had the privilege to participate in the Department of Home Affairs Summit held in Melbourne Australia on 19 November 2019. The summit was well organised and provided the big picture for the Home Affairs Agenda focusing on integrity, prosperity, and security. More importantly, the event brought industry leaders from various organisations and academia creating a collaborative atmosphere. The summit content highlighted the importance of partnership, collaboration, and creating fusion to deal with our internal challenges such as cybersecurity threats, natural disasters, and critical infrastructure security risks.
Apart from ministerial and senior executive level presentations on these challenges, one of the most useful parts of the summit was the introduction of informative and interactive workshops attended by industry and academic representatives. There were 11 workshops including key areas such as:
- Customs and border modernisation
- Counter foreign interference approach
- The role of identity within the national security and law enforcement environments
- The future of work in a globally mobile world
- Implementing Australia’s Modern Slavery Act — Knowing your supply chain
- Protecting Australia’s critical infrastructure and systems
- Crowded places — increasing resilience to terrorism
- Tackling disaster risk — Government & industry working together to build Australia’s resilience
- Black economy and trade enforcement
- Child exploitation — what has gone wrong and what we can do
- What does transport security at our air and seaports look like in 2030
Significance of IoT Security
As I pointed out and discussed in my previous articles and publications related to the IoT, cybersecurity and privacy tops the agenda when we are dealing with IoT solutions. As the IoT security and privacy clarified by Home Affairs Minister Peter Dutton who also announced the release of the first Australian IoT Code of Practice, the IoT devices are proliferating and posing a critical risk for our safety, privacy, and security.
This code of practice is a timely and proactive approach to guide IoT solution and service providers, also to create awareness for consumers. The IoT Code of Practice has the following 13 clear principles; you can access the details from the link above:
- No duplicated default or weak passwords
- Implement a vulnerability disclosure policy
- Keep software securely updated
- Securely store credentials and security-sensitive data
- Ensure that personal data is protected
- Minimise exposed attack surfaces
- Ensure communication integrity
- Ensure software integrity
- Make systems resilient to outages
- Monitor system telemetry data
- Make it easy for consumers to delete personal data
- Make installation and maintenance of devices easy
- Validate input data
These 13 principles set by the Australian Government is a proactive and strategic initiative aiming to address key security and privacy concerns posed by proliferating and ubiquitous IoT devices which are inevitable parts of our lives and the connected world. I am interested to know whether other countries developed a code of practice for IoT.
Dr Mehmet Yildiz 