SECURITY

Canberra Proposes IoT 'Star Ratings' and Mandatory Cyber Standards for Large Business

Department of Home Affairs | July 13, 2021

The federal government wants to improve Australia's cybersecurity laws. It has proposed seven policy changes, including mandatory governance requirements for bigger companies, a code for how personal information is handled, and a mechanism for regulating smart gadgets.

The government is proposing [PDF] either a voluntary or obligatory set of governance guidelines for bigger companies that would "define the duties and offer assistance to boards" to "better safeguard the economy from cybersecurity risks."

While the core of both alternatives is the same, the obligatory code would compel the businesses covered to achieve compliance within a certain period. Therefore, a required code would also have to be enforced. On the other hand, a voluntary option would not need to implement particular technological restrictions and would instead be regarded as a recommendation.

The government, on the other hand, would like the code to be optional, stating that "on balance, a mandated norm may be too expensive and onerous given the present state of cybersecurity governance, and in the middle of an economic recovery, compared to the advantages it would offer."

It also said that no current regulator had the necessary skills, knowledge, and resources to establish and implement a required norm.

Meanwhile, a "cyber health check" feature for small companies has been proposed.

A small company that participates in a voluntary cybersecurity health check program will get a trust mark that they may use in marketing. According to the document, businesses asking for the health check would self-assess their compliance with a minimum degree of due diligence supplied by the government or a third party. It would also have a 12-month expiration date.

This concept was inspired by the UK government's Cyber Essentials initiative.

To promote the adoption of cybersecurity standards, the report also recommends establishing an enforceable code under federal law. According to the report, the Privacy Act has the greatest potential to establish comprehensive cybersecurity requirements for personal information.

This concept was inspired by the UK government's Cyber Essentials initiative.

To promote the adoption of cybersecurity standards, the report also recommends establishing an enforceable code under federal law. According to the report, the Privacy Act has the greatest potential to establish comprehensive cybersecurity requirements for personal information.

On the other hand, a cybersecurity code would have certain restrictions and would solely apply to the protection of personal information. In addition, a code would also only apply to organizations subject to the Privacy Act.

The government is also contemplating regulatory methods to improving responsible disclosure standards, with both voluntary and obligatory options being considered.

The government would provide advice or toolkits for the industry to establish and implement responsible disclosure policies under the voluntary option. In addition, according to the report, the obligatory option may be included in a future cybersecurity standard for personal information.

The report also addresses the implementation of clear legal remedies for consumers after a cybersecurity event since there are presently few legal alternatives for customers to seek remedies or compensation.

It asks respondents what changes to the Privacy Act 1988 and Australian Consumer Law may be made to adequately address cybersecurity, as well as what additional measures the government should consider.

Regulating IoT devices is also proposed.

To address this, the government issued the voluntary Code of Practice: Securing the Internet of Things for Consumers last year, which includes 13 principles or expectations the government has on manufacturers regarding the security of smart devices.

The discussion paper goes on to propose that the code be made obligatory. Manufacturers would be required to adopt baseline cybersecurity standards for smart devices under the standard.

It also thinks that customers presently lack the skills to readily determine if smart gadgets are "cyber secure" due to a lack of clear, accessible information.

Proposals such as adopting a voluntary star rating label or an obligatory expiration date label may help address this.

Details on how the former would be implemented are few, although the discussion paper mentions comparable the United Kingdom and Singapore systems. Singapore's cybersecurity system is divided into four tiers, with each signifying a greater degree of security and extra security testing.

Meanwhile, the required expiration date label would indicate the amount of time that security updates would be supplied for the smart device. According to the government, this kind of label would not need an independent security assessment and would be a lower-cost option than a star rating label. Thus, the administration emphasizes the expiration date option as its preferred path ahead in its "pros and cons" table.

Spotlight

The Internet of Things (IoT) and the rise of a machine-to-machine (M2M) ecosystem have been long anticipated. As this ecosystem converges with trends like cloud computing and big data, businesses need to be prepared to address the new wave of connected intelligent devices and harness the data that comes with them. To help better understand the realities of this coming wave, during June 2013 Beecham Research conducted a research survey for Oracle of the Internet of Things (IoT) market and use of machine-to-machine (M2M) technology. The purpose of this was to identify new trends in the market for connected devices, with a particular focus on application intelligence. Some of the key points investigated were as follows:


Other News
ENTERPRISE IOT

NEXCOM and Telco Systems Roll Out Pre-Installed 5G/IoT Solution for Virtual Edge Services Management

NEXCOM | March 24, 2022

NEXCOM, a leading supplier of network appliances, and Telco Systems, a leading provider of edge compute solutions, today announced the availability of a commercial-ready solution for SOHOs and mid-range businesses looking to run virtual workloads at the network edge. Most business processes and services today run through the cloud. From work from home and data storage services to accessing company servers and sensitive data protection, these processes depend on edge devices that connect to the company's network. To support new business models driven by digital transformation, IT teams need advanced tools for deploying and running services and applications at the network edge, as well as simplifying management, security and maintenance of edge devices. The joint NEXCOM-Telco Systems offering is based on NEXCOM's DTA 1164W, a 5G-ready desktop uCPE, pre-installed with Telco Systems' Edgility smart edge computing software. With full support for 5G/IoT connectivity, this solution comes ready to support a wide range of cloud native deployments, while its flexible configuration easily adapts to today's dynamic IT environments. NEXCOM's DTA 1164W uCPE is ideally suited to meet the requirements of SOHO and mid-range enterprises. Its I/O interface features eight Ethernet ports for physical network connectivity to multiple devices, together with an additional wireless route. This uCPE supports Wi-Fi 5/6, 4G LTE, and high-speed reliable 5G connectivity using the Thales Cinterion® MV31-W IoT modem card, which can be operated and managed via Edgility. "Based on our successful long-term partnership with Telco Systems, we are onboarding their edge compute software onto our 5G uCPE," said Allan Chiu, VP of Network & Communication Solutions at NEXCOM. "This market-ready solution with pre-installed software suits those of our customers who are seeking an easy-to-deploy product for automating edge device management for SD-WAN networks." About Telco Systems Telco Systems is a leading vendor of innovative communications software products, for the new generation of edge computing and enterprise networks. Telco Systems enables global enterprises, communications service providers, and system integrators to build and operate sophisticated virtual networks, with powerful edge devices, and endless application schemes. Telco Systems' products are successfully deployed at large carriers and enterprises around the world, delivering a resilient, secured, and flexible connectivity between thousands of branches and the cloud. About NEXCOM Founded in 1992 and headquartered in Taipei, Taiwan, NEXCOM integrates its diverse capabilities and operates six global businesses, including the Network and Communication Solutions (NCS) unit. NCS focuses on the latest network technology and helps to build reliable network infrastructure, by delivering professional design and manufacturing services for customers all over the world. NCS's network application platform is widely adopted in Cyber Security Appliance, Load Balancer, uCPE, SD-WAN, Edge Computing, Storage, NVR, and other network applications for businesses of all sizes.

Read More

PLATFORMS

Identiv Announces Hirsch Velocity Software 3.8.4 with New Networked Global IO and Data Centricity Features

Identiv, Inc. | April 06, 2022

Identiv, Inc. (NASDAQ: INVE), a global leader in digital security and identification in the Internet of Things (IoT), today announced the release of Hirsch Velocity Software version 3.8.4. The latest version of the company's complete security management system provides security teams with networked global integrated operations (IO), holistic data centricity across the system, and a thin web client. This transforms the way data is collected throughout the entire physical access control system (PACS), making the solution more intelligent and enabling PACS artificial intelligence (AI). Identiv's Hirsch Velocity Software is an integrated security management system managing access control and security operations across facilities worldwide, from single high-security rooms to multi-building, multi-location campuses. Velocity provides the security and functionality expected from high-end systems with the ease-of-use found in entry level platforms. It delivers stringent security compliance, interoperability, and expansion and flexibility options. The platform is designed for use with the Hirsch family of controllers, uTrust TS Readers, uTrust TS Cards, and Velocity Vision intelligent video management system (VMS). It also integrates with the industry's leading intrusion detection, video surveillance, visitor management, and security services Velocity 3.8.4 adds global IO, data centricity, and a refreshed web client to the industry-leading platform. Networked global IO provides edge computing capabilities and allows panels to share information between themselves and readers. In the event of a software failure, the panels remain functional and do not rely on the host server. With data centricity, the software now supports more data holistically across the system, creating a path to synthesize that data. The thin web client simplifies access control without requiring a full installation, improving user interface (UI), and moving towards a software as a service (SaaS) model. With the latest release of Velocity, we're making our controllers more intelligent, providing a platform where they communicate with each other. As the physical security industry deploys artificial intelligence, controllers at the edge are no longer managed by the host server and need to think for themselves. The networked intelligence of global IO represents that step towards AI. Before controllers can begin to interpret, track trends, and react to data, they need to master data gathering. We're really excited to support this evolution in the industry." Mark Allen, Identiv GM Premises. Velocity allows administrators and operators to access real-time system information, enrollment, and control functionality through a compatible browser on almost any device. It controls doors, gates, turnstiles, elevators, and other equipment, monitors users as they move around a facility, prevents unwanted access, maintains compliance, and provides a robust audit trail. The system also allows contact tracing and lockdown features, providing security operators and dispatchers across an entire campus an affordable, integrated platform for emergency physical security, campus lockdown, and after-event forensic reporting. About Identiv Identiv, Inc. is a global leader in digitally securing the physical world. Identiv's platform encompasses RFID and NFC, cybersecurity, and the full spectrum of physical access, video, and audio security. Identiv is a publicly traded company, and its common stock is listed on the NASDAQ Stock Market LLC in the U.S. under the symbol "INVE."

Read More

INVESTMENT AND BUSINESS

STMicroelectronics Partners with AWS to Strengthen IoT Connection Security

STMicroelectronics | May 13, 2022

STMicroelectronics has created a new AWS FreeRTOS-qualified, TF-M-based reference implementation, working in conjunction with Amazon Web Services (AWS), an ST Authorized partner, to easily and securely connect Internet of Things (IoT) devices to the AWS cloud. “FreeRTOS, backed by our long-term support libraries, is the perfect platform for connecting resource-constrained devices to powerful cloud services,” said Dave Kranzler, GM, IoT Devices, AWS. “Working with ST to integrate industry-standard Arm open-source secure TF-M software and the STM32U5 MCU’s security features lets developers quickly build edge-to-cloud solutions that resist cyber threats.” The superior security built into our STM32U5 MCUs supports the creation of trusted IoT devices to connect to the AWS cloud. Our qualified reference platform represents a significant investment in software integration that saves development time and costs while simplifying compliance with PSA Certified security guidelines.” Daniel Colonna, Marketing Director, Microcontroller Division, STMicroelectronics. The jointly created solution combines ST’s STM32U5 ultra-low-power microcontrollers (MCUs), FreeRTOS open-source real-time operating system, and Arm trusted-firmware for embedded systems (TF-M). The reference implementation is realized on ST’s B-U585I-IOT02A discovery kit for IoT nodes with STM32U5 MCUs, which contains rich features including USB, Wi-Fi, and Bluetooth Low Energy connectivity, as well as multiple sensors. The STSAFE-A110 secure element support is being added and comes pre-loaded with IoT object credentials. It helps secure and simplifies attachment between the connected objects and the AWS cloud. FreeRTOS comprises a kernel optimized for resource-constrained embedded systems and software libraries for connecting various types of IoT endpoints to the AWS cloud or other edge devices. AWS’s long-term support (LTS) is maintained on FreeRTOS releases for two years, which provides developers with a stable platform for deploying and maintaining their IoT devices. The Arm TF-M firmware simplifies protecting embedded systems, including services for secure boot, secure storage, cryptography, and attestation, forming the basis of a trusted execution environment (TEE) on the device. Designed for Arm v8-M architectures, TF-M integrates readily with TrustZone on ST’s STM32U5 MCUs, which feature the Arm Cortex-M33 core. ST’s STM32U5 MCUs target demanding IoT-edge applications, featuring the advanced 160MHz Cortex-M33 core with Arm TrustZone technology and Armv8-M mainline security extension, up to 2MB on-chip Flash, and extreme power-saving features. With hardware cryptographic accelerators, secure firmware installation and update, and enhanced resistance to physical attacks, the MCUs have achieved PSA Certified Level-3 and SESIP 3 certifications. Also, their extreme energy-saving design simplifies powering the application and extends battery lifetime in remote applications. Highlights include three different stop modes that maximize opportunities to operate at the lowest possible power and ST’s batch-acquisition mode that captures peripheral data even while the core is powered down. The STSAFE-A110 EAL5+ certified secure element brings an authentication scheme and personalization service that allow an automated and secured attachment of connected objects to the AWS cloud. It safely relieves the historical burden on IoT-device makers to protect secret credentials during product manufacture. ST will release a version of the reference implementation based on STM32Cube tools and software in Q3 this year, which will further simplify IoT design leveraging seamless integration with the rest of the STM32 ecosystem.

Read More

SOFTWARE AND TOOLS

UserTesting Introduces New Test Templates That Enable Companies to Understand Human Interactions with Connected Devices and the IoT

UserTesting | March 28, 2022

UserTesting (NYSE: USER), a leader in video-based human insight, today released new test templates for the UserTesting Human Insight Platform that enable companies to see first-hand how people experience the Internet of Things (IoT) and other connected devices. As more devices become linked via the Internet and cloud computing and the expectations of customers change, there is a heightened need for companies to understand how people interact with and react to these connected devices and new experiences. As the number of IoT devices increases, forecasted to nearly triple from 8.74 billion in 2020 to more than 25.4 billion IoT devices in 2030, companies are innovating the means in which they interact with their customers – from VR headsets and self-driving cars, to wearable devices and smart home assistants and appliances. The increase in connected devices in both business and consumer worlds presents more opportunities for brands to engage with customers. Companies can gain a great deal of value through learning how their customers utilize and benefit from connected devices, and UserTesting’s new templates help companies provide greater experiences for their customers. UserTesting’s connected device templates provide companies a competitive advantage by giving them access to a more complete picture of their customers’ expectations in their use of connected devices. For example, a large commercial airline has been using UserTesting to develop a new voice assistant feature with insights gathered around travelers’ information needs. Understanding needs, frustrations, assumptions and more is crucial to building a best-in-class device experience and the ability to elevate the connected experience to a new level. The latest templates feature pre-built sample questions that organizations can use as-is or customize to fit their exact testing requirements. Digital transformation is accelerating, more consumers are connected via their devices, and companies want to know how to meet customer expectations in ways they couldn’t have anticipated. Research by the McKinsey Global Institute shows the Internet of Things has the potential to grow in value between $5.5 trillion to $12.6 trillion by 2030. Companies mastering the Internet of Things early have a decided advantage in opening new markets and meeting customer demands.” Janelle Estes, Chief Insights Officer of UserTesting. Companies that struggle to capture the value of IoT can turn to the templates to gain rapid user feedback using UserTesting’s technology to better understand how digitally connected devices perform. UserTesting provides video recordings of actual interactions of customers who have opted in to share their perspectives and experiences as they execute a pre-built series of tasks and instructions online. The new connected device templates add to the more than 100 pre-built testing templates available on the UserTesting Human Insight Platform. About UserTesting UserTesting has fundamentally changed the way organizations get insights from customers with fast, opt-in feedback and experience capture technology. The UserTesting Human Insight Platform taps into our global network of real people and generates video-based recorded experiences, so anyone in an organization can directly ask questions, hear what users say, see what they mean, and understand what it’s actually like to be a customer. Unlike approaches that track user behavior then try to infer what that behavior means, UserTesting reduces guesswork and brings customer experience data to life with human insight. UserTesting has more than 2,300 customers, including more than half of the world’s top 100 most valuable brands according to Forbes.

Read More

Spotlight

The Internet of Things (IoT) and the rise of a machine-to-machine (M2M) ecosystem have been long anticipated. As this ecosystem converges with trends like cloud computing and big data, businesses need to be prepared to address the new wave of connected intelligent devices and harness the data that comes with them. To help better understand the realities of this coming wave, during June 2013 Beecham Research conducted a research survey for Oracle of the Internet of Things (IoT) market and use of machine-to-machine (M2M) technology. The purpose of this was to identify new trends in the market for connected devices, with a particular focus on application intelligence. Some of the key points investigated were as follows:

Resources