iot cybersecurity - iot alliance australia: security workstream
TRANSCRIPT
1IoTAA-1702023
INTERNET OF EVERYTHING FORUM
IoT Alliance Australia: Security Workstream
2IoTAA-1702023
3IoTAA-1702023
WORKSTREAMS
• Workstream 1: Collaborative Australian IoT Industry
• Workstream 2: Sector Engagement
• Workstream 3: Open Data and Data Privacy
• Workstream 4: Spectrum
• Workstream 5: Security, Cyber, and Network Resilience
• Workstream 6: Start-up Community
• Workstream 7: Platforms
4IoTAA-1702023
WE DO SECURITY PROPERLY – RIGHT?
5IoTAA-1702023
WE DO SECURITY PROPERLY – RIGHT?
6IoTAA-1702023
THE INTERNET AS IT REALLY IS
The Internet at this Moment
7IoTAA-1702023
HOME AUTOMATION
December 2013
8IoTAA-1702023
WORKSTREAM 5 SECURITY STRATEGY
• Approve, Develop and Publish Guidelines and Standards
• IoT Product Certification
• Network Protection Framework
• Vendor/Supplier Security Awareness & Education
• Consumer Security Awareness & Education
• Investigation & Remediation
• Liaison with Government Bodies
• Administrative Framework for IoT Security
9IoTAA-1702023
APPROVE, DEVELOP AND PUBLISH GUIDELINES AND STANDARDS
IoT Security Guidelines v1.0 published April 2017
• IoTAA
• Comms Alliance for public comment
Currently drafting v1.1 for committee submission September
• Rework structure and bring architecture up to date
• Added commentary on 5G
• Added enterprise IoT
• Added Network Edge
10IoTAA-1702023
IoT Security Architecture in development
• Architecture is evolving quickly – its challenging!
• Device/platform/enterprise
• Device/proximity/access-gateway/IoT-management/application
• Now network edge/fog
• Address specific audiences (water/energy, food/agri, transport/smart-city)
• Use cases to drive a reference architecture
• Develop a domain architecture
APPROVE, DEVELOP AND PUBLISH GUIDELINES AND STANDARDS
11IoTAA-1702023
Approach
• Develop an evaluation and certification programme
• Conduct lab testing
• Develop a certification mark
• Develop a marketing plan
IoT Product Certification
12IoTAA-1702023
IoT Product Certification
IoT Product
Certification
Testing Lab
Certification LabNational Association of Testing Authorities
Australia
Accreditation
Security Test Procedures
Connectivity Standard
eg NB-IoT Standard
Testing
ProceduresICD
13IoTAA-1702023
Approach
• Start with the iCode
• Develop additional network characteristics
• Develop a Guideline
• Introduce to certification framework
Network Protection Framework
14IoTAA-1702023
Approach
• Website with certification information
• Appoint a training officer
• Multimedia case study material
• Media officer
Vendor/Supplier Education
15IoTAA-1702023
Approach
• Internet security information
• Consumer awareness of the certification mark
• Publication of case study information
Consumer Education
16IoTAA-1702023
Approach
• Develop Guidelines for Investigation and Remediation
• Star rating for service providers/vendors
• Advisory service
Investigation & Remediation
17IoTAA-1702023
Approach
• Seek Government funding
• Seek Commonwealth and State government support
• Regulatory support
Liaison with Government
18IoTAA-1702023
Approach
• Maintain this strategy
• Monitor implementation
Administrative Framework for IoT Security