Insight Series: GlobalPlatform’s initiatives for a safer, simpler IoT
Last month, GlobalPlatform announced its Board of Directors for 2021 including the election of new Chair, Stéphanie El Rhomri of Fime. In this latest blog from our insight series, Stéphanie outlines GlobalPlatform’s key initiatives for the year ahead, to help stakeholders in connected industries build, deploy and securely manage their solutions with confidence.
GlobalPlatform is an organization founded on the security expertise of its members. For over 20 years we have guided the development, and driven the adoption, of standards and certifications that address the specific business, security, regulatory and data protection needs of connected industries. The Board and members are coming together to solve a range of problems for the ecosystem, so let’s take a look at some of the initiatives and technologies that will change the way the industry approaches IoT security and management.
Initiatives to build, certify and securely manage IoT devices
As I step into my new role as Chair, I look forward to continuing GlobalPlatform’s work to secure and manage the IoT ecosystem. In the last few years, we have launched a number of key initiatives that are enabling hardware security to be used as a platform for digital innovation:
• Security Evaluation Standard for IoT Platforms (SESIP) methodology – enabling device makers and certification bodies to manage their own IoT device certification schemes.
• IoTopia Framework – a practical implementation strategy to support the deployment and management of secure IoT devices across all markets and in line with global requirements.
• MUD File Service – a free Beta service that helps IoT device makers to share device network requirements with users and network managers, to simplify device onboarding and management. This is the first achievement of the IoTopia framework for device Intent.
Addressing IoT market fragmentation with TPS APIs
For developers, there is a need to simplify the implementation of security features enabled through Chains of Trust in all connected devices.
To address this, GlobalPlatform’s Trusted Platform Service Committee is preparing to launch its first Application Programming Interface (API). The TPS API will enable a standardized way for IoT applications to access secure services and attestation mechanisms within a device. It means device manufacturers operating in different verticals will be able to grant access to security services anchored to the Root of Trust in their products. Ultimately, it will make the process of connecting and protecting digital services simpler and more cost effective.
Closing the IoT security skills-gap
In addition to technical solutions, a key priority for GlobalPlatform is educating the market on IoT security requirements and best practices. The IoT continues to accelerate at an unprecedented rate and the opportunities are significant – by 2025 the global IoT market could be worth up to 1.5 trillion USD in value. Yet unfortunately in the race to connect, security is often under-estimated, most of the time due to a lack of understanding or skills-gap. Particularly in traditionally ‘offline industries’ where manufacturers have limited or no security expertise, there is a need to raise awareness of security threats and the solutions to overcome them.
When it comes to cybersecurity, different markets are at very different stages of maturity and different levels of exposure. Healthcare, for example, is only just starting its IoT journey compared to the smartphone industry.
Additionally, there is a common misconception that software-only solutions are adequate security measures, yet Governments and regulators, such as ENISA and many others, are increasingly mandating hardware security in their IoT security standards and baseline requirements. Fortunately, security-by-design is at the core of GlobalPlatform’s DNA and we have very advanced, and constantly updated technologies, for building Chains of Trust based on Root of Trust. Through our virtual workshops and webinars, GlobalPlatform is committed to educating IoT players on security risks and the benefits of secure component technologies.
This includes our upcoming SE for IoT Workshop, which will offer live use cases and demonstrations to explain how Secure Elements (SEs) can overcome IoT implementation challenges.
Certification schemes that reduce cost and time to market
Certification is essential to facilitate trust, confidence and collaboration between stakeholders as well as foster market stability and growth. GlobalPlatform is constantly evolving and expanding its certification schemes, to keep pace with evolving requirements and the development of new form factor technologies like integrated SEs.
Another key initiative for us this year is the launch of our MCU Protection Profile, which will help stakeholders comply with Common Criteria requirements. We will also be releasing the second version of our SESIP methodology.
Collaborating on simpler, universal approaches
Although it may seem like IoT security challenges are substantial, businesses do not need to reinvent the wheel or invest in extensive or expensive R&D work to overcome them. GlobalPlatform’s specifications and certifications are developed in partnership with key technology players, industry bodies and regulators around the world.
Companies come to GlobalPlatform to share the security requirements of their markets, and work with us to develop technologies in a standardized, scalable way.
If you are interested in joining companies like Cisco and Intel and becoming a GlobalPlatform member, to access and help define standards and certifications that achieve end-to-end security, privacy, simplicity and convenience, please contact firstname.lastname@example.org.
As you can see, our work to enable the ecosystem to build, certify and manage IoT devices securely and efficiently is extensive. GlobalPlatform’s work is about developing technologies that take the pain away from security and enable innovation and differentiation. I look forward to working alongside the Board to drive this activity forward in my role as Chair.