Australia’s public sector increasingly adopts Internet of Things (IoT) devices, presenting potential benefits and risks. As public services increasingly integrate these devices, cyber actors target them to exploit security vulnerabilities. A recent joint cybersecurity advisory demonstrates that cyber actors connected to the People’s Republic of China use compromised IoT devices in a botnet operation, underscoring the urgent need to improve IoT security in Australia’s critical systems.

IoT security measures address real threats that directly impact Australia’s cybersecurity landscape, moving beyond theoretical risks. The Australian Cyber Security Centre (ACSC) reports that “the cyber actors may use the botnet as a proxy to conceal their identities while deploying distributed denial of service (DDoS) attacks or compromising targeted international networks.” Strong cybersecurity measures hold significant importance within the public sector, particularly for critical infrastructure.

Enhancing IoT security

1. Regular patching and updates

Patching and updating all IoT devices on a regular basis improves cybersecurity effectiveness. Routers, firewalls, and network-attached storage systems often operate on outdated software, creating vulnerabilities for cyber attackers. The ACSC advises “regularly applying patches and updates (software and firmware) to routers, IoT, and network-attached storage devices.”

Effectively addressing vulnerabilities eliminates the pathways that malicious actors use to gain control over devices. Through their complex botnet operations, actors from the PRC demonstrate that outdated systems create significant vulnerabilities within Australian networks. Public sector organisations can mitigate numerous risks by methodically addressing vulnerabilities in IoT devices before they develop into serious incidents.

2. Replacing end-of-life equipment

Many IoT devices currently in operation do not receive support from their manufacturers, leading to a lack of essential security updates. Devices that reach the end of their operational life, especially those using UNIX-based systems, become highly susceptible to botnets like the Mirai family, which has seized control of IoT devices since 2017. The advisory emphasises the critical need to replace unsupported devices, as neglecting this step significantly increases the risk of a breach.

The FBI report highlighted that attackers frequently target IoT devices like webcams, DVRs, and IP cameras in botnet attacks. In the public sector, these devices often enhance security, surveillance, and data management, making the implications of a breach extensive. Transitioning to devices that receive ongoing support and frequent updates allows public sector organisations to effectively reduce these risks.

3. Implementing network segmentation

Network segmentation acts as a crucial protective strategy in IoT security. By isolating IoT devices from the main network, organisations can mitigate potential damage in the event of a device compromise. The ACSC advisory urges public sector organisations to “implement network segmentation to ensure IoT devices within a larger network pose known, limited, and tolerable risks.”

This approach significantly impacts essential infrastructure in Australia, as breaching just one device can jeopardise the stability of the entire network. A segmented network effectively reduces the impact of breaches. It enables organisations to contain threats more efficiently and prevents lateral movement within networks.

Safeguarding public sector cybersecurity

Compromised IoT devices increasingly fuel DDoS attacks, significantly threatening the cybersecurity of Australia’s public sector. These attacks inundate network systems with excessive traffic, significantly hindering public services. Botnets associated with the PRC pose a significant threat because they gain control over IoT devices like routers and cameras, often without detection. The ACSC observed that “the cyber actors may use the botnet as a proxy to conceal their identities while compromising targeted international networks.”

This serves a key part in the public sector of Australia. Government departments rely on a network of interconnected IoT devices to manage daily operations, including traffic management, healthcare systems, and emergency services. A DDoS attack on these systems can cause significant service disruptions, potentially leading to millions in losses from downtime and recovery efforts.

Service interruptions and vulnerable IoT devices in the public sector provide cybercriminals opportunities to infiltrate and obtain sensitive data. Actors affiliated with the PRC exploit botnets to penetrate critical systems and gain unauthorised access to sensitive information. The FBI states, “Insecure IoT devices provide attackers with an easy means of access to build and deploy botnets, which can be used to access sensitive systems and data.”

Australia’s public sector faces escalating cybersecurity challenges due to the increasing use of IoT devices in essential operations. Australian organisations can greatly enhance their security measures by prioritising regular updates, upgrading obsolete hardware, and adopting network segmentation. As cyber threats evolve, particularly from state-sponsored entities, these strategies offer a reliable and essential way to protect national security interests. Securing IoT devices has become essential; it plays an important role in Australia’s public sector cybersecurity.

Editors Publicspectrum

Website | + posts

Public Spectrum is the first knowledge-sharing platform in Australia to embrace the entire public sector. This website is a platform where you can connect, collaborate, empower, inspire, and upskill with public sector professionals.

• Electoral commission empowers voters' digital governance
• Digital government advances disaster connectivity
• Government digital tool empowers teachers
• Electoral commissioner to boost digital election transparency