Pronouncements like this from the GSMA make us smile. The IoT, they say, needs to be secured. And here are some guidelines. Not standards, mind, guidelines. Really?
And there were we thinking we could carry on connecting toasters, coffee makers, safes (that’s just stupid, Ed) and a range of other Silly Things, without fear that someone might hack them. Really?
Guidelines, after the ship has sailed, could be deemed a waste of time. The subtext of a guideline is basically ‘we have lost control of the ship, but here are some things that you should do to stop it sinking.’
Here are some of the quotes that support the announcement of the guidelines:
Mr Sinclair, CTO of the GSMA “These [vulnerabilities] can be overcome if the end-to-end security of an IoT service is carefully considered by the service provider when designing their service and an appropriate mitigating technology is deployed.”
That’s OK then (stop laughing, Ed).
A Mr Bailey from somewhere called Lab Mouse Security (no, we haven’t either) says: “If not handled appropriately, these attacks are likely to inhibit the growth and stability of the Internet of Things.”
Ah, yes, thank you (no, really, stop laughing, Ed).
And Senor Munoz Boza “these guidelines build on the long experience of secure communications over cellular networks.”
So, to sum up, ‘could you all go and implement stuff in your products, services, monitors, detectors and other things that we haven’t worked out whether we need yet, that makes them all safe.’
The problem, of course, as Mr Sinclair rightly says, is that the IoT is a vast and fast-growing eco-system (over-hyped, dot.com-like opportunity). And many of the companies involved would not know a security problem if it bashed them on the head, grabbed their wallet, shook their hand and ran off into a rainy London afternoon.
The manufacturer of the vase that tells when to water your flowers is probably not going to think about security when he is putting the finishing touches to the fake crystal design. The people who encourage you to play music to your unborn child via a rather privately concealed speaker have probably not thought about the implications of being hacked.
And yet. As the mists of cynicism evaporate, a thought occurs.
Security as a Service is something that the GSMA’s constituency is perfectly placed to provide. And as telcos race, apparently now with increasing political will and (wait for it) excitement – why not?
Network operators of the world, members of the GSMA, unite and provide the kettle makers a secure (and therefore valuable) route to market. Otherwise the IoT eco-system might boil over and the bad guys might steal your toast. Any……
(This article was cut off at this point, and the journalist involved was taken into care, where, sadly he was hacked and evolved into a virtual reality version of himself. We are hoping he will be available as a download in the not too distant future, securely provided by a local telco).
Recent Comments