IoT: Security Guidelines Emerge

May 20, 2016

There are two sides to the coin: security and data privacy, both of which have the potential to undermine confidence in the entire IoT concept.

With regards to security, there is a whole host of situations where an IoT device or system could be compromised. Think of last year’s hacks of a Jeep on a motorway or a power station in Ukraine. Thankfully, no lives were lost in either, but it is no stretch to imagine the havoc that could be unleashed.

On the issue of data privacy, few connected devices will have a user interface through which an operator or vendor can inform the user about the terms and conditions of use, where their personal data may be stored and how it may be used, and thereby gain the user’s acceptance of those terms.

Combine the two: a connected dustbin could tell a hacker if the homeowner is away, potentially providing valuable information for thieves. Even if a device is not communicating it could indicate the resident is out or away. A developer may not have considered that as a privacy issue but the potential ramifications are obvious.

How is this minefield to be regulated? On the data privacy side, many countries and blocs are busy updating existing regulations. But the security side is less structured and more siloed. The GSMA published a new set of IoT Security Guidelines in February aimed at IoT service providers, device manufacturers and developers. Other industries, including the cloud, energy and automotive sectors are also working on guidelines. The guidelines may be similar, but what is needed is deep cross-industry collaboration. And it’s highly unlikely that it will be possible for globally enforceable legislation to be agreed upon.

They key challenge is bringing together the entire supply chain to produce a secure end-to-end implementation for every single device that can connect or will be connected to the internet.

The GSMA’s guidelines are based on the concept of multi-layer security. They advise that an initial security layer is implemented end-to-end on the application layer, from the endpoint (device) to the service platform, which should be in some way encrypted. Then another layer is implemented where the different systems are monitored and password controls added, ensuring that the credentials for that layer have been securely provisioned.

The technologies to achieve this exist, but there is a shortage of people with the necessary skillsets to be able to implement an end-to-end solution. There also seems to be a lack of industry-wide resolve: if IoT is truly going to become a secure reality, then security must be built into the business model and processes of every supplier and developer of every touchpoint along the chain.

We wish to thank Ian for his time and valuable insights into security in the IoT era. IoT is a key theme for Scrutinise Research and Analysis and we will be speaking with established and up-and-coming vendors in security and IoT, as well as regulators and industry and consumer associations as we put together our report “Securing the Internet of Things”. If you would like more information or would be interested in being a source, please get in touch.

This blog was written by Scrutinise Research and Analysis and originally published at scrutinise.xyz.

Back

LPWA: Enabling Extreme Wildlife Tracking To protect threatened species, conservationists need to fully understand their behaviour and which habitats are key to their survival. To that end, Vodafone is working with the ...

Read more | See all Resources

The importance of Embedded SIM certification to scale the Internet of Things As a provider of connected devices why should you care about test and certification of Embedded SIM? Because it enables your devices to reach market faster since they do not need...

Read more | See all Resources

Mobile Privacy and Big Data Analytics Big data analytics can have a significant impact on societal aims such as the UN Sustainable Development Goals and has the potential to deliver more effective health outcomes, be...

Read more | See all Resources

Securing the Port of the Future Led by the University of Seville, the Port Authority of Seville, and Telefónica, the Tecnoport 2025 project uses Internet of Things (IoT) solutions to improve the efficiency of ...

Read more | See all Resources

Webinar: Experts Discuss Telco IoT Big Data Initiatives The Internet of Things is generating a huge amount of data that is currently retained in vertical silos. However, a true IoT is dependent on the availability and confluence of ri...

Read more | See all Resources

Video: Importance of Interoperability in Digital Health Revealed in Industry Web Digital health solutions can increase quality, reduce cost, and extend reach of healthcare. They can empower individuals to manage their own health more proactively and effective...

Read more | See all Resources

‘Mobile IoT: A Network which has been made for Battery, Speed and Cost’ – This year, the Internet of Things will make one of its biggest advances. As the Mobile IoT (licensed LPWA solutions) launches in Korea, Spain, the UK, the US and countless other ...

Read more | See all Industry News

Towards the Autonomous City: All you Need to know About Smart Cities During MWC The simple and easy retrofitting of IoT solutions is enabling cities to develop according to their needs and concealing the rapid pace of change that is happening before us What...

Read more | See all Industry News

‘Internet of the Seas’ marks new wave of eco-friendly IoT solutions on show Such is the rapid development of the Internet of Things that new milestones seem to be as quickly reached as they are surpassed. However, with the standardisation and commercial ...

Read more | See all Industry News

GSMA Announces Winners of Mobile IoT Innovators Showcase Awards The GSMA’s Connected Living programme today announced the winners of ‘The Mobile IoT Innovators Showcase’ competition at the GSMA Global Mobile IoT Summit, held at the Hesp...

Read more | See all Industry News

Mobile IoT Takes Off with Multiple Global Launches Planned in 2017 The availability of commercial Low Power, Wide Area (LPWA) solutions is set to dominate the agenda at the GSMA Global Mobile IoT Summit, held today at the Hesperia Tower Hotel in...

Read more | See all Industry News

Smart Traffic: a Key Step Towards Smart Cities Cities are getting smarter every day, but generally in incremental fashion, such that the pace of change is barely perceived. With rapid uptake of connected vehicles now plainly ...

Read more | See all Industry News

Mobile World Congress Shanghai June 28, 2017 The Internet of Things will be central to Mobile World Congress Shanghai  – Asia’s biggest mobile event. Bringing together the global mobile industry’s ...

Read more | See all Connected Living Events

Contact GSMA Legal Email Preference Centre Copyright © 2017 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.