Australia's Heavy Vehicle Regulator ups its security posture by partnering

Allowed the organisation to uncover security vulnerabilities created from within.
Written by Asha Barbaschow, Contributor

The National Heavy Vehicle Regulator (NHVR) is an independent regulator for all vehicles over 4.5 tonnes gross vehicle mass in Australia.

It was stood up in 2013 and currently employs just over 350 people, across Adelaide, Brisbane, Canberra, Launceston, and Melbourne. It also has close relationships with 40,000 road freight businesses, 900,000 vehicles, 500 road managers, and 1,000 authorised officers.

As the NHVR isn't a large organisation, its information and security manager Shawn Hardie highlighted to the Gartner IT Symposium/Xpo on the Gold Coast that an organisation like the NHVR needed to partner up, particularly when it came to security.

"[We're] not really in the position to add more security staff, so what we're looking to do is just bubble up what is interesting, that we should be focusing on, and getting our staff to just look at those incidents," Hardie said.

"Sometimes you'll add an extra piece of technology and you're actually adding a whole lot of extra support and personnel."

See also: 5 ways to enforce company security (TechRepublic)

Hardie said adding technology should be about augmenting the humans that are already within the organisation.

The NHVR turned to Darktrace to gain a better view of its network.

"It was agentless, so you don't have to go around and touch everything with an IP and put an agent on that to start collecting the data from the network," he said.

Hardie used the platform at a previous employer, and said it allowed a better view of what staff were doing within the network.

"We didn't see any Kim Jong-un or Russian bears trolloping through our network, but what we did see was issues that our staff were potentially creating for us that they were unaware that they were issues, or they were just sort of bending the rules a little bit," he explained.

It was a similar story when he first moved to the NHVR.

"Within the first couple of months, we had something like 12 significant incidents that were very worthwhile to delve into deeper, and again, it wasn't Kim Jong-un, it was our own staff doing strange things," Hardie said.

"That was system administrators as well as the user base and it was great at that stage -- it was all about cyber hygiene and just cleaning up some of the behaviours within our own staff."

Hardie said it allowed the NHVR to start having conversations with staff about the behavioural changes that would help reduce the risk it was actually facing as a result of their actions.

The NHVR is slowly taking on the regulatory responsibility of states as well, meaning that it is currently working out the heavy vehicle law for each of them. This, Hardie said, means the organisation is going to be even more geographically spread out. It will also mean there are going to be more endpoints that require protection.

Asha Barbaschow travelled to Gartner IT Symposium/Xpo as a guest of Gartner.


Editorial standards