At Mobile World Congress Shanghai, IoT security was a recurrent theme. Writing in Mobile World Live, Joseph Waring reported that “A group of more than a dozen mobile operators from around the world committed to implementing the GSMA IoT Security Guidelines, which outline best practice and recommendations for security covering the entire IoT ecosystem.”
That single sentence covers a lot of ground: the IoT is an ecosystem, and the big boys are committed to the GSMA IoT Security Guidelines, which can be found at this link.
“The operators – including AT&T, China Telecom, China Unicom, Deutsche Telekom, Etisalat, KDDI, Orange, Telef”nica, Telenor and Telia – also agreed to adopt a comprehensive security assessment scheme to ensure IoT services are protected against security risks,” wrote Waring. “Alex Sinclair, the GSMA’s CTO, said: “For IoT to flourish, the industry needs an aligned and consistent approach to IoT security. Our guidelines encourage the industry to adopt a robust set of best practices that will help create a more secure IoT market with trusted, reliable services that can scale as the market grows.”
IoT security panel
A panel discussion chaired by Ian Smith, IoT security lead, GSMA, featured a stern warning from Frédéric Donck, MD, European Regional Bureau, Internet Society. Donck put up a slide—like so many we've seen before—with a prediction promising billions of connected IoT devices in the near future. “The total IoT figure, however many millions or billions, will not be realized if security fails,” said Donck. “As an industry, we have to follow best practices [for IoT security].”
Sri Chandra, senior director, standards and technology, IEEE, echoed Donck's thoughts: “Either we can throw away all the devices and say they are not secure, or we can look at how to actively fix this problem.”
Also on the panel: Brito Rodrigo, head of product management, Nokia Security; Jiang Wangcheng, president of IoT solutions, Huawei; and Samuel Sinn, partner, cyber security, PwC.
“The GSMA has plenty of best practices, but we need IoT security assessments too,” said Donck. “Confusion and mistrust are the big issues—what happens when your daughter's doll automatically connects to the internet?”
“Standards are important, but who determines the standards?,” said Jiang. “Security is just one element of service quality, one part of responsibility for service providers.”
A participatory quiz using the Slido system showed the audience felt the responsibility for IoT security rests with IoT service providers.
In a post-panel interview, Jiang expanded on his remarks. “IoT security is a serious issue, and government must take the lead on this. For Huawei and other tech companies, we need to collaborate.”
Jiang said that government “will take an important role—they can organize companies and create standards.” But he added that IoT service providers “should secure service quality, including security.”
The Huawei president said that the IoT is “an important trend for enterprises and verticals. Government must invest in security assessment for service providers—just like a tax.”
Jiang added that his firm intends to open an IoT security lab in Düsseldorf in Q3 of this year.