| 15 March 2024

Proposed cyber security standards need to align with international practice

As devices in our homes and businesses become ever more interconnected the Australian Government is looking to implement new cyber security legislation. 

Engineers Australia, with the help of members from our Information Telecommunications and Electrical Engineering College (ITEE), College of Leadership and Management (CLM) and the Cyber Engineering working group, responded to the government’s public consultation on opportunities to strengthen cyber security laws.  

We commended the government for developing a strong 2023–2030 Australian Cyber Security Strategy and 2023–2030 Australian Cyber Security Action Plan. 

In our submission, we provided alternative approaches the Department of Home Affairs could consider to streamline cyber security solutions while still effectively addressing issues. 

Engineers Australia supports the proposed amendments to the Security of Critical Infrastructure Act, and we recommend that Australia adopts the full series of standards from the European Standard for cyber security for consumer internet of things (ETSI EN 303 645). The European standard protects consumer smart products, avoids legal patchwork and lessens the administrative load. 

We also recommend aligning the proposed amendments with international standard IEC 62443, to revisit sensitive information management by companies and minimise the time that this critical information is kept. 

Jenny Mitchell General Manager, Policy and Advocacy says this submission addresses two critical sides of the connected world: consumer smart devices and critical infrastructure. 

“We were able to highlight to government the importance of cyber engineers. While IT professionals deliver on the software and human interactivity side of cyber security through efficient coding, cyber engineers offer a 360-degree approach dealing with software, hardware and firmware.” 

Our submission provided advice on the establishment of a Cyber Incident Review Board, which will be a critical step to enable lessons from incidents to be shared through government and industry to increase collective cyber resilience. 

Ms Mitchell says the technical expertise of our engineer members was crucial in responding to the technical elements of the consultation. 

In addition to the written submission, Engineers Australia facilitated a roundtable discussion with the Department of Home Affairs and members from the ITEE, CLM and Cyber Engineering group. 

“The Department was pleased to have heard some new points of view to further the important task of regulating consumer smart devices and strengthening the Security of Critical Infrastructure Act,” Ms Mitchell says.  

Read our full cyber security submission.