Platform Security Summary

DCH uses encryption to protect client data [, ]. All traffic between DCH and external systems (web front-end users, BMS gateways, IoT systems/platforms, and off-system applications) is protected by industry-standard Transport Layer Security (TLS). Cloud computing infrastructure hosting DCH uses storage that is encrypted at rest.

Sensor data from on-premises edge devices and cloud-hosted third-party platforms can be ingested into DCH’s time-series storage in near real-time via multiple protocols. is preferred where possible [], and a REST API is also available. For each client organisation, authorised users may use a self-service user interface to create and configure their Data Sources. This process generates unique credentials which can then be used to configure devices for authentication upon connection.

‘Applications’ in DCH are software that accesses semantic and time-series data. They are installed on-platform by nominating an application version and the sites/buildings to operate on. DCH automatically orchestrates containerised instances inside the Senaps platform [] to execute applications. This strategy prevents applications from accessing arbitrary external networks, and allows access to strictly authorised internal data only. This means client organisations can be assure that on-platform applications cannot covertly exfiltrate data [].

Off-platform applications are deployed by clients outside of DCH’s infrastructure. This gives greater flexibility for DCH clients, where implicit trust is acceptable. Access by off-platform applications must still be authenticated and authorised [].

DCH provides a domain-specific query API [] for data discovery. This API enforces access controls, transparently composes and runs low-level queries, and returns object-like representations of semantic data.

User / principal authentication is achieved by OAuth2 and API keys []. After authentication, authorisation to access resources is managed by role-based access control (RBAC) []. Roles describe actions that can be taken over specified resources. Roles are included in role sets, which are assigned to users (either directly or by membership of groups). DCH’s RBAC logic is fulfilled by integrating a commercial authentication and authorisation module into all external APIs []. For each client organisation, authorised administrator users may use a permissions management interface to configure user/group assignment, role sets and roles.

All DCH cloud infrastructure is physically located within the Australian jurisdiction, and operated by a commercial service provider listed as a ‘Certified Service Provider’ under the Department of Home Affairs’ .

Collection of Personally Identifiable Information (PII) about DCH users is deliberately kept to the minimum necessary for functionality and security []. User accounts are based on verified email address []. Organisational affiliation and consent to terms & conditions [] are also recorded. Although legal names are not recorded directly [], they could be inferred from email address. Logs of platform interactions record IP address and any sent by a user’s browser (browser vendor, software version, operating system, etc).

While most categories of data in DCH are not intrinsically PII, some data with high spatial and temporal resolution (e.g. metering or motion detection) could indirectly imply physical presence and pattern-of-life of individuals, with consequential implications for the privacy of building occupants []. Client organisations, as the owners of their semantic model data and time-series data in DCH, are responsible for collection and treatment of such data in accordance with Australian Privacy Principles and any relevant state and federal laws.

In addition to building conventional security features into the DCH platform, software development practices are an important part of securely implementing and deploying online systems []. DCH components are developed with engineering practices and tools that support quality assurance.

Software operations are logged, and platform performance is monitored [].