IoT: Security Guidelines Emerge

May 20, 2016

There are two sides to the coin: security and data privacy, both of which have the potential to undermine confidence in the entire IoT concept.

With regards to security, there is a whole host of situations where an IoT device or system could be compromised. Think of last year’s hacks of a Jeep on a motorway or a power station in Ukraine. Thankfully, no lives were lost in either, but it is no stretch to imagine the havoc that could be unleashed.

On the issue of data privacy, few connected devices will have a user interface through which an operator or vendor can inform the user about the terms and conditions of use, where their personal data may be stored and how it may be used, and thereby gain the user’s acceptance of those terms.

Combine the two: a connected dustbin could tell a hacker if the homeowner is away, potentially providing valuable information for thieves. Even if a device is not communicating it could indicate the resident is out or away. A developer may not have considered that as a privacy issue but the potential ramifications are obvious.

How is this minefield to be regulated? On the data privacy side, many countries and blocs are busy updating existing regulations. But the security side is less structured and more siloed. The GSMA published a new set of IoT Security Guidelines in February aimed at IoT service providers, device manufacturers and developers. Other industries, including the cloud, energy and automotive sectors are also working on guidelines. The guidelines may be similar, but what is needed is deep cross-industry collaboration. And it’s highly unlikely that it will be possible for globally enforceable legislation to be agreed upon.

They key challenge is bringing together the entire supply chain to produce a secure end-to-end implementation for every single device that can connect or will be connected to the internet.

The GSMA’s guidelines are based on the concept of multi-layer security. They advise that an initial security layer is implemented end-to-end on the application layer, from the endpoint (device) to the service platform, which should be in some way encrypted. Then another layer is implemented where the different systems are monitored and password controls added, ensuring that the credentials for that layer have been securely provisioned.

The technologies to achieve this exist, but there is a shortage of people with the necessary skillsets to be able to implement an end-to-end solution. There also seems to be a lack of industry-wide resolve: if IoT is truly going to become a secure reality, then security must be built into the business model and processes of every supplier and developer of every touchpoint along the chain.

We wish to thank Ian for his time and valuable insights into security in the IoT era. IoT is a key theme for Scrutinise Research and Analysis and we will be speaking with established and up-and-coming vendors in security and IoT, as well as regulators and industry and consumer associations as we put together our report “Securing the Internet of Things”. If you would like more information or would be interested in being a source, please get in touch.

This blog was written by Scrutinise Research and Analysis and originally published at scrutinise.xyz.

Back

LPWA: Enabling Extreme Wildlife Tracking To protect threatened species, conservationists need to fully understand their behaviour and which habitats are key to their survival. To that end, Vodafone is working with the ...

Read more | See all Resources

The importance of Embedded SIM certification to scale the Internet of Things As a provider of connected devices why should you care about test and certification of Embedded SIM? Because it enables your devices to reach market faster since they do not need...

Read more | See all Resources

Mobile Privacy and Big Data Analytics Big data analytics can have a significant impact on societal aims such as the UN Sustainable Development Goals and has the potential to deliver more effective health outcomes, be...

Read more | See all Resources

Securing the Port of the Future Led by the University of Seville, the Port Authority of Seville, and Telefónica, the Tecnoport 2025 project uses Internet of Things (IoT) solutions to improve the efficiency of ...

Read more | See all Resources

Webinar: Experts Discuss Telco IoT Big Data Initiatives The Internet of Things is generating a huge amount of data that is currently retained in vertical silos. However, a true IoT is dependent on the availability and confluence of ri...

Read more | See all Resources

Video: Importance of Interoperability in Digital Health Revealed in Industry Web Digital health solutions can increase quality, reduce cost, and extend reach of healthcare. They can empower individuals to manage their own health more proactively and effective...

Read more | See all Resources

LPWA: Streamlining Waste Collection (Use Case) Veolia harnesses the Mobile IoT to cut the number of truck journeys made to empty bins   As cities expand and the urban population grows, municipalities need to collect more...

Read more | See all Industry News

LPWA: Simplifying the Smart Home (Use Case) Hisense is exploring how the Mobile IoT can give consumers remote control over their appliances   At Mobile World Congress 2017 in Barcelona, multinational white goods and e...

Read more | See all Industry News

Verizon Launches Industry’s first LTE-M Nationwide IoT Network Last week, Mobile IoT (licensed low power wide area networks) made a significant breakthrough in North America after mobile network operator Verizon confirmed the launch of the f...

Read more | See all Industry News

The Mobile IoT Innovators Showcase at Mobile World Congress 2017 The Mobile IoT Innovators Showcase was a competition initiated by the GSMA Internet of Things Programme to enable innovative companies to make their contribution to a connected f...

Read more | See all Industry News

Unprecedented number of Mobile IoT demonstrations at Mobile World Congress 2017 Low power wide area solutions in licensed spectrum (Mobile IoT) have long been discussed in the industry, seeing the technology’s potential to connect billions of new devices m...

Read more | See all Industry News

Raising Standards across the Internet of Things Dino Flore of 3GPP and Barbara Pareglio of the GSMA explain the pivotal role of standards in shaping the Mobile Internet of Things Dino Flore, Chairman of RAN group, 3GPP Barbara...

Read more | See all Industry News

Webinar: Deploying Mobile IoT (LPWA) – Ask the Experts April 25, 2017 Register now Mobile IoT (licensed spectrum low power wide area) networks are a high-growth area of the IoT and will play an important role in connecting up billions of ...

Read more | See all Connected Living Events

Digital Societies Policy Forum and GSMA Capacity Building Course May 08, 2017 With support from the Australian Government and other partners, the International Telecommunication Union (ITU) and the GSMA are pleased to host the 3rd Asia-Pacific D...

Read more | See all Connected Living Events

GSMA Mobile 360 Series – Privacy & Security May 23, 2017   IoT Security Masterclass: Establishing a Flexible Framework to Address Market Diversity Wednesday, 24 May, 11:15 – 12:00 Red Room, Hilton Hotel From conne...

Read more | See all Connected Living Events

Mobile World Congress Shanghai June 28, 2017 The Internet of Things will be central to Mobile World Congress Shanghai  – Asia’s biggest mobile event. Bringing together the global mobile industry’s ...

Read more | See all Connected Living Events

Contact GSMA Legal Email Preference Centre Copyright © 2017 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.