GSMA publishes security guidelines for IoT services
- Guidelines for IoT developers, operators and service providers
- Help evaluating risks and associated cost implications
- Guidelines, not standards proposals
- Building on the experience of cellular security
The GSMA mobile industry association has today released new guidelines designed to promote the secure development and deployment of IoT services. The guidelines have been developed in consultation with the GSMA’s mobile operator members and industry vendors, and are aimed at IoT service providers and the wider ecosystem. The intention is to offer practical advice on tackling common cybersecurity threats, as well as data privacy issues associated with IoT services.
“As billions of devices become connected in the Internet of Things, offering innovative and interconnected new services, the possibility of potential vulnerabilities increases,” said Alex Sinclair, CTO of the GSMA. “These can be overcome if the end-to-end security of an IoT service is carefully considered by the service provider when designing their service and an appropriate mitigating technology is deployed. A proven and robust approach to security will create trusted, reliable services that scale as the market grows.”
The Security Guidelines have been designed for IoT service providers, device manufacturers, service developers and network operators, and fall under the association’s Connected Living programme – whose focus is to help operators accelerate the delivery of new connected devices and services in the M2M and IoT market. They also come with worked examples, including a wearable scenario, personal drone and vehicle sensor network.
The goal of the document is to provide the implementer of an IoT technology or service with a set of design guidelines for building a secure product, so that the implementer can evaluate the risks associated with each component, and determine how to compensate for them. Each identified risk is assigned a priority, to assist the developer or operator in determining the cost of the attack, as well as the cost of remediation – as well as the potential cost of not addressing the risk.
The GSMA says the document is not intended to drive the creation of new IoT specifications or standards, but will refer to currently available solutions, standards and best practice.
“There is a significant amount of evidence to suggest that cyberattacks are already happening in the burgeoning IoT space,” said Don Bailey, CEO of Lab Mouse Security. “If not handled appropriately, these attacks are likely to inhibit the growth and stability of the Internet of Things."
“These guidelines build on the long experience of secure communications over cellular networks,” said Vicente Muñoz Boza, Chief IoT Officer at Telefónica. “Security of IoT solutions is of utmost importance and these documents represent an important step in supporting our customers to deliver secure end to end services.”