UK Government Backs GSMA IoT Security Guidelines

The UK Government’s Department of Culture, Media and Sport (DCMS) has this week published its IoT Security ‘Code of Practice’, which makes reference to the GSMA’s IoT Security Guidelines as an example of industry best practice. The GSMA’s guidelines outline a number of recommendations for Internet of Things (IoT) security for the entire IoT ecosystem and set out a comprehensive security assessment scheme to ensure IoT services are protected against IoT security risks. With the global cellular IoT market set to reach 3.1 billion IoT connections by 2025, according to GSMA Intelligence, cybersecurity will be of crucial importance.

Earlier this year, DCMS issued a report, ‘Secure by Design’, outlining 13 practical steps that consumer IoT manufacturers should consider when designing and building products, with the intention of making them less vulnerable to attack and keeping consumers safe. The GSMA supported the consultation process alongside the National Cyber Security Centre and  experts from consumer groups, manufacturers and retailers, amongst others, and progress is already being made with organisations such as HP and Centrica Hive implementing the guidelines. DCMS also plan to publish a mapping document that links its guidelines to existing IoT security and privacy guidance from around the world, including the GSMA’s guidelines.

The government is now looking at bringing the code into regulation with an emphasis on removing the burden from consumers by having security embedded into devices from the beginning. The ultimate objective is for appropriate aspects of the Code of Practice to be legally enforceable. They are also working closely with international governments and industry partners across IoT security to drive global alignment across the IoT supply chain.

The GSMA IoT Security Guidelines are targeted at IoT service providers, device manufacturers, developers and mobile operators and provide best practice for the secure end-to-end design, development and deployment of IoT solutions across industries and services. They address typical cybersecurity and data privacy issues associated with IoT services and outline a step-by-step process to securely launch solutions to market. They are supported by an IoT Security Assessment scheme that provides a checklist to support the secure launch of IoT solutions into the market and keep them secure throughout their lifecycles thereby creating a sustainable IoT ecosystem that is designed for end-to-end security.

By following the guidelines from both the government and the GSMA, manufacturers have the opportunity to ensure their devices are inherently secure at the point of manufacture, providing customers with peace of mind.

For more information on the GSMA’s work on IoT Security, please go here: