fotohansel - Fotolia
Australia has embraced the British developed Hypercat framework, initially for internet of things (IoT) deployments in smart cities, in part to address perceived security issues.
Hypercat Australia is being established as an independent, not-for-profit organisation and the standard will be administered by the Knowledge Economy Institute led by Mike Briers, who is Australia’s first industry professor of IoT at the University of Technology Sydney.
The standard is intended to make various IoT devices connected to networks discoverable, so, for example, smart city application air monitors, traffic sensors and CCTV devices connected over the internet could be accessed from a central location.
As a rule, standardisation helps to drive better security overall, and the Hypercat standard features security extensions and recommendations regarding best practice.
A 2015 survey of Australian IoT users conducted by KPMG found that 92% were concerned about security, and analysts have warned that IoT devices are increasingly being used as a route to piggyback into enterprise networks.
The IoT Alliance Australia (IoTAA), which has championed Hypercat Australia, has security as one of the topics for its workstreams. Helmed by Malcolm Shore, the security and network resilience workstream is intended to “develop security guidelines for IoT services and service elements, including data protection”.
According to Shore, a handbook that is soon to be released will “cover at a high level where IoT security sits right now” . Over the next six months to a year, the group hopes to release a more detailed security reference architecture with supporting design patterns.
Read more about IoT and security
- Security researchers have found another botnet operation exploiting internet of things devices to carry out powerful distributed denial of service attacks
- There is a degree of hype surrounding the internet of things, with many wild ideas reminiscent of ideas for internet businesses during the dot com boom.
- With IoT devices set to outnumber notebooks, smartphones and tablets by more than three times, businesses will need to adjust their network access policies to keep things running smoothly, says Gartner.
At an IoTAA meeting in Sydney, Shore said this would feature “exemplars of security so the industry can adopt security and use existing working patterns and designs”. The group is also working with an IoT research group at the University of South Australia on the issue.
Addressing the IoTAA meeting, communications minister Mitch Fifield said: “As the IoT and our reliance on those services grows, the risk will grow and our need to protect ourselves will grow in line.”
He added that given the IoT was fundamental to driverless cars, medical monitoring, emergency services response, the government wants to make sure it gets it right.
Gary Gardiner, Australia and New Zealand director of engineering and services for security company Fortinet, said the IoT meant that the attack surface of networks was getting bigger.
Gardiner said manufacturers of IoT devices, which were designed for applications other than industrial, remained “more focused on function rather than security” and often based their hardware on cut down versions of operating software that could feature security vulnerabilities.
“Lots of devices are not seeing rigorous patch management,” said Gardiner, adding that this was leaving entire networks at risk if those unsecure, unpatched devices were being used as a jumping off point into a broader corporate network.
Despite the perceived problem, KPMG’s Australian security survey found only around 40% of companies using IoT had improved firewall controls, enhanced identity management procedures or extended intrusion protection monitoring to cover IoT devices.