GSMA Announces Security Guidelines to Support Growth of the Internet of Things

February 9, 2016

Press Release

Backed by the Mobile Industry, New Guidelines Outline Common Approach to Security for IoT Services

London:The GSMA today announced the availability of new guidelines designed to promote the secure development and deployment of services in the growing Internet of Things (IoT) market. The document, ‘The GSMA IoT Security Guidelines’, has been developed in consultation with the mobile industry and offers IoT service providers and the wider IoT ecosystem practical advice on tackling common cybersecurity threats, as well as data privacy issues associated with IoT services.

The project has received the backing and support of the mobile industry including mobile operators AT&T, China Telecom, Etisalat, KDDI, NTT DOCOMO, Orange, Telefónica, Telenor and Verizon and vendor and infrastructure partners 7Layers, Ericsson, Gemalto, Morpho, Telit and u-blox.

“As billions of devices become connected in the Internet of Things, offering innovative and interconnected new services, the possibility of potential vulnerabilities increases,” said Alex Sinclair, Chief Technology Officer, GSMA. “These can be overcome if the end-to-end security of an IoT service is carefully considered by the service provider when designing their service and an appropriate mitigating technology is deployed. A proven and robust approach to security will create trusted, reliable services that scale as the market grows.”

The GSMA’s IoT Security Guidelines have been designed for all players in the IoT ecosystem including IoT service providers, IoT device manufacturers and developers. They will help service providers build secure services by outlining technologies and methods to address potential threats, as well as how to implement them. They also establish the need for risk assessment of all components of an IoT service to ensure they are designed to securely collect, store and exchange data and successfully mitigate cybersecurity attacks. The Guidelines recently completed a thorough industry consultation with academics, analysts and other industry experts to ensure that they are as robust as possible.

“There is a significant amount of evidence to suggest that cyberattacks are already happening in the burgeoning IoT space. If not handled appropriately, these attacks are likely to inhibit the growth and stability of the Internet of Things,” commented Don A. Bailey, Founder and CEO, Lab Mouse Security. “It is imperative that the industry adopts a standard approach for dealing with security risks and mitigations, helping to ensure that the entire IoT ecosystem will not be subject to fraud, exposures of privacy, or attacks that affect human life."

The GSMA IoT Security Guidelines have been developed through the GSMA Connected Living programme. The programme is designed to help operators accelerate the delivery of new connected devices and services in the M2M market. It focuses on driving industry collaboration, promoting appropriate regulation and optimising networks to support the growth of M2M in the immediate future and the IoT in the longer term.

The IoT Security Guidelines are available to download here



“IoT is all about making the things in your life smarter. Security is paramount to something that touches and influences our lives as deeply as IoT. These guidelines are a vital initiative towards realizing the vision of a robust and highly secure IoT ecosystem.”
– Cameron Coursey, Vice President, Product Development – IoT Solutions, AT&T.

“The Internet of Things presents great opportunities to create value for businesses and consumers but the interconnection of heterogeneous systems and technologies increases the chance of exposing areas of vulnerability. The GSMA IoT Security guidelines compiles best practice recommendations for service development which if adopted will minimize opportunities for malicious exploitation and in turn will reassure market confidence and facilitate mass adoption. At Etisalat we look forward to use them when creating new or enhancing our existing IoT service offering."
– Angel David Garcia Barrio, VP M2M, Etisalat.

“KDDI supports the GSMA’s initiatives on security for Internet of Things and is keen to contribute further for the development of Connected Society, such as automotive security.”
– Keiichi (Keith) Mori, Executive Officer and General Manager, Convergence Promotion Division, KDDI.

“As technology evolves and adapts to the new opportunities that will be realised through connected things and objects, it will be the consumer who ultimately determines which products and services are successful. Consumers are becoming increasingly aware of security vulnerabilities and threats to their own digital identity and consumer protection will be a key consideration for adoption of IoT services. Orange welcomes these guidelines and recommendations from the GSMA, and sees them as a crucial for helping to define the security ecosystem that the industry must deliver to build consumer trust and confidence, and that protection of their digital identity and presence on the internet is inherently part of the solution they purchase.”
– Mari-Noëlle Jégo-Laveissière, Senior Executive, Innovation, Marketing and Technologies, Orange

“These guidelines build on the long experience of secure communications over cellular networks. Security of IOT solutions is of utmost importance and these documents represent an important step in supporting our customers to deliver secure end to end services.”
– Vicente Muñoz Boza, Chief IOT Officer, Telefónica

"To allow the Internet of Things to take off on its predicted trajectory, security and privacy must be adopted throughout the ecosystem and built-in from the start. These guidelines will help both start-ups and established companies to implement security and privacy into their processes in order to provide secure services and products."
– Jimmy Johansson, Information Security and Privacy Officer, Telenor Connexion


“We regard the release of the GSMA IoT security guidelines as a big achievement which provides us with a practical way to address the demands of this growing market. The guidelines not only describe potential attacks against IoT systems, they also provide a methodology to prevent them as much as possible. This is very useful for our customers in the IoT ecosystem. 7layers was involved in this GSMA initiative together with other experts from the industry right from the start. Although we expect the further development of IoT security standards to continue over time, we consider the GSMA guidelines as an important reference that can help establish more confidence in Smart Services processes”
– Thomas Jaeger, Global Business Development Director, 7layers

“The Internet of Things brings great opportunities for innovation from a growing ecosystem of partners. At the same time, this rapidly changing, agile market thriving with new entrants also introduces complex security demands. Ericsson has long been an active contributor to industry standards development and implementation. We believe that the GSMA IoT Security Guidelines’ will play an important role in maintaining the level of security required to drive IoT forward in a meaningful way”.
– Ove Anebygd, VP, Head of Solution Area OSS/BSS Business Unit, Ericsson.

“Gemalto supports and actively contributes to the development of industry best practices with the GSMA IoT Security Guidelines. These guidelines will help network operators, service providers and device manufacturers to properly assess the threats and risks as part of a “security by design” approach in the entire value chain. Trust and security are now recognized as core success factors for the deployment of IoT solutions.”
– Norbert Muhrer, Senior Vice President of IoT for Gemalto

“Security is surfacing as the most important discussion topic in the IoT. Telit welcomes the initiatives from GSMA related to IoT security. As fully vested participants in the development of the IoT Security Guidelines, we consider them a crucial step, establishing a baseline on which solutions can be built. These guidelines must be seen as the foundation for security pertaining to the most critical elements of the IoT ecosystem: end-points, services and network.” 
– Dr. Mihai Voicu, CSO, Telit

About the GSMA
The GSMA represents the interests of mobile operators worldwide, uniting nearly 800 operators with more than 250 companies in the broader mobile ecosystem, including handset and device makers, software companies, equipment providers and internet companies, as well as organisations in adjacent industry sectors. The GSMA also produces industry-leading events such as Mobile World Congress, Mobile World Congress Shanghai and the Mobile 360 Series conferences. 

For more information, please visit the GSMA corporate website at Follow the GSMA on Twitter: @GSMA.
Media Contacts:
For the GSMA
Charlie Meredith-Hardy
+44 7917 298428

GSMA Press Office

Contact GSMA Legal Email Preference Centre Copyright © 2016 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.