February 2, 2022

Why We Need IoT Security Standards

Imagine the chaos that would ensue if dozens of different vendors and dozens of different enterprises decided to launch various and competing protocols and systems for managing IoT security. Not only would the lack of integration be the stuff of nightmares it could also be used as an excuse for failing to secure systems and data. The fact is, that is sort of what is happening right now. Many IoT device vendors have their own methods for implementing and updating security, with few standards there to guide them.

It’s no secret, of course, that IoT security needs to be a prime consideration for organizations who want to benefit from the efficiency and other benefits IoT brings. Millions of IoT devices have already been deployed and the number being deployed is expected to accelerate during 2022. All these new devices mean an ever-growing attack surface for hackers, so avoiding exposing your IoT deployment to undue risk means security must be top-of-mind.

The lack of security standards means that everyone is relying on best practices and/or recommendations, and because IoT infrastructure consists of many small, often inexpensive endpoint devices and sensors, it’s easy to underestimate the risks posed.

Onur Kasaba Sales Director Tele2 IoT

The good news is that operators and other stakeholders are ramping up their security offerings, giving enterprises the tools they need to heighten their IoT security. The bad news? Not enough companies are taking advantage of these offerings, risking exposure.  And the lack of standards makes it difficult for companies to know which direction to turn in when it comes to securing their IoT solution.

Industry leaders, government agencies, experts and advocacy groups should all be coming together to implement common security standards for IoT. While there are some region-based standards out there and some organizations attempting to set standards, they are either few and far between or not yet entrenched. In fact, the state of California has one of the few official laws specifically addressing IoT device privacy and security in the world. GSMA (Global System for Mobile Communications Association) is also backing IoT SAFE (IoT SIM Applet for Secure End-to-End Communication), which will provide a common mechanism to secure IoT device-to-cloud communications.

But is this the solution and is it enough? While it’s a step in the right direction, we probably need to do more. Ideally, industry leaders, government agencies, recognized experts, and advocacy groups will band together to collaborate, design, and implement a common checklist of IoT security recommendations that organizations can use to ensure they are taking the right security precautions. We all know how vital standards are when it comes to IT, so IoT standards could, for example, be modeled on the US’s National Security Agency’s (NSA) or the European Union Agency for Cyber Security’s (ENISA) best practices for mobile devices or home networks but designed specifically with IoT security challenges in mind.

So, while the regulatory landscape for IoT security is evolving and standards are starting to be developed and introduced across the IoT value chain, there is still a lot of confusion and the regulatory picture remains complex and disjointed, with no common source or organization setting out recommendations or specifications that can be universally applied.

The good news is that there things are starting happen and is more to come in this area, so stay tuned and be prepared. And you are always welcome to get in touch with our friendly experts at Tele2 IoT, who are here to make sure all your IoT needs are met.

Onur Kasaba
Sales Director
Tele2 IoT

Get in touch