On 13 January, Ian Smith, IoT Security Lead at the GSMA, presented the GSMA’s IoT Security Guidelines and IoT Security Self-Assessment scheme to an Internet of Things Privacy & Security Workshop hosted by the European Commission, DG CONNECT, and the Alliance for Internet of Things Innovation (AIOTI).
In April 2016, the European Commission outlined a set of IoT policy actions in the Working Document Advancing the Internet of Things in Europe, which is part of the Commission’s Digitising European Industry strategy. One of the policy actions is to strengthen trust, security and privacy in the industry. To meet this challenge, the Commission suggested the development of a Trusted IoT label. The Commission describes the Trusted IoT label as something similar to the labelling system used today to indicate energy-efficiency of various appliances across the EU.
At the Commission workshop, the GSMA demonstrated that the telecoms industry is already taking proactive steps to address the IoT policy challenges outlined by the Commission. The GSMA has developed a comprehensive set of IoT Security Guidelines to help ensure the secure end-to-end design, development and deployment of IoT solutions. These guidelines have since been augmented with the delivery of an IoT Security Self-Assessment scheme, which enables IoT companies to verify that their products are aligned with the GSMA IoT Security Guidelines. By submitting a self-assessment, IoT companies can demonstrate the security measures they have taken to protect their products and services from cybersecurity risk, enhancing their reputation as trusted IoT service providers.
At the January workshop, the GSMA noted that the security self-assessment scheme is a suitable evaluation model for IoT services, as the flexibility of the scheme is highly compatible with the diversity of the IoT market and is unlikely to hinder market innovation. This message was well received by the workshop participants. Several other industry associations also presented similar views on how to address the security and privacy challenges present within IoT services. This included the Fédération Internationale de l’Automobile (FIA) and the Verband Deutscher Maschine und Anlagenbau (VDMA).
A full video recording of the workshop can be found here.