GSMA Announces Security Guidelines to Support Growth of the Internet of Things

Mobile standards group the GSM Association unveiled guidelines for deploying IoT devices securely.
Mobile standards group the GSM Association unveiled guidelines for deploying IoT devices securely.

In-brief: New guidelines from a leading mobile industry trade group seek to set standards for securing deployments of Internet of Things device.

The GSM Association (or GSMA), the mobile standards group, has unveiled new guidelines that it says will promote secure development and deployment of Internet of Things (IoT) devices.


Get the New 2017 SANS Research Report on 'Threat Hunting' -- Written by experts from the SANS Institute, the survey reveals a number of interesting data points about the challenges and benefits of threat hunting.


On Thursday, GSMA released a series of documents that it says will provide a “methodology for developing secure IoT services” and ensuring privacy protections in IoT deployments.

The designs represent the consensus recommendations of the mobile industry including operators like Verizon, AT&T, China Telecom, NTT DOCOMO, Orange, Telefónica as well as other infrastructure players like Ericsson, Gemalto, 7Layers and Morpho.

“As billions of devices become connected in the Internet of Things, offering innovative and interconnected new services, the possibility of potential vulnerabilities increases,” said Alex Sinclair, the Chief Technology Officer of GSMA in a statement. “These can be overcome if the end-to-end security of an IoT service is carefully considered by the service provider when designing their service and an appropriate mitigating technology is deployed.”

The GSMA guidelines seek to resolve key security challenges facing IoT deployments including availability, identity, privacy and security. The guidelines comprise separate documents for endpoint makers, service providers and network operators. There’s an overview here. (PDF)

The challenges presented by the IoT are manifold and subtle. Carriers must find ways to extend security features common in modern, high power cellular networks to low power wide area networks (LP WAN) that will support IoT deployments. Security for IoT devices must also extend across networks managed by different operators.

When it comes to identity, the GSMA guidelines note that IoT endpoints need to be able to securely authenticate peers and services while preventing rogue devices from impersonating legitimate endpoints. Users and devices need to be strongly associated with each other, as well, so that data and services are guaranteed to reach the proper destination.

Privacy, the GSMA said, “can no longer be seen as an add-on to existing products and services,” but needs to be designed into products from the ground up. “This can only be achieved by defining the proper architecture for a product or service,” the GSMA guidelines say.

The GSMA has been spearheading mobile industry efforts to define the next generation of mobile communications, as powerful mobile devices like cell phones give way to ubiquitous, but low power connected things – including smart infrastructure, equipment and environmental sensors. GSMA is seeking to erect standards for communications and the exchange of information that will allow IoT deployments to interact and flourish, rather than be Balkanized.

In December, group announced standards for the Low Power Wide Area (LPWA) market including common standards for Narrow Band IoT (NB-IoT), Extended Coverage GPRS (EC-GPRS) and LTE Machine Type Communication (LTE-MTC).

The latest announcement comes ahead of the Mobile World Congress, the mobile industry’s most significant trade show, which kicks of on February 22nd in Barcelona, Spain.

You can read  more here: GSMA Announces Security Guidelines to Support Growth of the Internet of Things