A New Approach to IoT Security Evaluations

September 19, 2016

Security threats have the potential to undermine confidence in the IoT. As such, ensuring end-to-end security and data privacy for IoT solutions is increasingly an industry priority. The security challenges are threefold:

Organisational

Contrary to traditional IT services, successful deployment of IoT solutions requires the collaboration of a large ecosystem, from IoT device manufacturers to network operators to IoT developers and service providers. The lack of consistent terminologies in the IoT and IoT security industry in particular further complicates successful collaboration and deployment.

Commercial

A large number of IoT devices and services are at risk of never being launched to market, because security concerns and risks outweigh the benefits of investment – making security a serious deployment barrier.

Technical

Traditional internet security methods, while still applicable, don’t necessarily address new challenges that are unique to the IoT. These include service availability, secure identity, data privacy, and service integrity in devices that are low complexity and low cost, have constrained power supplies, very long lifecycles and are physically assessable to hackers.  The industry will also have to rise to the challenge of remotely monitoring and maintaining the security of billions of new devices throughout their entire lifecycles.

 

End-to-End Security

Many challenges of IoT security can be addressed with the expertise and assets of mobile network operators, such as the use of private APNs to isolate endpoint devices, communication monitoring to detect unusual traffic activity, and use of SIM cards to enable secure network authentication.

However, security at network level is not enough, for security can be compromised on multiple levels such as physically within endpoint devices, at the service layer, and within the service platform. As a result, IoT security is dependent on all players in the ecosystem, meaning that the end-to-end solution can only be as strong as the weakest link in the chain.

 

IoT Security Evaluations

Consequently, the IoT industry requires different best practices for security which build upon traditional IT security approaches, but focus on the new challenges ahead. The GSMA IoT Security Guidelines promote such best practice for the secure design, development and deployment of IoT services, covering the entire ecosystem while addressing security challenges unique to the IoT.

The complexity and diversity of the IoT ecosystem as well as the quick pace of technological development is creating obstacles for using traditional methods of security evaluation for IoT, such as using a lab based security certification. Traditional methods are often geared towards a single product and may not be applicable to the whole ecosystem. Instead, light-touch benchmarking tools and general approaches are better suited to accommodate the complexity of the IoT ecosystem which contains a diversity of stakeholders and components.

The GSMA IoT Security Self-Assessment covers security controls for the whole ecosystem and further enhances the alignment of all stakeholders by putting in place a concise framework with consistent terminology and a structured approach to IoT security information.

infographic-website-header

 

The scheme enables companies to discover if their security measures align with the best practice outlined in the GSMA IoT Security Guidelines. Companies can use the scheme to address weaknesses in their products and services, and demonstrate to their customers that they’ve taken Cybersecurity seriously.

Take Part Now

 

Back

Addressing Air Quality with IoT & Big Data A Value Generation Guide for Mobile Operators Air quality within cities represents a global challenge for governments, regulators, city administrators and citizens. Much of the h...

Read more | See all Resources

On-Demand Webinar: Mobile IoT (LPWA) for Utilities Mobile IoT technologies, also known as low power wide area (LPWA), serve a diverse range of vertical industries and applications that use low data rates, require long battery liv...

Read more | See all Resources

Smarter and Safer Driving: The Rollout of Cellular V2X Services in Europe Cellular Vehicle-to-Everything (Cellular V2X) describes a set of technologies that allow vehicles to communicate with each other and other smart transport solutions via existing ...

Read more | See all Resources

Presentations from the 5th Global Mobile IoT Summit At the 5th GSMA Global Mobile IoT Summit, leading experts, including Ankur Bhan and Dr George Karam (Sequans), explored the ongoing commercialisation of licensed spectrum LPWA ne...

Read more | See all Resources

LTE-M Deployment Guide LTE-M (LTE-MTC low power wide area (LPWA)) is a new cellular radio access technology specified by 3GPP in Release 13 to address the fast-expanding market for low power wide area ...

Read more | See all Resources

Video: Smart London – Air Quality Monitoring with IoT Big Data Poor air quality in London and many other cities is causing an acknowledged public health problem. Air pollution is now the world’s fourth-leading fatal health risk, causing on...

Read more | See all Resources

Mobile and Auto Industries in Harmony over IoT Technology Dr Shane Rooney, IoT Executive Director, GSMA Connected vehicles are poised to become perhaps the single most noticeable feature of IoT in daily life. Bringing cars online will m...

Read more | See all Industry News

Interview: Setting the Pace for the Industry Craig Miller explains how Sequans plans to lead the development of Mobile Internet of Things chipsets   Craig Miller, VP of Marketing, Sequans In the fourth quarter of 2016,...

Read more | See all Industry News

Four Years From Now: a Glimpse into the Near Future of Mobile IoT 2017 was the year Mobile IoT became a commercial reality.  Connectivity to the Internet of Things through LPWA in licensed spectrum – the most secure and reliable means to do ...

Read more | See all Industry News

Simplicity the key to Growth in Mobile IoT say Operators Mobile IoT is now a commercial reality. 38 operators globally offer solutions through LPWA in licensed spectrum; there are now 15 commercially-launched networks, and 26 Mobile Io...

Read more | See all Industry News

AT&T Hackathon Yields Solutions in IoT from Infrastructure to Bicycles Among the most stimulating events in the lead-up to the Mobile World Congress was the Developer Hackathon. In partnership with AT&T, a special weekend session dedicated to th...

Read more | See all Industry News

GSMA Highlights US$1.8 Trillion IoT Revenue Opportunity for Mobile Network Opera London: The GSMA today announced that mobile network operators are set to benefit from an estimated US$1.8 trillion Internet of Things (IoT) revenue opportunity by 2026 boosted ...

Read more | See all Industry News

Webinar: Mobile IoT (LPWA) for Smart Cities October 25, 2017 Mobile IoT, also known as Low Power Wide Area (LPWA) in licensed spectrum, is ideal for smart cities solutions. Benefited from its low power consumption, low device cos...

Read more | See all Connected Living Events

Smart City Expo World Congress November 14, 2017 Smart City Expo World Congress is the international summit of discussion about the link between urban reality and technological revolution. GSMA IoT will take part in o...

Read more | See all Connected Living Events

Webinar: Accelerating the Commercial Drones Market using Cellular Connectivity November 15, 2017 Drones, or unmanned aerial vehicles (UAVs) are an increasing feature of modern life. As their usage grows, the role of mobile networks becomes more important in providi...

Read more | See all Connected Living Events

International Advanced Mobility Forum 2017 November 30, 2017 The connected vehicle market is one of the highest growth areas of the Internet of Things, with a potential application revenue of $USD 253 billion by 2025 (Machina Res...

Read more | See all Connected Living Events

LPWA Americas 2017 December 05, 2017 REGISTER HERE Mobile IoT refers to low power wide area (LPWA) 3GPP standardised secure operator managed IoT networks in licensed spectrum. In particular, LPWA networks ...

Read more | See all Connected Living Events

GSMA Internet of Things at 5G for Automotive December 12, 2017 New Methods of Security in the Automotive Network Wednesday, 13 December – 13:50 Join Dr. Shane Rooney as he elaborates on new methods of security in the automoti...

Read more | See all Connected Living Events

Contact GSMA Legal Email Preference Centre Copyright © 2017 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.