³Ô¹ÏÍøÕ¾

Speakers, vacuums, doorbells and fridges – the government plans to make your ‘smart things’ more secure

The Australian government has introduced its first-ever . Along with two other cyber security bills, it’s currently .

Author


  • Abu Barkat ullah

    Associate Professor of Cyber Security, University of Canberra

Among the act’s many provisions are mandatory “minimum cyber security standards for smart devices”.

This marks a crucial step in defending the digital lives of Australians. So what devices would it apply to? And what can you do right now to protect your smart devices from cyber criminals?

Smart devices are everywhere

The new legislation aims to cover a wide range of smart devices – products that can connect to the internet in some way.

This includes “internet-connectable” products – think smartphones, laptops, tablets, smart TVs and gaming consoles. It also includes indirect “network-connectable” products, which can send and receive data. This means things like smart home devices and appliances, wearables (smart watches, fitness trackers), smart vacuums and many more.

Simple electronic devices that don’t connect to the internet or can’t store or process sensitive data are not included.

According to one study, – more than 70% – had at least one smart home device by the end of 2023, and 3 million of those households had more than five.

To work as well as they do, smart devices typically collect, store and share data. This can include sensitive personal information, health data and geo-location data, making them attractive targets for cyber criminals.

A notorious example is the Mirai botnet in 2016, when cyber criminals infected more than to use them in massively disruptive network attacks, known as a distributed denial-of-service (DDoS).

Even implantable medical devices, such as pacemakers and insulin pumps, can have security flaws .

Just last week, the ABC reported that one of the world’s largest home robotics companies has in its robot vacuums despite warnings from the previous year.

The consequences of such vulnerabilities can be even more dangerous when smart devices are . As these devices become more interconnected, a breach in one can compromise entire networks, amplifying the security risks.

What will be the ‘minimum’ security standards?

The new cyber security act provides for “mandatory security standards” for smart devices. It establishes the legal framework for enforcing these standards, but doesn’t explicitly outline the technical details smart devices must meet. In the past the that Australia consider , such as .

The bill’s focus is on securing connected devices to protect users from internet-based threats, vulnerabilities and risks.

In practice, this means manufacturers will have to ensure their products meet these minimum security standards and provide a statement of compliance. And suppliers will have to include statements of compliance with the product, and will be forbidden from selling non-compliant products.

All this will be , who can issue compliance, stop, or recall notices for violations of these rules.

You can do your bit to stay safe

The proposed cyber security act is a significant step forward in protecting Australians from the growing threat of cyber attacks on smart devices.

But this may only apply to new devices or ones still receiving updates from manufacturers. Exact details on how the legislation will apply to existing devices will be determined by the government agency responsible for its implementation.

“Legacy” devices with outdated software – older products that are no longer supported and don’t receive the latest security patches – are particularly vulnerable to cyber attacks.

While the government works on introducing the new cyber security laws, there are to protect your smart devices:

  • set up a strong wifi password to prevent unauthorised access to your home network
  • create a dedicated, more secure wifi network for smart home devices
  • always install security patches and updates promptly
  • create unique and complex passwords for each account
  • where possible, use to add an extra layer of security
  • disable unnecessary features or permissions, and be mindful of the information you share with apps and devices
  • make sure you understand how your data is collected and used by apps and devices.

By mandating minimum cyber security standards and providing for effective enforcement mechanisms, Australia’s new cyber security act will help keep consumer devices safer.

However, it’s important to note that as technology continues to evolve rapidly, the cyber crime ecosystem is also expanding. The global cost of cyber crime is projected to reach .

Given the dynamic nature of cyber threats, relying solely on standards may not be sufficient to address all potential risks. New vulnerabilities are discovered regularly, and it’s essential for every one of us to remain vigilant and practice good cyber hygiene by following the tips above.

The Conversation

/Courtesy of The Conversation. View in full .