Increased regulation of IoT devices is amidst the suggestions of a new discussion paper from the Australian government.
The paper, which discusses methods to strengthen cybersecurity regulations, explores a variety of potential venues to either encourage or enforce businesses to invest more into preventing such threats.
“We believe that one reason that many smart devices are vulnerable is because competition in the market is primarily based on new features and cost,” the paper says.
“Unfortunately, consumers often aren’t able to tell the difference between a secure and insecure device, which limits commercial incentives to compete on cybersecurity and leads consumers to unknowingly adopt cybersecurity risk.”
To combat this risk, the paper suggests making the government’s voluntary ‘Code of Practice: Securing the Internet of Things for Consumers’ that it released last year mandatory.
Said code contained thirteen expectations that the government had on manufacturers regarding the security of smart products. This new paper suggests taking this further and making the code mandatory.
The standard would require manufacturers to implement baseline cybersecurity requirements for IoT devices through the introduction of a voluntary star rating label or a mandatory expiry date label.
The goal here is to improve the information available to consumers regarding the security of smart devices.
Details on how a star rating system would work are limited, but the paper does refer to a similar system in place in Singapore where four cybersecurity levels each indicate a higher level of security and testing.
The mandatory expiry date label, however, is noted as the government’s preferred way forward. It would display the length of time that security updates will be provided for the smart device without the need for independent security testing.