Security was flagged as a key area of investment for the Internet of Things Alliance Australia (IoTAA) - an industry body with more than 200 members from over 100 organisations and industry groups - as the body was launched this week as an independent not-for-profit entity by founding organisation the Communications Alliance.
Members of the IoTAA, which is being hosted at the University of Technology, Sydney (UTS), are organising around six key work streams including spectrum availability; network resilience; industry verticals; data sharing and privacy; and the fostering of IoT startups. "A lot of countries are already ahead of us when it comes to IoT," federal shadow minister for communications Jason Clare said in launching the new entity. "If we don't turn this around we will miss out on a lot of new jobs, more investment and new businesses."
Delivering on this vision, however, will require the IoT industry to collectively fill out a security story that has so far been found to be missing a number of chapters as IoT vendors are left to their own devices in building security into their products. This has led to deficiencies in IoT devices and, more problematic, created security issues within the businesses that are adopting them. A number of recent efforts have aimed to stem the rising tide of IoT security and formalise the process by which it is implemented, with ICSA Labs launching an IoT security testing program and others working tobetter define and standardise methodologies for evaluating IoT risk.
"The potential for abuse of systems with IoT, and so many connected devices, is fairly obvious," says Jamie Chard, chief technology officer with Freestyle Technology, a utility-focused developer of IoT technologies thatlast month announced it would establish a new R&D facility in suburban Glen Waverley that is expected to employ 150 people and generate exports worth up to $200m in the next few years.
While emerging IoT-related standards have embraced encryption and authentication technologies to secure communications from devices, the ability to use over-the-air (OTA) updates to patch IoT equipment in the field - crucial to fix new security issues as they are discovered - varies based on devices' sophistication and internal capabilities. "A lot of the devices that we are dealing with are not even embedded Linux devices," Chard explains.
"They are very low-level electronics on the meters themselves: because of price points, they are often relatively cheap and simple devices that just don't have the memory and capability in them. And if your device doesn't accept OTA updates, then it is what it is." Use of a central platform for managing and updating devices was "a key part" of making IoT work en masse, Chard added, noting that many devices were being deployed with de facto control structures by the fact that inter-device traffic is frequently routed over secure wireless connections and through a central management gateway
Sign up for Computerworld eNewsletters.