Installers Should Read Australia’s IoT Code of Practice

Security Installers Should Read Australia’s IoT Code of Practice.

Installers Should Read Australia’s IoT Code of Practice – Australian security installers should read Australia’s IoT Code of Practice, which sets out security benchmarks for network-connected devices. It’s important because so many of our solutions and devices now are IoT, whether we recognise it or not – IoT has become ubiquitous.

Developed by the Department of Home Affairs in collaboration with the Australian Signals Directorate, Australia’s voluntary IoT Code of Practice, outlines 13 security principles designed to improve device resilience, but prioritises 3 core requirements: eliminate weak or default passwords, implement a vulnerability disclosure policy, and ensure timely and secure software updates.

For manufacturers and installers in the alarm and CCTV sector, these principles are directly applicable to the products and systems already in widespread use and offer a benchmark to compare with their existing strategies. Not only this, the speed of change in the security market means a cybersecurity standard needs to be maintained in real time.  

The code reflects government expectations and aligns with international regulatory trends, reinforcing the need for security by design in all connected devices. It also raises the bar for systems that previously relied solely on physical deterrents. Alarm panels, network cameras, and recording appliances that incorporate network access are now expected to handle cybersecurity with the same care as other internal and external communications mediums.

Although the code is not mandatory, manufacturers and suppliers in the electronic security industry should treat these principles as essential rather than optional. Unique login credentials using 2FC or device biometrics, reliable paths for reporting software vulnerabilities, and secure over-the-air firmware updates are prerequisites for secure system deployment.

This applies in sectors like government, education, and critical infrastructure, and it should apply in SME and residential applications, too, given the risk cyberattacks pose to life safety systems, including security systems monitoring fire detection, panic and medical alert devices.

Installers and integrators need to take greater responsibility for ensuring deployed systems follow best practice — including secure commissioning, strong password policies, and education of end users. SEN notes the IoT code of practise is general, but it forms a basis security suppliers can use to create and maintain their own internal standards in an area of turbocharged development.

You can find Australia’s IoT Code of Practice here or read more SEN news here.

“Security Installers Should Read Australia’s IoT Code of Practice.”