Industry-Led Security Approach Key to IoT’s Commercial Future

March 1, 2018

Ian Smith, IoT Security Director, GSMA
With broadening connectivity comes, unfortunately, greater potential for breaches of security.  As the IoT expands, bringing an ever-increasing array of previously standalone objects online, there are correspondingly more points of entry for hackers to target. The GSMA and its members take nothing more seriously than security; it is the prerequisite to everything else we do. Consumer and customer confidence is essential to the IoT’s ability to scale to its full potential – without the trust of those using services and products that they are safe while they do so, the demand simply will not be there to drive forward investment.

Thankfully, a great deal of work is going into achieving that trust, among some of the most effective security professionals on the planet. The mobile industry has an excellent record of providing secure, reliable services, earning operators the status they now enjoy as the established and trusted providers of secure IoT services.

Building on this work – and taking it forward to meet new challenges as the IoT scales – the GSMA has developed IoT Security Guidelines, a comprehensive set of best practice recommendations which provide a proven approach to end-to-end security.  Solutions can be checked for compliance with the Guidelines by way of the IoT Security Assessment, a straightforward and flexible framework which takes into account the immense diversity of the IoT market.

This was welcomed at our seminar yesterday on IoT Security – Creating a Connected and Secure Future, a special session bringing together some of the world’s leading authorities in cybersecurity. Delegates gathered to hear discussions among those at the forefront of securing the IoT, and consider the best approach to ensuring this in future.

“Transparency on security credibility is key – it’s all very well and good saying you’re secure, but you need to prove it,” warned Francisco Jose Ramirez Vicente, IoT Security Researcher at ElevenPaths.  “Furthermore, IoT is very diverse. Any assessment-based process has to fit with the diversity of the IoT, and the business models that IoT devices have to be accommodated.” The GSMA agrees entirely with this, and it has informed design of the guidelines and assessment at all stages, so that IoT companies of all shapes and sizes can be sure they are properly shielding their solutions from cyberattack, and safeguarding customer data.

To make this as effective as possible, cross-industry collaboration is essential. “IoT security has to follow a standardised approach – it should share some basic features across many different sectors,” explained Dr. Apostolos Malatras, Network and Information Security Expert at ENISA.  “We don’t work on our own, we work with different sectors and companies – ultimately, we’re here to help you help us to help you. Together we can boost the basic level of cyber hygiene from where it stands at present, and indeed we must.”

Top of the agenda were hopes of building a consensus on industry-led approaches to best practice. There was agreement throughout the room that – however well-intentioned – it is unlikely civic authorities will be able to develop such frameworks as effectively as those whose working lives are spent absorbed in IoT security. “When we say certification, what we really mean is conformance,” explained Katerina Megas, NIST’s Program Manager for IoT Cybersecurity. “Requirements should be built in the standards – and we take a broad view of what a standard is – but ultimately we believe this should be industry-lead, through a consensus method.” For this to work optimally, and avoid governments feeling they need to play a greater role, it is essential that events such as yesterday’s take place. “The first challenge is around business drivers – there’s not a single place where we can get all stakeholders together,” observed Ms Megas.

While there is much work to be done, the industry is well-placed to win the trust of consumers in the years ahead.  Carlos Carazo, Global CTO for IoT at Telefónica, pointed out that many of the industry’s core assets, like LTE networks and SIM cards, are highly secure by design. There is however no room for complacency, as was unanimously recognised by attendees. The live hack performed in the session focussed minds very well – if the industry is to reassure consumers of the safety of sensitive use cases like driverless cars, it will need to work at the top of its game over the next year. We at the GSMA are confident it will do precisely that.

Back

TED Talk: How the Internet of Things is Helping Solve Real Problems You’re surrounded by things connected to the internet — from cars and smart elevators to parking meters and industrial machines used for manufacturing. Aruna Srinivasan w...

Read more | See all Resources

Opportunities and Use Cases for Edge Computing in the IoT This paper explores the benefits to the IoT of edge computing and some of the different use cases where it could be applied. It explores the potential operator role for IoT edge ...

Read more | See all Resources

Using Mobile Networks to Coordinate Unmanned Aircraft Traffic This report outlines potential UTM architecture and requirements, highlighting the UTM-related use cases for mobile networks and the benefits that mobile connectivity can bring t...

Read more | See all Resources

GSMA IoT On-Demand Webinar: Cellular – the missing link for drones? Join leading industry experts as they discuss the latest developments in how cellular communications enables BVLOS operation of commercial drones. This webinar was originally br...

Read more | See all Resources

Video: IoT Big Data In this short video, discover how the GSMA and operators are developing a collaborative and harmonised big data ecosystem that will help remove technical and commercial barriers,...

Read more | See all Resources

GSMA IoT On-Demand Webinar: Industry 4.0 – Optimising Industrial IoT A total of 70 Mobile IoT networks, including LTE-M (Long Term Evolution for Machines) and NB-IoT (NarrowBand IoT), have been launched, enabling a fraction of the 25.2 billion IoT...

Read more | See all Resources

Blockchain: From Online Hype to Commercial Reality? Blockchain – the most famous of the distributed ledger technologies, or DLT –  has for some time now been a familiar word whose meaning few truly know. As with various appar...

Read more | See all Industry News

GSMA IoT On-Demand Webinar: Industry 4.0 – Optimising Industrial IoT A total of 70 Mobile IoT networks, including LTE-M (Long Term Evolution for Machines) and NB-IoT (NarrowBand IoT), have been launched, enabling a fraction of the 25.2 billion IoT...

Read more | See all Industry News

Mobile IoT Doubled in Range – Without the Need for Hardware Upgrades Barbara Pareglio, Technical Director, Internet of Things Programme, GSMA Mobile IoT has turned a corner: one that makes connection of even the remotest areas, such as those in ru...

Read more | See all Industry News

Collaboration and Innovation to pave the way for AI in the IoT: an Intervi Sierra Wireless is one of the leading technology providers in the industry and an important enabler for the IoT. In the wake of Mobile World Congress Americas, we interviewed Dan...

Read more | See all Industry News

Intelligent Connectivity Top of the Agenda in Bangkok as Asia Pacific Leads Asia Pacific is now the world’s foremost growth region for IoT, representing 40% of the world’s total spend in 2018: mass installation of sensors, cameras and other connected...

Read more | See all Industry News

Development Guide: NB-IoT for Agriculture The GSMA Internet of Things programme is an initiative to help mobile operators add value and accelerate the delivery of new connected devices and services in the IoT. This is to...

Read more | See all Industry News

Mobile IoT at CES19 January 08, 2019 The Internet of Things will be central to CES19. You can discover the range of our activities below, and visit us during the week at our stand: Booth 2210, Westgate. We...

Read more | See all Connected Living Events

Mobile IoT Breakfast Briefing at CES19 – The low power opp January 09, 2019 Join us at this executive breakfast event at CES19 to learn about the growth and opportunity for licensed LPWA solutions, applied to mass market consumer applications. ...

Read more | See all Connected Living Events

How to Develop Low Power Consumer Solutions with Cellular Io January 09, 2019 As a low cost solution that provides long battery lives and extended indoors and outdoors coverage, cellular low power wide area (LPWA) technologies are set to reshape ...

Read more | See all Connected Living Events

Mobile IoT Networking Reception at CES19 January 09, 2019 Lotus Ballroom 3 | Download Directions Join the Mobile IoT Networking Reception to enjoy an open bar and engaging conversations. Meet experts from the mobile and adjace...

Read more | See all Connected Living Events

GSMA IoT Webinar Series: SIM-ply Secure – Leveraging the S January 23, 2019 The SIM is the only common component across all types of cellular IoT devices, providing a trusted and standardised foundation for the Internet of Things. Being hardwar...

Read more | See all Connected Living Events

8th Mobile IoT Summit February 24, 2019 Existing cellular networks have evolved by adopting 3GPP standa/rd LTE-M and NB-IoT networks to deliver service to billions of new devices providing complete IoT connec...

Read more | See all Connected Living Events