UK MoD to support UK-US joint military cyber operations. Consumers welcome IoT security ratings. New Australian bill would increase penalties for data breaches.

Summary

By the CyberWire staff

At a glance.

UK Ministry of Defence to support UK-US joint military cyber operations.
Survey says consumers welcome IoT security ratings.
New Australian bill would increase penalties for data breaches.

UK Ministry of Defence to support UK-US joint military cyber operations.

The UK and the US have pledged to work together to combat cyberthreats by launching a joint military operation, and the UK Ministry of Defence (MoD) last week announced that the UK Strategic Command will play an important part. The organization, which oversees resources and operations across the three Armed Forces, will provide technology specialists from the MoD’s Defence Digital unit to collaborate with US Cyber Command. MoD explained that the “collaborative exercise which will identify threats that could impact the internal systems of participants.” Speaking of the new operation, Rear Admiral Nick Washer, Operations Director at Defence Digital, told Public Technology: “Cyber does not recognise geographic borders. Our relationships with partners offer huge shared benefits; operations like this with US Cyber Command put our expertise into practice and enhance our collective defence.”

Survey says consumers welcome IoT security ratings.

We reported last week on the US’s planned security ratings labeling system for Internet of Things (IoT) devices, and according to a survey conducted by Blackberry, about 80% of respondents feel such a labeling system would make them feel more confident about using IoT products. Blackberry conducted a survey of approximately one thousand Americans about their security concerns when it comes to using smart products, and 64% said they’d be willing to pay more for devices with higher security label rankings. Blackberry reports that over half (56%) of respondents say they’re worried about their smart home devices being hacked, and about two-thirds (68%) say these worries have prevented them from connecting to Internet-enabled devices. The most popular connected devices used by those surveyed are smart speakers (39%, followed by doorbells and robotic vacuums), perhaps because. As the survey shows, respondents view smart speakers as the most secure smart devices.

New Australian bill would increase penalties for data breaches.

In the wake of a wave of high-profile cyberattacks in Australia, the Albanese administration on Saturday announced plans to increase penalties to companies that experience repeated or serious data breaches. Attorney-General Mark Dreyfus declared that the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 will raise maximum penalties that can be applied under the Privacy Act 1988 from the current $2.22 million penalty to the greater of $50 million, three times the value of any benefit obtained through the misuse of information, or 30% of a company's turnover for the relevant period. The Bill will also grant the Australian Information Commissioner with greater powers to resolve privacy breaches, while also strengthening the Notifiable Data Breaches scheme to ensure the Australian Information Commissioner has a comprehensive understanding of what data were impacted in an incident. The Australian Information Commissioner and the Australian Communications and Media Authority will also be given greater information sharing powers. The bill comes alongside the Attorney-General's Department’s comprehensive review of the Privacy Act, scheduled to be completed by the end of this year. The AG stated, “I look forward to support from across the Parliament for this Bill, which is an essential part of the Government's agenda to ensure Australia's privacy framework is able to respond to new challenges in the digital era.” As Reuter’s notes, the announcement follows the government’s statement earlier this month that it plans to amend consumer privacy rules to allow targeted data sharing between telecommunication firms and banks in order to better protect consumers after a breach.

Selected Reading

After cutting ties with Iran, Albanian PM arrives in Israel to talk cybersecurity (Times of Israel) Edi Rama blames Tehran for series of attacks in July, will meet with Israel's cyber czar; Dutch PM also slated to land this week

S. Korea to participate in US-led cyber exercise for 1st time (Korea Times) South Korea's military is set to participate in a U.S.-led multinational exercise on cyber operations this week, the defense ministry said Monday, amid growing security threats from North Korea.

Is an 'epoch-making' agreement between Australia and Japan in the works? (Breaking Defense) "Two new aspects in the revised declaration are intelligence sharing, and greater interoperability. The latter is already underway, so the question is what is actually new here? More detail is required," Japan analyst Rikki Kirsten said.

U.S. urges Mexico not to buy Chinese scanners for the border (Washington Post) As the Biden administration revamped security technology at the U.S.-Mexico border this year, officials learned of an unexpected national security threat developing on the other side of the Rio Grande. The Mexican government was preparing to purchase hundreds of millions of dollars of Chinese scanning equipment for its own checkpoints.

Llewelyn-jones: UK Will Continue to Collaborate with Nigeria on Cyber Security (This Day) The British High Commissioner in Nigeria, Ben Llewelyn-jones, at the weekend in Lagos, reiterated the commitment of the government of the United Kingdom (UK), to address cyber security issues across Nigeria, in collaboration with the Nigerian government

Is cyber-security important to Pakistan? (The Express Tribune) Federal minister for IT says over 900,000 hacking incidents take place in country daily

Australia flags increased penalties for data breaches following major cyberattacks (Reuters) Australia will introduce laws to parliament to increase penalties for companies subject to major data breaches, Attorney-General Mark Dreyfus said, after high-profile cyberattacks hit millions of Australians in recent weeks.

Tougher penalties for serious data breaches (Australian Government: Attorney General) The Albanese Government will next week introduce legislation to significantly increase penalties for repeated or serious privacy breaches.

Australia flags new corporate penalties for privacy breaches (AP NEWS) Australia on Saturday proposed tougher penalties for companies that fail to protect customers’ personal data after two major cybersecurity breaches left millions vulnerable to criminals.

'Government has made it pretty clear it just wants a free pass', ORG on GDPR replacement (Computing) The draft Data Protection and Digital Information Bill is a data grab, the advocacy group says

A former official talks past, present and future of cyber at the Justice Department (Washington Post) John Carlin had a lot of cyber in his portfolio as a principal associate deputy attorney general at the Justice Department. The New York Times described his job as “one of the most powerful and under-the-radar posts” at DOJ.

Colo. Privacy Rules Spotlight Emerging Patchwork Of Laws (Law360) Colorado's attorney general has delivered much-needed clarity on how the state's new privacy rules are likely to be enforced, while also highlighting areas of growing tension on topics like consent and consumer opt-outs that companies should focus on moving forward, experts say.