IoTopia will provide a practical implementation guide to secure IoT devices across all markets and in line with global requirements. IoTopia consists of four foundational pillars that enable secure design, operation and management.
GlobalPlatform invites and welcomes contributions from chip vendors, device manufacturers, thing makers, IoT platform providers, system integrators, service providers, certification labs, network vendors, end users, government bodies and policy makers.
Secure by Design
Specific, detailed capabilities and features that go beyond best practice and define how secure components and APIs can be used with existing secure by design standards.
IoTopia leverages IETF’s manufacturer usage descriptions (MUD) and uniform resource identifier (URI) to outline device intent, allowing the network to create relevant policies and micro-segmentation rules.
Autonomous, Scalable, Secure Onboarding for IoT Devices
IoTopia will offer an open, standards-based secure onboarding process to streamline network administration.
Device Lifecycle Management
Software, firmware and hardware patching and updates, update tracking, end-of-life support/service, etc. to effectively manage devices throughout their entire lifecycle.
IoT is driving an explosion in the number of devices connected to networks. Various vertical markets are leading this charge – from consumer right through to industrial use cases – and predictions of 100B devices by 2025 forecast an even faster adoption of IoT in the coming years. However, serious security concerns and related issues need to be addressed to realize the potential of IoT.
Many of today’s connected objects do more than simply provide information at your fingertips – they can make use of sensitive data, gather information and even impact the physical world, in many cases in critical ways. In light of this, there is a need for ubiquitous and standardized end-point/network security, regardless of the use case, to prevent devices from becoming an entry point into a network or a platform for attacks.
Building on GlobalPlatform’s work to secure the IoT, IoTopia proposes a common framework for standardizing the design, certification, deployment and management of IoT devices. IoTopia device security is testable and meets vertical market requirements by building upon the following foundational pillars: secure by design; device intent; autonomous, scalable and secure onboarding; and device life-cycle management. It is a detailed but executable framework that is standards-based, industry-wide and able to evolve as security capabilities and requirements change. IoTopia also enables device makers to build in line with a consolidated set of parameters by mapping to the leading global guidelines and regulations, and support tiers of security as well as certification in desired verticals.
Download our eBook here to learn more about IoTopia and how its four pillars provide a practical framework for implementing secure IoT devices in line with global requirements.
For more information, visit the IoTopia Committee and join our next meeting.
IoTopia Task Force Co-Chair
Mr. Hans currently serves as Principal Member of Technical Staff at Oracle, previously Sun Microsystems Inc., where he is responsible for all smart card standardization activities with a strong focus on SIM and UICC technology. While at Sun Microsystems Inc, Mr. Hans has also headed up business development within the telecommunications market and has driven advanced pilot projects for the deployment of Java Card in the banking, insurance and mobile communication markets. Mr. Hans represents Sun Microsystems Inc. in ETSI SCP, 3GPP, OMA and is the Vice Chair of ETSI SCP TEC.
Mr. Hans serves as GlobalPlatform Board Director and Co-Chair of the IoTopia Task Force.
Strategic Director – IoT
Chris Steck is Head of Standardization, IoT & Industries for Cisco, where he is responsible for the overall strategy for Cisco’s commercial and industrial IoT standards initiatives, which includes aligning Cisco’s IoT security standards strategy across multiple vertical (5GAA, 5G-ACIA, IIC, OPC, OPAF, OCF) and horizontal consortia (WFA, LoRaWAN, 3GPP, GSMA, oneM2M, OMA,Thread, IEC, IEEE, TCG and Charter of Trust). Chris also serves on the board of the Open Connectivity Foundation where Cisco is leading Smart Commercial Building specification, and open source efforts to develop an application-agnostic common IoT app framework to drive the proliferation of IoT devices that are interoperable and secure on both managed and unmanaged networks.
Chris held a similar technology strategy role at Jasper, prior to their acquisition by Cisco, driving Jasper’s standards interests in LPWA networking, device provisioning/management, and IoT security. Prior to that, he drove standardization of voice enhancement software and hardware capabilities for Audience (now a part of Knowles), and held similar responsibilities at RealNetworks, driving standards and guiding research in digital media, while serving on the board of the International Multimedia Telecommunications Consortium as CTO. Much further back he spent several years at Microsoft on Win95 through XP.
A veteran of several startups along the way, he’s also created mobile apps for managing family life, a WiFi phone switch, an operating system GUI for early smartphones, and computer telephony & speech recognition software.
SBOM Sub-Task Force Chair
Fortress Information Security
Ms. Gonda Lamberink is the current Chair of GlobalPlatform’s Device Intent Working Group where she oversees the organization’s involvement in developing documentation for creation, management and certification of MUD files. The working group will also focus on creating MUD Proof of Concept implementations, industry outreach, and exploring liaisons with stakeholders and organizations to help drive MUD. Ms. Lamberink also works as Cybersecurity Senior Business Development Manager at UL (Underwriters Laboratories).
Strategic Director – IoT
Chris Steck is Head of Standardization, IoT & Industries for Cisco, where he is responsible for the overall strategy for Cisco’s commercial and industrial IoT standards initiatives, which includes aligning Cisco’s IoT security standards strategy across multiple vertical and horizontal consortia.
Interested in contributing to IoTopia?