GSMA’s Guidelines and Assessment for IoT Security

This entry was posted on Tuesday, July 24th, 2018.

IoT Security

A group of wireless carriers worldwide announced in late June that they would adopt and implement standard procedures developed to secure the Internet of Things (IoT). They have committed to implementing the GSMA IoT Security Guidelines, which outline best practices and recommendations for security covering the entire IoT ecosystem.

The carriers involved include AT&T, China Telecom, Deutsche Telekom, Etisalat, KDDI, Orange, Telefonica, Telenor, and Telia. They have also agreed to adopt a comprehensive security assessment scheme to ensure IoT services are protected against security risks. This development comes as GSMA intelligence forecast IoT connections will reach 3.1 billion by 2025.

The CTO of GSMA, Alex Sinclair, said: “for IoT to flourish, the industry needs an aligned and consistent approach to IoT security. Our guidelines encourage the industry to adopt a robust set of best practices that will help create a more security IoT market with trusted, reliable services that can scale as the market grows.”

The Guidelines

According to the GSMA, the guidelines are targeted at IoT service providers, device manufacturers, developers, and mobile operators. Their goal is to address typical cybersecurity and data privacy issues associated with IoT services, and outline a blow-by-blow process to securely launch solutions to market. The guidelines are supported by an IoT Security Assessment scheme, which provides a checklist to support the secure launch of IoT solutions into the market and keep them secure throughout their lifecycles.

Thus, a sustainable IoT ecosystem that is designed for end-to-end security is possible. Both the guidelines and the assessment cover the fast-growing low power wide area (LPWA) or mobile IoT technologies such as Long Term Evolution, Category M1 (LTE-M) and Narrowband IoT (NB-IoT).

“Today it has become imperative to focus on the need to have a common IoT assessment and security guidelines that are adapted by global operators, IoT device manufacturers and developers. With the global opportunity for IoT to grow and enable disruptive innovations, these guidelines will help it to flourish and being adapted across industries and services,” said Francisco Salcedo, Senior Vice President of Etisalat Digital.

The guidelines coincide with the 2018 Mobile World Congress in Shanghai, where IoT security was a prominent theme. In a post-panel interview, Jiang Wangcheng, President of IoT solutions at Huawei mentioned that “IoT security is a serious issue, and government must take the lead on this.” He believes that the government will “take an important role – they can organize companies and create standards,” but he also went onto say that IoT service providers “should secure service quality, including security.”

The Bottom Line

Security issues in IoT have long been ignored or kept to the sidelines. However, in the wake of serious data breaches and attacks, manufacturers and providers are finally waking up to the reality of the need to secure the Internet of Things. The GSMA and the wireless carriers involved have stepped up to the plate, signing up to guidelines and an assessment to ensure that their services are secure. With experts noting the importance of the guidelines, and others noting that the participation of both public and private sectors alike, this development is a positive step forward for IoT security.

Download Securing the Industrial Internet of Things