1IoTAA-1702023

INTERNET OF EVERYTHING FORUM

IoT Alliance Australia: Security Workstream

2IoTAA-1702023

3IoTAA-1702023

WORKSTREAMS

• Workstream 1: Collaborative Australian IoT Industry

• Workstream 2: Sector Engagement

• Workstream 3: Open Data and Data Privacy

• Workstream 4: Spectrum

• Workstream 5: Security, Cyber, and Network Resilience

• Workstream 6: Start-up Community

• Workstream 7: Platforms

4IoTAA-1702023

WE DO SECURITY PROPERLY – RIGHT?

5IoTAA-1702023

WE DO SECURITY PROPERLY – RIGHT?

6IoTAA-1702023

THE INTERNET AS IT REALLY IS

The Internet at this Moment

7IoTAA-1702023

HOME AUTOMATION

December 2013

8IoTAA-1702023

WORKSTREAM 5 SECURITY STRATEGY

• Approve, Develop and Publish Guidelines and Standards

• IoT Product Certification

• Network Protection Framework

• Vendor/Supplier Security Awareness & Education

• Consumer Security Awareness & Education

• Investigation & Remediation

• Liaison with Government Bodies

• Administrative Framework for IoT Security

9IoTAA-1702023

APPROVE, DEVELOP AND PUBLISH GUIDELINES AND STANDARDS

IoT Security Guidelines v1.0 published April 2017

• IoTAA

• Comms Alliance for public comment

Currently drafting v1.1 for committee submission September

• Rework structure and bring architecture up to date

• Added commentary on 5G

• Added enterprise IoT

• Added Network Edge

10IoTAA-1702023

IoT Security Architecture in development

• Architecture is evolving quickly – its challenging!

• Device/platform/enterprise

• Device/proximity/access-gateway/IoT-management/application

• Now network edge/fog

• Address specific audiences (water/energy, food/agri, transport/smart-city)

• Use cases to drive a reference architecture

• Develop a domain architecture

APPROVE, DEVELOP AND PUBLISH GUIDELINES AND STANDARDS

11IoTAA-1702023

Approach

• Develop an evaluation and certification programme

• Conduct lab testing

• Develop a certification mark

• Develop a marketing plan

IoT Product Certification

12IoTAA-1702023

IoT Product Certification

IoT Product

Certification

Testing Lab

Certification LabNational Association of Testing Authorities

Australia

Accreditation

Security Test Procedures

Connectivity Standard

eg NB-IoT Standard

Testing

ProceduresICD

13IoTAA-1702023

Approach

• Start with the iCode

• Develop additional network characteristics

• Develop a Guideline

• Introduce to certification framework

Network Protection Framework

14IoTAA-1702023

Approach

• Website with certification information

• Appoint a training officer

• Multimedia case study material

• Media officer

Vendor/Supplier Education

15IoTAA-1702023

Approach

• Internet security information

• Consumer awareness of the certification mark

• Publication of case study information

Consumer Education

16IoTAA-1702023

Approach

• Develop Guidelines for Investigation and Remediation

• Star rating for service providers/vendors

• Advisory service

Investigation & Remediation

17IoTAA-1702023

Approach

• Seek Government funding

• Seek Commonwealth and State government support

• Regulatory support

Liaison with Government

18IoTAA-1702023

Approach

• Maintain this strategy

• Monitor implementation

Administrative Framework for IoT Security

19IoTAA-1702023

END

The Internet Now!