. "That really does lock down the communications a lot," Chard says. "They're not just generally visible like any computer on the public Internet; it's much more like a tree network where anything that's outside the domain, trying into it, has to talk through the gateway to get to the devices." Those comments mirror opinions from some experts that existing security best practice, if applied well to IoT deployments, are adequate to manage new risk from IoT deployments.
Yet while such management could improve visibility of traffic to and from devices, it will do little to address intrinsically insecure designs that often - as NICTA offshoot Data61 recently demonstrated with the development of a hack-proof, high-security drone operating system - just need to be gone over by appropriately skilled security specialists.
Getting IoT device makers to put such specialists into oversight roles, especially in the deployment of consumer-focused devices with little central control, remains a big challenge as IoT expands outside of the rigorously controlled utility sector where Freestyle and others have made their names.
"If you're in a home environment where you're trying to put together lots of different, small devices and they need to talk to one another," he said, "then you need to have rigorous standards in place and a lot of attention to security so you can't compromise the systems - especially if you allow devices to join without any vetting." "There's a lot of potential for things to go wrong, and the industry has got quite a bit to work through."
Sign up for Computerworld eNewsletters.