Backed by the Mobile Industry, New Guidelines
Outline Common Approach to Security for IoT Services
The GSMA today announced the availability of new guidelines
designed to promote the secure development and deployment of
services in the growing Internet of Things (IoT) market. The
document, ‘The GSMA IoT Security Guidelines’, has been developed in
consultation with the mobile industry and offers IoT service
providers and the wider IoT ecosystem practical advice on tackling
common cybersecurity threats, as well as data privacy issues
associated with IoT services.
The project has received the backing and support of the mobile
industry including mobile operators AT&T, China Telecom,
Etisalat, KDDI, NTT DOCOMO, Orange, Telefónica, Telenor and Verizon
and vendor and infrastructure partners 7Layers, Ericsson, Gemalto,
Morpho, Telit and u-blox.
“As billions of devices become connected in the Internet of
Things, offering innovative and interconnected new services, the
possibility of potential vulnerabilities increases,” said Alex
Sinclair, Chief Technology Officer, GSMA. “These can be overcome if
the end-to-end security of an IoT service is carefully considered
by the service provider when designing their service and an
appropriate mitigating technology is deployed. A proven and robust
approach to security will create trusted, reliable services that
scale as the market grows.”
The GSMA’s IoT Security Guidelines have been designed for all
players in the IoT ecosystem including IoT service providers, IoT
device manufacturers and developers. They will help service
providers build secure services by outlining technologies and
methods to address potential threats, as well as how to implement
them. They also establish the need for risk assessment of all
components of an IoT service to ensure they are designed to
securely collect, store and exchange data and successfully mitigate
cybersecurity attacks. The Guidelines recently completed a thorough
industry consultation with academics, analysts and other industry
experts to ensure that they are as robust as possible.
“There is a significant amount of evidence to suggest that
cyberattacks are already happening in the burgeoning IoT space. If
not handled appropriately, these attacks are likely to inhibit the
growth and stability of the Internet of Things,” commented Don A.
Bailey, Founder and CEO, Lab Mouse Security. “It is imperative that
the industry adopts a standard approach for dealing with security
risks and mitigations, helping to ensure that the entire IoT
ecosystem will not be subject to fraud, exposures of privacy, or
attacks that affect human life."
The GSMA IoT Security Guidelines have been developed through the
GSMA Connected Living programme. The programme is designed to help
operators accelerate the delivery of new connected devices and
services in the M2M market. It focuses on driving industry
collaboration, promoting appropriate regulation and optimising
networks to support the growth of M2M in the immediate future and
the IoT in the longer term.
The IoT Security Guidelines are available to download here
www.gsma.com/connectedliving/iot-security-guidelines.
-ENDS-
OPERATOR QUOTES
AT&T
“IoT is all about making the things in your life smarter.
Security is paramount to something that touches and influences our
lives as deeply as IoT. These guidelines are a vital initiative
towards realizing the vision of a robust and highly secure IoT
ecosystem.”
– Cameron Coursey, Vice President, Product Development – IoT
Solutions, AT&T.
ETISALAT
“The Internet of Things presents great opportunities to create
value for businesses and consumers but the interconnection of
heterogeneous systems and technologies increases the chance of
exposing areas of vulnerability. The GSMA IoT Security guidelines
compiles best practice recommendations for service development
which if adopted will minimize opportunities for malicious
exploitation and in turn will reassure market confidence and
facilitate mass adoption. At Etisalat we look forward to use them
when creating new or enhancing our existing IoT service
offering."
- Angel David Garcia Barrio, VP M2M, Etisalat.
KDDI
“KDDI supports the GSMA’s initiatives on security for Internet
of Things and is keen to contribute further for the development of
Connected Society, such as automotive security.”
- Keiichi (Keith) Mori, Executive Officer and General Manager,
Convergence Promotion Division, KDDI.
ORANGE
“As technology evolves and adapts to the new opportunities that
will be realised through connected things and objects, it will be
the consumer who ultimately determines which products and services
are successful. Consumers are becoming increasingly aware of
security vulnerabilities and threats to their own digital identity
and consumer protection will be a key consideration for adoption of
IoT services. Orange welcomes these guidelines and recommendations
from the GSMA, and sees them as a crucial for helping to define the
security ecosystem that the industry must deliver to build consumer
trust and confidence, and that protection of their digital identity
and presence on the internet is inherently part of the solution
they purchase.”
- Mari-Noëlle Jégo-Laveissière, Senior Executive, Innovation,
Marketing and Technologies, Orange
TELEFÓNICA
“These guidelines build on the long experience of secure
communications over cellular networks. Security of IOT solutions is
of utmost importance and these documents represent an important
step in supporting our customers to deliver secure end to end
services.”
- Vicente Muñoz Boza, Chief IOT Officer, Telefónica
TELENOR
"To allow the Internet of Things to take off on its predicted
trajectory, security and privacy must be adopted throughout the
ecosystem and built-in from the start. These guidelines will help
both start-ups and established companies to implement security and
privacy into their processes in order to provide secure services
and products."
- Jimmy Johansson, Information Security and Privacy Officer,
Telenor Connexion
ECOSYSTEM PARTNER QUOTES
7LAYERS
“We regard the release of the GSMA IoT security guidelines as a
big achievement which provides us with a practical way to address
the demands of this growing market. The guidelines not only
describe potential attacks against IoT systems, they also provide a
methodology to prevent them as much as possible. This is very
useful for our customers in the IoT ecosystem. 7layers was involved
in this GSMA initiative together with other experts from the
industry right from the start. Although we expect the further
development of IoT security standards to continue over time, we
consider the GSMA guidelines as an important reference that can
help establish more confidence in Smart Services processes”
- Thomas Jaeger, Global Business Development Director,
7layers
ERICSSON
“The Internet of Things brings great opportunities for
innovation from a growing ecosystem of partners. At the same time,
this rapidly changing, agile market thriving with new entrants also
introduces complex security demands. Ericsson has long been an
active contributor to industry standards development and
implementation. We believe that the GSMA IoT Security Guidelines’
will play an important role in maintaining the level of security
required to drive IoT forward in a meaningful way”.
- Ove Anebygd, VP, Head of Solution Area OSS/BSS Business Unit,
Ericsson.
GEMALTO
“Gemalto supports and actively contributes to the development of
industry best practices with the GSMA IoT Security Guidelines.
These guidelines will help network operators, service providers and
device manufacturers to properly assess the threats and risks as
part of a “security by design” approach in the entire value chain.
Trust and security are now recognized as core success factors for
the deployment of IoT solutions.”
- Norbert Muhrer, Senior Vice President of IoT for Gemalto
TELIT
“Security is surfacing as the most important discussion topic in
the IoT. Telit welcomes the initiatives from GSMA related to IoT
security. As fully vested participants in the development of the
IoT Security Guidelines, we consider them a crucial step,
establishing a baseline on which solutions can be built. These
guidelines must be seen as the foundation for security pertaining
to the most critical elements of the IoT ecosystem: end-points,
services and network.”
- Dr. Mihai Voicu, CSO, Telit
About the GSMA
The GSMA represents the interests of mobile operators worldwide,
uniting nearly 800 operators with more than 250 companies in the
broader mobile ecosystem, including handset and device makers,
software companies, equipment providers and internet companies, as
well as organisations in adjacent industry sectors. The GSMA also
produces industry-leading events such as Mobile World Congress,
Mobile World Congress Shanghai and the Mobile 360 Series
conferences.
For more information, please visit the GSMA corporate website at
www.gsma.com. Follow the GSMA on Twitter: @GSMA.
View source
version on businesswire.com: http://www.businesswire.com/news/home/20160209005170/en/
For the GSMACharlie Meredith-Hardy+44 7917
298428CMeredith-Hardy@webershandwick.comorGSMA Press
Officepressoffice@gsma.com