GSMA, an organisation that represents mobile operators worldwide, has unveiled a new set of guidelines aimed improving IoT security.
The ‘GSMA IoT Security Guidelines’ have been developed with the support of the mobile sector to aid the growth of IOT within the telecoms space.
They’re designed for everyone working in the IoT ecosystem, such as service providers, device manufacturers and developers.
There’s a particular focus on service providers. They are able to use the guidelines to help them build services by outlining different technologies and by finding ways to deal with potential threats.
GSMA is also promoting risk assessments for all components and technology. Elements of this include outlining what assets need to be protected, potential threats to the organisation and any vulnerabilities.
The organisation conducted an industry consultation with professionals such as academics and analysts to test the guidelines and make sure they’re robust enough for real use.
An example could be when “an IoT service may require communications with many IoT service platforms, each of which may require a separate unique identification”.
Alex Sinclair, chief technology officer of GSMA, said: “As billions of devices become connected in the Internet of Things, offering innovative and interconnected new services, the possibility of potential vulnerabilities increases.
IoT security must be robust
“These can be overcome if the end-to-end security of an IoT service is carefully considered by the service provider when designing their service and an appropriate mitigating technology is deployed. A proven and robust approach to security will create trusted, reliable services that scale as the market grows.”
Talking about GSMA’s new guidelines on IoT security, Richard Harris, the CEO of Ensygnia, told Internet of Business: “It’s probably not a coincidence that the GSMA chose the UK’s Safer Internet Day to launch its security guidelines for the Internet of Things. Business and consumer awareness of the need for cyber security is at an all-time high, and yet standards still slip and embarrassing data breaches still occur – whether it’s Ashley Madison or Talk Talk, the consequences can be painful and expensive for the businesses and the consumers.
“The Internet of Things is an area that has probably not had the focus it deserves, so the GSMA’s initiative is to be welcomed and the guidelines are a must read, and a must adopt, for businesses in this space. It is interesting to note their focus on identity as well as encryption.
“At Ensygnia, we are trusted to handle extremely valuable, personal financial data. That’s why our transactions and transmissions are based on identity and encrypted. It’s also why we enable our customers to avoid storing valuable data centrally, exposed to the web. No central store, means no central target for any hackers. Having nothing to attack, is a pretty good method of defence.”
IoT security is a regular topic of debate in the emerging IoT ecosystem. This week alone, a US intelligence chief warned that IoT devices could be used for government spying, a view backed-up recently by researchers at Harvard University.