IoT: Security Guidelines Emerge

May 20, 2016

There are two sides to the coin: security and data privacy, both of which have the potential to undermine confidence in the entire IoT concept.

With regards to security, there is a whole host of situations where an IoT device or system could be compromised. Think of last year’s hacks of a Jeep on a motorway or a power station in Ukraine. Thankfully, no lives were lost in either, but it is no stretch to imagine the havoc that could be unleashed.

On the issue of data privacy, few connected devices will have a user interface through which an operator or vendor can inform the user about the terms and conditions of use, where their personal data may be stored and how it may be used, and thereby gain the user’s acceptance of those terms.

Combine the two: a connected dustbin could tell a hacker if the homeowner is away, potentially providing valuable information for thieves. Even if a device is not communicating it could indicate the resident is out or away. A developer may not have considered that as a privacy issue but the potential ramifications are obvious.

How is this minefield to be regulated? On the data privacy side, many countries and blocs are busy updating existing regulations. But the security side is less structured and more siloed. The GSMA published a new set of IoT Security Guidelines in February aimed at IoT service providers, device manufacturers and developers. Other industries, including the cloud, energy and automotive sectors are also working on guidelines. The guidelines may be similar, but what is needed is deep cross-industry collaboration. And it’s highly unlikely that it will be possible for globally enforceable legislation to be agreed upon.

They key challenge is bringing together the entire supply chain to produce a secure end-to-end implementation for every single device that can connect or will be connected to the internet.

The GSMA’s guidelines are based on the concept of multi-layer security. They advise that an initial security layer is implemented end-to-end on the application layer, from the endpoint (device) to the service platform, which should be in some way encrypted. Then another layer is implemented where the different systems are monitored and password controls added, ensuring that the credentials for that layer have been securely provisioned.

The technologies to achieve this exist, but there is a shortage of people with the necessary skillsets to be able to implement an end-to-end solution. There also seems to be a lack of industry-wide resolve: if IoT is truly going to become a secure reality, then security must be built into the business model and processes of every supplier and developer of every touchpoint along the chain.

We wish to thank Ian for his time and valuable insights into security in the IoT era. IoT is a key theme for Scrutinise Research and Analysis and we will be speaking with established and up-and-coming vendors in security and IoT, as well as regulators and industry and consumer associations as we put together our report “Securing the Internet of Things”. If you would like more information or would be interested in being a source, please get in touch.

This blog was written by Scrutinise Research and Analysis and originally published at scrutinise.xyz.

Back

GSMA Regulatory Position on Drones This consultation response explains the benefits of cellular connectivity in more detail before identifying potential barriers to cellular connectivity that regulators should be ...

Read more | See all Resources

NB-IoT Deployment Guide This GSMA document is the first edition of the NB-IoT Deployment Guide for mobile network operators and application service providers. It identifies a minimum set of key NB-IoT ...

Read more | See all Resources

Video: The 4th GSMA Global Mobile IoT Summit Held shortly after the launch of Mobile IoT networks in China, Germany, the Netherlands, Spain and the USA, the 4th GSMA Global Mobile IoT Summit featured some of the industry...

Read more | See all Resources

The GSMA Webinar Series 2017-2018 Mobile IoT (licensed spectrum low power wide area) networks are a high-growth area of the IoT and will play an important role in connecting up billions of new devices. Over 40 su...

Read more | See all Resources

Huawei: NB-IoT Ecosystem Partner list This document provides a list of Huawei’s NB-IoT partners, detailing the solutions offered by each organisation. The brochure also contains a list of regions and sectors ...

Read more | See all Resources

Webinar Highlights: Deploying Mobile IoT – Ask the Experts Mobile IoT (licensed spectrum low power wide area) networks are a high-growth area of the IoT and will play an important role in connecting billions of new devices. Low power wid...

Read more | See all Resources

Four Years From Now: a Glimpse into the Near Future of Mobile IoT 2017 was the year Mobile IoT became a commercial reality.  Connectivity to the Internet of Things through LPWA in licensed spectrum – the most secure and reliable means to do ...

Read more | See all Industry News

Simplicity the key to Growth in Mobile IoT say Operators Mobile IoT is now a commercial reality. 38 operators globally offer solutions through LPWA in licensed spectrum; there are now 15 commercially-launched networks, and 26 Mobile Io...

Read more | See all Industry News

AT&T Hackathon Yields Solutions in Mobile IoT from Infrastructure to Bicycl Among the most stimulating events in the lead-up to the Mobile World Congress was the Developer Hackathon. In partnership with AT&T, a special weekend session dedicated to Mo...

Read more | See all Industry News

GSMA Highlights US$1.8 Trillion IoT Revenue Opportunity for Mobile Network Opera London: The GSMA today announced that mobile network operators are set to benefit from an estimated US$1.8 trillion Internet of Things (IoT) revenue opportunity by 2026 boosted ...

Read more | See all Industry News

The Connected Bicycle Solution That’s Making our Cities Smarter Among the more rapid developments in IoT since the 2016 Mobile World Congress has been the progress made by Ulster-based tech start-up See.Sense. Since making their first demonst...

Read more | See all Industry News

GSMA Mobile IoT Innovators Showcase at 4YFN – MWC Americas 09:00-17:00, 12 – 14 September, Moscone Center, South Hall, 2300A The Development Cycle of Mobile IoT From stand-alone modules and development kits to companies at various st...

Read more | See all Industry News

Webinar: Mobile IoT (LPWA) for Utilities September 27, 2017 Mobile IoT technologies, also known as low power wide area (LPWA), serve a diverse range of vertical industries and applications that use low data rates, require long b...

Read more | See all Connected Living Events

Smart Cities Week October 03, 2017 Strengthening City Service Delivery with Mobile Networks The GSMA’s Smart Cities Lead Neill Young will be speaking the Smart Cities Week on 4th October. In this p...

Read more | See all Connected Living Events

GSMA IoT in European Utility Week October 03, 2017 Sponsored by Huawei, GSMA is thrilled to join and exhibit in European Utility Week in Amsterdam on 3-5 October 2017, to showcase Mobile IoT solutions to more than 12,00...

Read more | See all Connected Living Events

Webinar: Mobile IoT (LPWA) for Smart Cities October 25, 2017 REGISTER NOW Mobile IoT, also known as Low Power Wide Area (LPWA), is ideal for smart cities solutions. Benefited from its low power consumption, low device cost, long ...

Read more | See all Connected Living Events

Contact GSMA Legal Email Preference Centre Copyright © 2017 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.