GSMA issues manifesto on how to keep IoT secure in the future

10 Feb 2016

While the world enters into a time when billions of devices are connected to one another as part of the internet of things (IoT), a new guideline document aims to ensure those devices stay protected from a potential security disaster.

Many companies are rushing out to create IoT devices such as smart kitchen appliances, drones and, of course, mobile phones, but those well-versed in network security will tell you that there are far too many cases of IoT devices acting as Trojan horses for all sorts of malware.

With this in mind, the Groupe Speciale Mobile Association (GSMA) – the group responsible for the standardisation of mobile devices – has partnered with some of the largest mobile operators in the world to outline what it thinks should be the security guidelines to follow for any future devices.

With backers including U-blox, AT&T, China Telecom, Telefónica and Verizon, the document delves into how to neutralise the most common threats in cybersecurity and, one of the biggest bugbears for privacy advocates, the ensuring of data protection and privacy.

The GSMA’s document states in the beginning that its intended audience is wide-ranging, whether it be the manufacturer of the device, the company looking to make a device, or those looking to develop the IoT technologies behind it.

A checklist for developers

The guideline offers IoT developers and manufacturers a checklist in which they ask their developers whether they’re able to say ‘yes’ to all the questions posed, particularly on the control allowed for the end-user.

Citing examples, the GSMA document looks at technologies like a wearable heart-rate monitor, which, in a hypothetical scenario, could be shown to have a number of issues, particularly potential cloning or anomalous endpoint behaviour.

Speaking of the guidelines, GSMA’s CTO, Alex Sinclair, said: “As billions of devices become connected in IoT, offering innovative and interconnected new services, the possibility of potential vulnerabilities increases.

“These can be overcome if the end-to-end security of an IoT service is carefully considered by the service provider when designing their service and an appropriate mitigating technology is deployed. A proven and robust approach to security will create trusted, reliable services that scale as the market grows.”

Online security image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com