IoTopia: A comprehensive framework for IoT security

IoTopia will provide a practical implementation guide to secure IoT devices across all markets and in line with global requirements. IoTopia consists of four foundational pillars that enable secure design, operation and management.

GlobalPlatform invites and welcomes contributions from chip vendors, device manufacturers, thing makers, IoT platform providers, system integrators, service providers, certification labs, network vendors, end users, government bodies and policy makers.

The Four Pillars Of IoTopia

Secure by Design

Specific, detailed capabilities and features that go beyond best practice and define how secure components and APIs can be used with existing secure by design standards.

Device Intent

IoTopia leverages IETF’s manufacturer usage descriptions (MUD) and uniform resource identifier (URI) to outline device intent, allowing the network to create relevant policies and micro-segmentation rules.

MUD File Service

Autonomous, Scalable, Secure Onboarding for IoT Devices

IoTopia will offer an open, standards-based secure onboarding process to streamline network administration.

Device Lifecycle Management

Software, firmware and hardware patching and updates, update tracking, end-of-life support/service, etc. to effectively manage devices throughout their entire lifecycle.

IoT is driving an explosion in the number of devices connected to networks. Various vertical markets are leading this charge – from consumer right through to industrial use cases – and predictions of 100B devices by 2025 forecast an even faster adoption of IoT in the coming years. However, serious security concerns and related issues need to be addressed to realize the potential of IoT.

Many of today’s connected objects do more than simply provide information at your fingertips – they can make use of sensitive data, gather information and even impact the physical world, in many cases in critical ways. In light of this, there is a need for ubiquitous and standardized end-point/network security, regardless of the use case, to prevent devices from becoming an entry point into a network or a platform for attacks.

Introducing IoTopia

Building on GlobalPlatform’s work to secure the IoT, IoTopia proposes a common framework for standardizing the design, certification, deployment and management of IoT devices. IoTopia device security is testable and meets vertical market requirements by building upon the following foundational pillars: secure by design; device intent; autonomous, scalable and secure onboarding; and device life-cycle management. It is a detailed but executable framework that is standards-based, industry-wide and able to evolve as security capabilities and requirements change. IoTopia also enables device makers to build in line with a consolidated set of parameters by mapping to the leading global guidelines and regulations, and support tiers of security as well as certification in desired verticals.

IoTopia will:

  • Deliver a common, cross industry IoT security framework with set baseline references and standards-based approaches across the four pillars.
  • Drive industry support, adoption and continued development of the IoTopia pillars.
  • Engage & represent the entire IoT ecosystem: chip vendors, device manufacturers, thing makers, IoT platform providers, system integrators, service providers, certification labs, network vendors, end users, government bodies and policy makers.
  • Give device makers a blueprint for how to build secure devices without having to become cybersecurity companies or experts.
  • Ensure that compliance with the baseline requires low to no additional costs for device makers.

Download our eBook here to learn more about IoTopia and how its four pillars provide a practical framework for implementing secure IoT devices in line with global requirements.

For more information, visit the IoTopia Committee and join our next meeting.


Sebastian Hans

IoTopia Task Force Co-Chair


Mr. Hans currently serves as Principal Member of Technical Staff at Oracle, previously Sun Microsystems Inc., where he is responsible for all smart card standardization activities with a strong focus on SIM and UICC technology. While at Sun Microsystems Inc, Mr. Hans has also headed up business development within the telecommunications market and has driven advanced pilot projects for the deployment of Java Card in the banking, insurance and mobile communication markets. Mr. Hans represents Sun Microsystems Inc. in ETSI SCP, 3GPP, OMA and is the Vice Chair of ETSI SCP TEC.

Mr. Hans serves as GlobalPlatform Board Director and Co-Chair of the IoTopia Task Force.

Chris Steck

Strategic Director – IoT

Cisco Systems

Chris Steck is Head of Standardization, IoT & Industries for Cisco, where he is responsible for the overall strategy for Cisco’s commercial and industrial IoT standards initiatives, which includes aligning Cisco’s IoT security standards strategy across multiple vertical (5GAA, 5G-ACIA, IIC, OPC, OPAF, OCF) and horizontal consortia (WFA, LoRaWAN, 3GPP, GSMA, oneM2M, OMA,Thread, IEC, IEEE, TCG and Charter of Trust).  Chris also serves on the board of the Open Connectivity Foundation where Cisco is leading Smart Commercial Building specification, and open source efforts to develop an application-agnostic common IoT app framework to drive the proliferation of IoT devices that are interoperable and secure on both managed and unmanaged networks.

Chris held a similar technology strategy role at Jasper, prior to their acquisition by Cisco, driving Jasper’s standards interests in LPWA networking, device provisioning/management, and IoT security. Prior to that, he drove standardization of voice enhancement software and hardware capabilities for Audience (now a part of Knowles), and held similar responsibilities at RealNetworks, driving standards and guiding research in digital media, while serving on the board of the International Multimedia Telecommunications Consortium as CTO.  Much further back he spent several years at Microsoft on Win95 through XP.

A veteran of several startups along the way, he’s also created mobile apps for managing family life, a WiFi phone switch, an operating system GUI for early smartphones, and computer telephony & speech recognition software.

Gonda Lamberink

Device Intent Sub-Task Force Leader


Ms. Gonda Lamberink is the current Chair of GlobalPlatform’s Device Intent Working Group where she oversees the organization’s involvement in developing documentation for creation, management and certification of MUD files. The working group will also focus on creating MUD Proof of Concept implementations, industry outreach, and exploring liaisons with stakeholders and organizations to help drive MUD. Ms. Lamberink also works as Cybersecurity Senior Business Development Manager at UL (Underwriters Laboratories).

Interested in contributing to IoTopia?

Hey There!

It seems you are using an outdated browser, unfortunately this means that our website will not render properly for you. Update your browser to view this website correctly.