The new baseline for IoT security

One of the key focuses at this year’s Mobile World Congress has been the security of the Internet of Things. What is the importance of IoT security? As pointed out by Alon Segal, CTO of IoT for Telit, at its most severe, it can be the difference between wellness and physical harm. This in turn, can result in the success or failure of an IoT company. The question as to how  service providers can deliver secure IoT services to consumers and businesses was answered yesterday at the GSMA Seminar ‘Securely Scaling the Internet of Things’ at Mobile World Congress 2016.

IoT security experts Jimmy Johansson, Security Privacy Officer, Telenor Connexion; Alon Segal, CTO- IoT, Telit; Don Baily, CEO, Lab Mouse Security; Gustavo Tanoni, Solution Manager – User Authentication & Digital Identification, Ericsson and Dr Shane Rooney, Executive Director – Connected Living, GSMA, featured in this session, following the recent release of the GSMA’s IoT Security Guidelines, to which all speakers contributed.

Jimmy Johansson began the session with the curious result of a survey  Telenor Connexion issued to their customers and several companies in Sweden: When they asked “what is the greatest challenge when implementing IoT solutions”, security came out on top. In his view, this represents a new stage of maturity in the IoT – connecting devices is now easy, but securing them is much more difficult.

Speakers agreed that security is rapidly becoming recognised as the cornerstone of the IoT, and according to Alon Segal, ‘the issue is that the economic value at stake is getting higher and higher’; the sooner the industry meets the security challenge, the quicker the IoT can scale. For Jimmy Johansson, one way in which the industry can quickly adapt is to move away from proprietary solutions. In his view, they are particularly vulnerable because of the limited interaction they have with the ecosystem and their higher risk of failure when updated.

Lab Mouse Security’s Don Bailey, who claimed to be the first person to have hacked a car and Assisted GPS, spoke in depth about his experience in helping to develop the GSMA IoT Security Guidelines: ‘We presumed there was going to be entirely new solutions and new architectures’ but ‘most of the issues in the IoT were solved in the mobile space…We took the lessons we learnt form mobile, and applied them to the IoT’.

The GSMA’s recently released IoT Security Guidelines promote best practice for the secure design, development and deployment of IoT services to address cybersecurity and data privacy issues associated with IoT services, helping to create trusted, reliable services that can scale as the market grows. Don Bailey expressed his confidence that the guidelines are likely to become the de facto industry standard: ‘I believe the foundation we’ve built, is not just a list of things to do, it’s a baseline for IoT security, period’.

Security was widely discussed throughout the event and was central to Ericsson and Telenor Connexion’s ‘Connected Vineyard’ demonstration at the GSMA Innovation City, which was explained to us by Ericsson’s Gustavo Tanoni. Trialled earlier this year, the Connected Vineyard uses sensors to detect soil temperature & humidity, air temperature & humidity and luminosity, giving winemakers a better understanding of when to harvest, ultimately resulting in a superior product.

By detecting these conditions remotely, they were able to greatly reduce the amount of time spent manually checking conditions. It was explained that this would lead to resource labour saving and also the creation of more jobs in the IoT ecosystem – of which there is already great demand.

Tanoni explained that the solution is secure for two reasons: 1) each device securely authenticated with each other, meaning other devices will not be able to disrupt the solution, and 2) the data is securely transmitted, giving the owner confidence and trust in the overall solution. Both of these factors have been incorporated in the GSMA IoT Security Guidelines. To find out more about the GSMA IoT Security Guidelines, please click here.