GlobalPlatform is announcing a new comprehensive framework for IoT security ahead of the IoT Solutions World Congress conference in Barcelona. IoTopia is designed to provide a common framework for designing, certifying, deploying and managing IoT devices.
“IoTopia will provide a detailed but executable framework that is standards-based, industry-wide and able to evolve as security capabilities and requirements change,” said Russ Gyurek, GlobalPlatform IoTopia committee chair. “Importantly, IoTopia is bringing together global and regional guidelines and requirements to help device manufacturers build products and services that satisfy regulatory mandates. This offers the flexible security blueprint that is needed for device makers to build secure devices without having to become cybersecurity companies or experts.”
The framework will be based on four pillars:
- Security by design: detailed capabilities to define how secure components and APIs can be used with existing standards
- Device intent: for managing device permissions and access on networks
- Autonomous, scalable, secure device onboarding: to streamline network administration
- Device life cycle management: features and capabilities for managing device life cycles, updates, and maintenance.
“The IoT ecosystem needs to get serious about cybersecurity. Many of today’s connected objects do more than simply provide information at your fingertips – they make use of sensitive data, gather information and even impact the physical world, in many cases in critical ways,” comments Kevin Gillick, GlobalPlatform executive director. “In light of this, there is a need for ubiquitous and standardized end-point and network security to prevent devices from becoming an entry point into a network or a platform for attacks. These are serious security concerns that need to be addressed to realize the market potential of IoT – which is why we have launched IoTopia.”
Other features will include a common, cross industry IoT security framework; industry support, adoption and continued development; engagement with the entire IoT ecosystem; a blueprint for building secure devices; and compliance with the baseline.