Great work Geoff.
Glad to hear you have been involved in the process of making IOT secure.
This area has been worrying for some time with "white goods iot companies" continuing to strengthen their integration of operating systems [OS] that cannot be altered away from the proprietary OS. Consumers rights to remove their personal data being shared from these iot devices to the manufacturers offshore server locations is now more prevalent than ever. The data transmitted includes storage of a person gateway password allowing for potential tunnels, etc to be created to the host of other attached devices behind the router.
I am probably more concerned that the average punter in the community does not realise what they are giving away when they connect their new iot devices connected to their new phone apps that changes a light colour. There have been numerous breaches on these servers in the past and the sovereignty and consumer laws of privacy that might apply in an Australian territory are not applied in many of these offshore locations. The role of Engineers to highlight issues and protect the community is clear and glad that EA continue to be involved.
From my perspective, if I have purchased an item, I should be able to choose the type of OS that is loaded. Product manufacturer's continue to make the option of alternative OS more and more difficult to change including the removal of pin headers, hardwired disabling of programing pins etc that inhibit my choice to change the base OS so that I do not need to share my passwords. The reality of this is that there is no need to block this choice option other than a specific restriction by manufacturers to the right to consumer choices. This forces the use of specific apps and data being shared to use these devices. Very poor in my books.
As an aside, I have been actively involved with a number of open-source alternatives and the thriving community that is created when there is no need to get out the soldering iron to replace the processor or desolder the IO0 pin to enable programming. As a flow on, the activity in the communities performing these "OS hacks" creates significant innovation and development which is shared in addition to allowing skill development in computers, IOT and OS's.
Simply put, I believe that Australia should push for allowing competition in the IOT OS market so that consumers can decide what they want to use on their consumer iot devices and what information they give away and of course, if they want to be cloud enabled.
Thanks again.
------------------------------
Chris Scanlon
------------------------------
Original Message:
Sent: 08-05-2024 09:09 AM
From: Geoff Sizer
Subject: Draft Cyber Security for Consumer Internet of Things: Baseline Requirements Standard Open for Commenting
EA recently made a submission to the Australian Government on Cyber security legislative reforms - the submission can be found here: https://www.homeaffairs.gov.au/reports-and-publications/submissions-and-discussion-papers/cyber-legislative-reforms
I was asked to contribute to Part 1 – New Cyber Security Legislation - Measure 1: Helping prevent cyber incidents - Secure-by-design for Internet of Things devices, and am pleased to say that my input was largely included in the submission.
As an aside, I am EA's nominated representative on Standards Australia committee IT-042 Internet of Things and Digital Twin.
If anyone has an item that they think should be addressed in the IoT standards domain, I am more than happy to raise it with IT-042.
------------------------------
Geoff Sizer
Original Message:
Sent: 14-07-2023 10:31 AM
From: Peter Stepien
Subject: Draft Cyber Security for Consumer Internet of Things: Baseline Requirements Standard Open for Commenting
Thanks @Tosin Famakinwa, a very good point.
The URL provided in the original post will take you to the login page. If you do not have an account with Standards Australia, there is a link to register for an account
Kind Regards,
Peter.
------------------------------
Dr Peter Stepien
Chair ITEE College
Original Message:
Sent: 14-07-2023 06:36 AM
From: Tosin Famakinwa
Subject: Draft Cyber Security for Consumer Internet of Things: Baseline Requirements Standard Open for Commenting
Just to mentioin, Standards Australia requires registration before commenting on any standard. Cheers, Tosin
------------------------------
Tosin Famakinwa
Original Message:
Sent: 12-07-2023 10:47 PM
From: Peter Stepien
Subject: Draft Cyber Security for Consumer Internet of Things: Baseline Requirements Standard Open for Commenting
Hi Everyone,
The following draft Australian Standard is open for commenting:
Standard: DR AS ETSI EN 303 645:2023 CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements
Committee: IT-012 Information security, cybersecurity and privacy protection
Comment Start Date: 12/07/2023
Comment End Date: 23/08/2023
You can view the draft with latest comments and provide your feedback using the following URL: https://comment.standards.org.au/Drafts/0d9e445a-2329-43a9-8a63-1b752bbe6fa6
In addition to minimum safety standards, the section on the distribution of responsibilities between developers, service providers and end users will be of interest to other types devices.
Note that this draft standard is an identical adoption of ETSI EN 303 645 V2.1.1 (2020-06), CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements. As such, the public comment version contains only the preface and any modifications for national conditions and, for copyright reasons, does not contain the full text of the original document. Please refer to the ETSI website for the original document.
Kind Regards,
Peter.
------------------------------
Dr Peter Stepien
Chair ITEE College
------------------------------