IoT: Security Guidelines Emerge

May 20, 2016

There are two sides to the coin: security and data privacy, both of which have the potential to undermine confidence in the entire IoT concept.

With regards to security, there is a whole host of situations where an IoT device or system could be compromised. Think of last year’s hacks of a Jeep on a motorway or a power station in Ukraine. Thankfully, no lives were lost in either, but it is no stretch to imagine the havoc that could be unleashed.

On the issue of data privacy, few connected devices will have a user interface through which an operator or vendor can inform the user about the terms and conditions of use, where their personal data may be stored and how it may be used, and thereby gain the user’s acceptance of those terms.

Combine the two: a connected dustbin could tell a hacker if the homeowner is away, potentially providing valuable information for thieves. Even if a device is not communicating it could indicate the resident is out or away. A developer may not have considered that as a privacy issue but the potential ramifications are obvious.

How is this minefield to be regulated? On the data privacy side, many countries and blocs are busy updating existing regulations. But the security side is less structured and more siloed. The GSMA published a new set of IoT Security Guidelines in February aimed at IoT service providers, device manufacturers and developers. Other industries, including the cloud, energy and automotive sectors are also working on guidelines. The guidelines may be similar, but what is needed is deep cross-industry collaboration. And it’s highly unlikely that it will be possible for globally enforceable legislation to be agreed upon.

They key challenge is bringing together the entire supply chain to produce a secure end-to-end implementation for every single device that can connect or will be connected to the internet.

The GSMA’s guidelines are based on the concept of multi-layer security. They advise that an initial security layer is implemented end-to-end on the application layer, from the endpoint (device) to the service platform, which should be in some way encrypted. Then another layer is implemented where the different systems are monitored and password controls added, ensuring that the credentials for that layer have been securely provisioned.

The technologies to achieve this exist, but there is a shortage of people with the necessary skillsets to be able to implement an end-to-end solution. There also seems to be a lack of industry-wide resolve: if IoT is truly going to become a secure reality, then security must be built into the business model and processes of every supplier and developer of every touchpoint along the chain.

We wish to thank Ian for his time and valuable insights into security in the IoT era. IoT is a key theme for Scrutinise Research and Analysis and we will be speaking with established and up-and-coming vendors in security and IoT, as well as regulators and industry and consumer associations as we put together our report “Securing the Internet of Things”. If you would like more information or would be interested in being a source, please get in touch.

This blog was written by Scrutinise Research and Analysis and originally published at scrutinise.xyz.

Back

Huawei: NB-IoT Ecosystem Partner list This document provides a list of Huawei’s NB-IoT partners, detailing the solutions offered by each organisation. The brochure also contains a list of regions and sectors ...

Read more | See all Resources

Webinar Highlights: Deploying Mobile IoT – Ask the Experts Mobile IoT (licensed spectrum low power wide area) networks are a high-growth area of the IoT and will play an important role in connecting billions of new devices. Low power wid...

Read more | See all Resources

The IoT Opportunity: Mobilising the Internet of Things Representing the mobile industry, the GSMA’s Internet of Things programme is working to accelerate the deployment of new connected solutions. In this short video, discover mor...

Read more | See all Resources

LPWA: Enabling Extreme Wildlife Tracking To protect threatened species, conservationists need to fully understand their behaviour and which habitats are key to their survival. To that end, Vodafone is working with the ...

Read more | See all Resources

The importance of Embedded SIM certification to scale the Internet of Things As a provider of connected devices why should you care about test and certification of Embedded SIM? Because it enables your devices to reach market faster since they do not need...

Read more | See all Resources

Mobile Privacy and Big Data Analytics Big data analytics can have a significant impact on societal aims such as the UN Sustainable Development Goals and has the potential to deliver more effective health outcomes, be...

Read more | See all Resources

Interview: Putting NB-IoT to the Test Cao Ming explains how Huawei’s Shanghai lab is enabling developers to test a wide variety of innovative Internet of Things solutions   Cao Ming, President of FDD Product L...

Read more | See all Industry News

LPWA: Tracking Pallets Across Borders (Use Case) Pallet specialist RM2 and mobile operator AT&T are using the Mobile IoT to streamline international logistics   The global logistics industry has about 15 billion pallet...

Read more | See all Industry News

How to Support the Development of Smart Cities in Asia-Pacific Asia is experiencing exceptionally high rates of urbanisation and population growth. As pointed out by the World Bank Group, the number of people in South Asia’s cities ros...

Read more | See all Industry News

Interview: Oi Brasil Crowdsources Internet of Things Innovation Alberto Boaventura explains how Oi’s new IoT Lab is working with developers, universities and businesses to develop smart solutions and services   Alberto Boaventura, Tech...

Read more | See all Industry News

The IoT Masterclass: Securing the Connected Future By 2025, the world will be composed of 27 billion connected devices.[1] From waste management to water meters, a whole host of new services and devices will share data. This open...

Read more | See all Industry News

Interview: Priming the Pipeline of Opportunity Simon Glassman of module supplier u-blox explains how the company is racing to meet pent-up demand for low power wide area connectivity   Simon Glassman, Head of Strategic P...

Read more | See all Industry News

ETSI Workshop: “Making Smart Cities Sustainable” June 07, 2017 In cooperation with the European Commission and Eurocities, ETSI is pleased to announce the ETSI workshop “Making Smart Cities Sustainable” from large scale pilots ...

Read more | See all Connected Living Events

4th GSMA Global Mobile IoT Summit June 27, 2017 Moving to Global Deployment After seeing more than 40 successful Mobile IoT pilots globally in the last year by a range of mobile operators, the industry is now moving ...

Read more | See all Connected Living Events

Mobile World Congress Shanghai June 28, 2017 The Internet of Things will be central to Mobile World Congress Shanghai  – Asia’s biggest mobile event. Bringing together the global mobile industry’s ...

Read more | See all Connected Living Events

IoT Summit at MWC Shanghai 2017 June 29, 2017 With 27 bn connected devices forecast by 2025, including 6bn in China, mobile technology is playing an increasingly crucial role in the Internet of Things (IoT) –...

Read more | See all Connected Living Events

GSMA Connected Vehicle Summit June 30, 2017 Shanghai New International Expo Centre (SNIEC), W3, Auditorium B   The increasing consumer demand for car connectivity and intelligence has been a key driver of th...

Read more | See all Connected Living Events

Contact GSMA Legal Email Preference Centre Copyright © 2017 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.