Australia is witnessing a growing importance placed on secure-by-design standards to enhance cybersecurity for Internet of Things (IoT) devices. The rise coincides with the Australian government’s Cyber Security Strategy for 2023–2030. Emphasising the importance of security, the strategy incorporates Secure-by-Design standards to prioritise security during the design and development phases of IoT devices. 

Ensuring high standards is a fundamental part of the product design process, not just an afterthought. Implementing these standards can mitigate potential security risks associated with IoT devices, thereby enhancing cybersecurity overall. The Australian government’s approach highlights the significance of these standards in safeguarding the digital landscape.

Standards ensure IoT security

Developers are increasingly recognising the importance of prioritising security right from the start of IoT device development. This approach, known as Secure-by-Design standards, involves following a set of principles that ensure security is a top priority throughout the entire development process. Many historic hardware deployments and instances of IoT design have faced the challenge of including security considerations late in the design and prototyping phases. These standards aim to address this issue. When companies focus on getting their products to market quickly or meeting other design priorities, they often overlook the importance of incorporating security requirements. 

Ensuring IoT security is a top priority from the start, and the Secure-by-Design approach incorporates security measures into project design. An effective security architecture prioritises device protection based on their specific requirements and location. Essentially, the first step is to conduct a thorough security risk analysis. Identify the potential risks, weaknesses, and likelihood of a security breach occurring, along with the potential consequences of such an incident. 

During the manufacturing process, the approach secures the core of devices by establishing a strong base of reliable digital device IDs and credentials. Ensuring the security of your credentials is crucial to safeguarding against device cloning, data tampering, theft, or misuse. For highly secure IoT applications, such as automotive, healthcare, and smart grids, it is advisable to store IDs and credentials in a tamper-resistant Secure Element to ensure the utmost protection for both physical and digital access.

Cybersecurity’s influential role

Implementing secure-by-design standards has a significant influence on cybersecurity. Ensuring that security measures are not just afterthoughts but rather essential elements of IoT devices is key. This approach is crucial for effectively addressing cybersecurity vulnerabilities. In recent times, the proliferation of digital tools, particularly in the wake of the COVID-19 pandemic, has resulted in a surge of cyber incidents that are not only more frequent but also more expensive and detrimental. The World Economic Forum’s Global Cybersecurity Outlook 2022 highlights key insights from 120 international cyber experts on how to transition from cybersecurity to cyber resilience. 

This shift is of utmost importance due to the significant increase in global usage of services like video conferencing. The World Bank projects that by 2022, annual total internet traffic will surge by approximately 50% compared to 2020 levels, reaching a staggering 4.8 zettabytes. The surge in digital tool usage and data creation has propelled the global population into a new era of cyber threats and attacks. In 2021, the world witnessed the alarming occurrence of critical infrastructure breaches, as well as the far-reaching consequences that can result from a single company’s cybersecurity vulnerabilities.

Navigating the regulatory terrain

The Australian government has fully embraced a new approach to security, which marks a significant shift in the regulatory landscape. This approach emphasises the importance of integrating security measures into IoT devices, rather than treating them as optional additions. Regulatory bodies are diligently working to synchronise cybersecurity regulations with ever-increasing threats. Efforts are underway to strengthen device safety by developing industry-backed IoT security standards. The implementation of these standards seeks to establish a comprehensive structure for enhancing the security of IoT devices, thus mitigating the potential dangers posed by cyber threats. 

Implementing these standards is a vital measure for enhancing cybersecurity and guaranteeing a more secure digital landscape. In addition, the regulatory environment is changing to match the fast growth of the industry. The study focuses on important matters such as chartering, licencing, the risks of fraud and financial crime, and the protection of consumers and investors. The evolution of regulations is key in order to effectively navigate the complexities and difficulties that arise from heightened geopolitical tension and economic instability.

Tackling challenges with effective solutions

Implementing secure-by-design standards is not without its challenges. Finding the right balance between security and usability poses a significant obstacle. The conventional method of prioritising speed to market over security has proven to be ineffective. This approach unfairly imposes cybersecurity responsibilities on the customer and reveals numerous exploitable vulnerabilities. To tackle these challenges, it is crucial to incorporate Secure-by-Design principles into the product’s design phase during its development lifecycle. 

These principles emphasise the importance of security as a fundamental aspect of any business, rather than just a technical add-on. It is crucial for products to prioritise security from the moment they are unpacked, ensuring that secure configurations are enabled by default. Additionally, offering essential security features like multi-factor authentication (MFA), logging, and single sign-on (SSO) at no extra charge is a must. 

CISA has implemented three fundamental principles to bolster critical infrastructure security, focusing on secure-by-design. The following principles highlight the importance of ensuring customer safety, with technology manufacturers taking responsibility for the security outcomes of their products. Additionally, embracing radical transparency can aid in disclosing and enhancing our understanding of the challenges related to consumer safety.

Implementing secure-by-design standards plays a key role in enhancing cybersecurity for IoT devices. Given the growing emphasis on cybersecurity in Australia, it is crucial for businesses to prioritise security right from the start of product design. Implementing these standards poses certain challenges, but the advantages they bring in terms of improved security are significant. 

They prioritise a proactive approach, making security considerations an integral part of the product development process rather than an afterthought. In the future, we can all expect to see a rise in the adoption of secure-by-design standards. With the rapid expansion of the IoT landscape, ensuring strong security measures is becoming increasingly crucial. The Australian government’s strong focus on cybersecurity, as demonstrated by the 2023–2030 Cyber Security Strategy, bodes well for the widespread implementation of these standards.

Justin Lance Marcel Lavadia

+ posts

Justin Lavadia is a content producer and editor at Public Spectrum with a diverse writing background spanning various niches and formats. With a wealth of experience, he brings clarity and concise communication to digital content. His expertise lies in crafting engaging content and delivering impactful narratives that resonate with readers.

• Safeguarding data privacy in national infrastructure
• Businesses to drive data privacy’s security standards
• Government on boosting data analytics workforce
• Australia to strengthen data sharing protections