Sixteen mobile network operators around the world have agreed to use a common security framework for the internet of things that was developed by the GSMA.
According to the GSMA, carriers which have signed on to use its GSMA IoT Security Guidelines include AT&T, China Mobile, China Telecom, China Unicom, Deutsche Telekom, Etisalat, KDDI, LG Uplus, Orange, Telefónica, Telenor Group, Telia, Turkcell, Vodafone Group and Zainhave.
The guidelines include best practices for IoT security, with 85 recommendations covering networks and end points as well as services, as well as an assessment checklist for companies to use to identify gaps in their security strategies.
“Analysts have indicated that security issues are a significant inhibitor to the deployment of many new IoT services and, at the same time, the provision of wide area connectivity to an ever-widening variety of IoT services will increase the whole ecosystem’s exposure to fraud and attack,” the GSMA said in its overview of the IoT security guidelines. “There is already much evidence to show that attackers are beginning to show ever greater interest in this area.”
“For the IoT to flourish, the industry needs an aligned and consistent approach to IoT security. Our guidelines encourage the industry to adopt a robust set of best practices that will help create a more secure IoT market with trusted, reliable services that can scale as the market grows,” said Alex Sinclair, the GSMA’s CTO, in a statement. “The mobile industry has a long history of providing secure services in licensed spectrum and by implementing these guidelines, we can help ensure the long-term sustainability and growth of the market.”
Although the sign-on of 16 network operators to the security framework puts the focus on telecom-operator-based IoT services, the GSMA noted that its guidelines are meant to be used by any company in the IoT space, from device makers to developers and other types of IoT service providers.
“Whilst many service providers, such as those in automotive, healthcare, consumer electronics and municipal services, may see their particular security requirements as being unique to their market, this is generally not the case,” the GSMA said in its guidelines. “Almost all IoT services are built using endpoint device and service platform components that contain similar technologies to many other communications, computing and IT solutions. In addition to this, the threats these different services face, and the potential solutions to mitigate these threats, are usually very similar, even if the attacker’s motivation and the impact of successful security breaches may vary.” – RCR Wireless