Through ElevenPaths and the IoT area, Telefónica is collaborating with the “Connected living” program of the GSMA, in order to boost and embody our IoT security strategy.
The security of the Internet of Things (IoT) is one of the most critical industry matters, and operators have to solve this issue through HW and SW standards and solutions so as to securely deploy the services necessary for connecting billions of devices in the next few years.
This is “End to End” security, from the devices to the applications provided by companies which exploit and process the data in order to adapt it to the different IoT vertical requirements: Smart cites, Smart Mobility, Smart Energy, etc.
The results and conclusions of this activity were embodied in the recently published “IOT Security Guidelines”, which can be consulted here. It’s vital for equipment designers (“End Point Ecosystems”) and service designers (“Service Ecosystems”) to have these security norm guidelines available to them.
The GSMA recently organized a webinar to explain the contents of these “guidelines”. Pierre Plaza, member of the IoT team and Telefónica representative in this program, described the role operators must play in order to provide security services in the entire IoT value chain. For its part, SIM provider Gemalto presented the point of view of IoT device developers and the guidelines that must be followed. Telit (manufacturer of modules) explained IoT security from the point of view of service providers.
The guides are structured into four documents. The first document describes the contents of the remaining three documents in general form (overview). It is a reference for understanding the challenges facing new IoT services. Another of these documents describes the current infrastructure of services that operators are already capable of providing within the IoT environment, as well as the shortcomings for providing point to point security in the area.
Both the GSMA and member operators will continue developing this activity. The guides will be the starting point for generating auto-certification manuals for our providers of both devices and services. In this manner we will be able to calibrate the security of the elements that we intend to place in our IoT networks and solutions. Work will also be carried out on the specification of services for point to point security in the IoT; this will be reflected in a “White paper” which should be published at the beginning of 2017.