GSMA Launches Self-Assessment Security Scheme For IoT Devices

Earlier this year, the Connected Living programme released the GSMA IoT Security Guidelines to promote the secure development and deployment of services in the growing Internet of Things (IoT) market. They were developed in consultation with the mobile industry with the aim of providing IoT service providers and the wider IoT ecosystem with practical advice on tackling common cybersecurity threats as well as data privacy issues associated with IoT services.

Today we are launching a new service called the GSMA IoT Security Self-Assessment scheme that is designed to help IoT companies demonstrate the security measures they have taken to protect their products and services from cybersecurity risk. The move is intended to give confidence to users that IoT services are secure, as well as enhance the reputation of service providers as trusted business partners.

The global cost of cyber security was $400 billion in 2015, according to analyst house Machina Research, and is forecast to reach $2 trillion by 2019 based on research released by Juniper Research. The increase is being driven by the rising number of digital services and connected solutions, which in many cases have not been designed to cope with emerging security threats. Machina Research also predicts there will be 26 billion connected devices in the world by 2020, which need to be reliable and secure in order for the IoT market to reach its potential. The IoT Security Self-Assessment scheme is intended to help IoT companies take positive action to protect their devices from potential cyberattacks and safeguard customer data.


IoT Security Self-Assessment Process

Each IoT device manufacturer or service provider is required to complete and submit a self-assessment document comprised of a checklist of items stating alignment with the recommendations outlined in the GSMA Security IoT Guidelines document. On submission, the GSMA will ensure that each application complies with the Guidelines and, if all documentation is completed correctly, will assign the application with a reference number. A summary of the application, with the unique reference number, will then be published on the GSMA’s ‘Completed Self-Assessment’ website. This will enable any company to contact a listed organisation and request to see the completed checklist to be reassured about the security status of a company’s IoT products or services.

The GSMA IoT Security Guidelines were designed to enable the creation of trusted, reliable and scalable IoT services. They are supported by the mobile industry, including mobile operators AT&T, China Telecom, Etisalat, KDDI, NTT DOCOMO, Orange, Telefónica, Telenor and Verizon, as well as vendor and infrastructure partners 7Layers, Ericsson, Gemalto, Morpho, Telit and u-blox.


Assessing IoT Security Measures Webinar

The GSMA is also holding a webinar called ‘Assessing IoT Security Measures’ on September 14th at 3pm (UTC+1). Industry experts will discuss the GSMA IoT Security Self-Assessment scheme, as well as how organisations can demonstrate the measures they have taken to combat cybersecurity attacks and risks. The event will also be recorded and available online. To register for the event please go here.

To find out more about the IoT Security Self-Assessment tool click here. To see the list of completed IoT Self-Assessments please visit here. For more information about the Connected Living programme please go to our Connected Living page.