A cyber security labelling scheme, similar to health labels on packaged food, could help improve the quality of Australian internet of things (IoT) and smart devices while protecting consumers’ data privacy, Standards Australia has said.
In its Iconic Nation report released this week, the national body for developing standards identified cyber security standards as a key priority over the next decade, recognising the growing number of incidents reported to the Australian Cyber Security Centre (ACSC) each year.
“Over the next 10 years, up to 4,000 new national standards will be needed to accelerate the transformation from an analogue to digital economy, strengthen our systems from cyberattacks, mitigate the impact of natural disasters such as floods, cyclones, droughts and plagues and hasten the expected transition from traditional energy sources to alternative ones such as hydrogen,” Standards Australia CEO Adrian O’Connell said in a statement.
A smart devices cybersecurity labelling scheme, being developed alongside the Internet of Things Alliance Australia (IoTAA), is part of that new set of standards.
The scheme will “incentivise manufacturers to address security vulnerability levels,” the Standards Australia report states, and will help promote security of consumer devices.
“This will be an Australian first and position Australia as a world leader in enhancing security within the IoT,” the report said.
Such a labelling scheme is something the government’s Behavioural Economics Team (BETA) has also explored, releasing its report into cyber security labels in March.
That research looked into how Australian consumers might react to seeing three different types of security labels on smart devices – two with guarantees that the device would receive updates until a certain date, and one with simple ratings like ‘enhanced’ or ‘hardened’.
Example security labels tested by that could help consumers choose smart devices. Image: Behavioural Economics Team of the Australian Government
Study particpants – of which there were 6,000 – then completed shopping scenarios where they compared different example smart products (a TV, a watch, a home hub, and a light bulb) and answered questions about how the different labels affected their decision-making.
The most effective label had the simple shield rating.
But importantly, the research showed ratings did have an effect on how consumers might purchase devices.
The study found people preferred to choose high-rating devices and were even willing to pay a bit more for a device with a rating on it than one without.
“These results suggest cyber security labels are likely to achieve their aim of helping Australian consumers make more informed decisions about cyber security when purchasing smart devices,” the researchers said.