IoT security guidelines released by GSMA

The GSMA released a set of security guidelines for the Internet of Things (IoT) in a bid to ensure services are reliable and trustworthy.

They take the form of separate documents targeted at the major component parts of the IoT value chain, such as the service, network and terminal. The idea is that by following these guidelines, the industry will develop IoT services and devices with security baked in from the start.

“As billions of devices become connected in the Internet of Things, offering innovative and interconnected new services, the possibility of potential vulnerabilities increases,” said the GSMA’s chief technology officer Alex Sinclair, in a statement.

“These can be overcome if the end-to-end security of an IoT service is carefully considered by the service provider when designing their service and an appropriate mitigating technology is deployed,” he said. “A proven and robust approach to security will create trusted, reliable services that scale as the market grows.”

The primary audience for the IoT Security Guidelines are:

  • IoT Service Providers – enterprises or organisations who are looking to develop new and innovative connected products and services.
  • IoT Device Manufacturers – who provide IoT devices to IoT service providers, in order to enable IoT services.
  • IoT Developers – who build IoT services on behalf of IoT service providers.
  • Network Operators – who provide services to IoT service providers.

In addition to outlining technologies and techniques to address potential threats, the guidelines also establish the need for risk assessment of an IoT service to ensure they are designed to securely collect, store and exchange data, and successfully mitigate cybersecurity attacks.

Reviewed by academics, analysts and industry experts, the guidelines have also been backed by a number of industry players, from operators like AT&T, Etisalat, NTT DoCoMo, and Orange, to vendors including Ericsson, Gemalto and Telit, among others.

“Security is paramount to something that touches and influences our lives as deeply as IoT. These guidelines are a vital initiative towards realising the vision of a robust and highly secure IoT ecosystem,” said Cameron Coursey, vice president of product development at AT&T’s IoT solutions unit.

The GSMA’s announcement follows a warning issued by Telefonica in late January that not enough is being done to address the security threat to IoT services.

The set of guideline documents promotes a methodology for developing secure IoT services to ensure security best practices are implemented throughout the life cycle of the service. The documents provide recommendations on how to mitigate common security threats and weaknesses within IoT services.

The scope the document set is limited to recommendations pertaining to the design and implementation of IoT services and network elements. This document set is not intended to drive the creation of new IoT specifications or standards, but will refer to currently available solutions, standards and best practice.