Frontline
IoT – Securing the connected world By Bennett Ring ASM Correspondent
18 | Australian Security Magazine
W
ith the recent news of a Las Vegas casino’s database being hacked via a connected aquarium thermometer, as reported by Business Insider, it’s becoming ever more apparent that Internet Of Things (IoT) devices are increasingly being used as soft-spots to attack networks. Raising the awareness of IoT security was one of two key themes at this week’s IoT – Securing the Connected World event, held at Telstra’s Melbourne Gurrowa Innovation Lab. The first guest speaker at the two-hour event, which saw over 100 guests attend from both the Cyber Risk in Melbourne and Cybersecurity Melbourne meetup groups, was Matt Tett, MD at Enex TestLab. Mr Tett is also part of the Internet of Things Alliance Australia, where he chairs the Work Stream 5, a group of over 120 volunteer members representing 65 organisations across Australia dedicated to developing an IoT framework. The group has already published a strategic plan with a top-line view of securing these devices, which is available for download and has been shared with many overseas partners, including IoT security groups in Germany, China and Hong Kong. Over the course of his presentation, Mr Tett outlined several key areas where the group is focusing its efforts. First and foremost is to identify, reconcile, publish and
promote IoT security guidelines and standards. With over 450 existing IoT platforms, many of which lack even the most basic security, this initially seemed to be an impossible mission. According to Mr Tett though, things weren’t quite as bad once a member of the group examined the issue. “One of our volunteers took the initiative and what started as an exercise to define a sample IoT security architecture rapidly evolved into an amazing overall IoT framework which is applicable to all areas of IoT and has now been adopted by most, if not all, of the other Work Streams at IoTAA”. Part of this work is to develop an IoT product security certification program, where an independent body can test devices before giving them the “trust mark” of approval, showing they’re secure enough for their needs. Given the lack of awareness around IoT security, it’s not surprising that another mandate of the group is to educate suppliers about the need for secure devices. Mr Tett explains that, “… until security is a key factor in information systems, not just IoT, the same thing will keep happening time and again. Deliver first, secure later is still a prevalent culture because those procuring such systems do not ask the tough questions about security”. Part of the issue is that many so-called smart devices don’t