The GSMA has released its new security guidelines for safeguarding devices and services within the Internet of Things (IoT) market.
Developed in consultation with the mobile industry ‘The GSMA IoT Security Guidelines’ give IoT service providers and the wider IoT ecosystem sensible advice to try to address the lingering security issues that currently surround the sector. This includes outlining what technologies and methods can be used to tackle potential threats and more importantly how to implement them.
The guidelines also set out the need to assess all components of IoT services to ensure they can collect, store and share data securely, thus mitigating cybersecurity attacks.
Alex Sinclair, Chief Technology Officer, GSMA said:
“As billions of devices become connected in the Internet of Things, offering innovative and interconnected new services, the possibility of potential vulnerabilities increases.”
“These can be overcome if the end-to-end security of an IoT service is carefully considered by the service provider when designing their service and an appropriate mitigating technology is deployed. A proven and robust approach to security will create trusted, reliable services that scale as the market grows.”
In a statement to Infosecurity, John Sirianni, Vice President, Strategic Partners, IoT at Webroot praised the new guidelines, but suggested it may take some time before the practical benefits come into fruition.
“GSMA carries a great deal of clout in the mobile industry and this will provide a template for others, non-mobile verticals, to base their future security recommendations. In reading through the guidelines they clearly identify potential threat vectors and make solid suggestions on how to prevent attacks. The guidelines are a really good reference for building both the infrastructures and security services to protect those architectures.” he said.
“From a practical perspective the near-term effect will be minimal as it will take time to implement the recommendations. It is also safe to presume there will be changes to the guidelines as the teams executing the recommendations are faced with real world problems that only become apparent upon implementation. Of course, the immediate effect will be to underscore the ongoing concern around security in the IoT and help continue the conversation around how best to fill this need.”