IoTopia: A comprehensive framework for IoT security

IoTopia will provide a practical implementation guide to secure IoT devices across all markets and in line with global requirements. IoTopia consists of four foundational pillars that enable secure design, operation and management.

GlobalPlatform invites and welcomes contributions from chip vendors, device manufacturers, thing makers, IoT platform providers, system integrators, service providers, certification labs, network vendors, end users, government bodies and policy makers.

The Four Pillars Of IoTopia

Secure by Design

Specific, detailed capabilities and features that go beyond best practice and define how secure components and APIs can be used with existing secure by design standards.

Device Intent

IoTopia leverages IETF’s manufacturer usage descriptions (MUD) and uniform resource identifier (URI) to outline device intent, allowing the network to create relevant policies and micro-segmentation rules.

MUD File Service

Autonomous, Scalable, Secure Onboarding for IoT Devices

IoTopia will offer an open, standards-based secure onboarding process to streamline network administration.

Device Lifecycle Management

Software, firmware and hardware patching and updates, update tracking, end-of-life support/service, etc. to effectively manage devices throughout their entire lifecycle.

IoT is driving an explosion in the number of devices connected to networks. Various vertical markets are leading this charge – from consumer right through to industrial use cases – and predictions of 100B devices by 2025 forecast an even faster adoption of IoT in the coming years. However, serious security concerns and related issues need to be addressed to realize the potential of IoT.

Many of today’s connected objects do more than simply provide information at your fingertips – they can make use of sensitive data, gather information and even impact the physical world, in many cases in critical ways. In light of this, there is a need for ubiquitous and standardized end-point/network security, regardless of the use case, to prevent devices from becoming an entry point into a network or a platform for attacks.

Introducing IoTopia

Building on GlobalPlatform’s work to secure the IoT, IoTopia proposes a common framework for standardizing the design, certification, deployment and management of IoT devices. IoTopia device security is testable and meets vertical market requirements by building upon the following foundational pillars: secure by design; device intent; autonomous, scalable and secure onboarding; and device life-cycle management. It is a detailed but executable framework that is standards-based, industry-wide and able to evolve as security capabilities and requirements change. IoTopia also enables device makers to build in line with a consolidated set of parameters by mapping to the leading global guidelines and regulations, and support tiers of security as well as certification in desired verticals.

IoTopia will:

  • Deliver a common, cross industry IoT security framework with set baseline references and standards-based approaches across the four pillars.
  • Drive industry support, adoption and continued development of the IoTopia pillars.
  • Engage & represent the entire IoT ecosystem: chip vendors, device manufacturers, thing makers, IoT platform providers, system integrators, service providers, certification labs, network vendors, end users, government bodies and policy makers.
  • Give device makers a blueprint for how to build secure devices without having to become cybersecurity companies or experts.
  • Ensure that compliance with the baseline requires low to no additional costs for device makers.

Download our eBook here to learn more about IoTopia and how its four pillars provide a practical framework for implementing secure IoT devices in line with global requirements.

For more information, visit the IoTopia Committee and join our next meeting.


Russ Gyurek


Russell Gyurek is the Chair of GlobalPlatform’s IoTopia Task Force and the Director, IoT-CTO and Industries in Cisco IoT CTO Group. He has over 25 years of networking related technology experience, the majority in leadership positions.  Russ’ range of expertise includes IoT/connectivity of things, analytics and big data, cloud, optical networking technologies, broadband architectures and related technical policy, strategic partnerships and emerging market development.  He has held various leadership roles in creating strategy and direction in these areas.

In Russ’ current role he is responsible for technology leadership, market development, future looking university research engagements, partner due diligence and enablement related to IoT and IoT security baselines and policy.  The CTO group evaluates future trends, emerging standards, technologies, and architectures that drive and influence Cisco’s market portfolio relating to IoT. He also works closely with the vertical solutions organization – turning strategy into real world IoT deployments, including IIoT, connected transportation and connected communities.  For the past year he has been leading an industry wide effort focused on the security and scale-ability of “things”.  This effort is now in productization and development with the various players in the IoT eco-system which has led to the creation of an industry consortia called IoTopia. In addition, Russ is a value-of-the-infrastructure advisor to customers, helping to create new business models and use cases to leverage network data for cloud and real time event processing.

Russ engaged in numerous sponsored research work at various universities during his 20 year career at Cisco.   In industry related work, he holds a board seats on University of Washington IoT Board, and the NCSU ECE strategic advisory board, Georgia Tech’s CDAIT board, RTCC board, the CleanTech Corridor board and represents Cisco on RIOT (regional IoT organization).  In these board roles he has collaborated with multi-stakeholders to create new programs for IoT and data science/analysis.  Russ has held board roles in the past on the FTTH Council and the OCF (Open Connectivity Foundation).  He is a participating member on Global Platform- leading the technical committee for IoTopia, 5GAA, and 5G ACIA.  He has given numerous keynotes at conferences and research workshops on IoT and related topics.  Russ has played key roles in IEEE standards development and ratification including 802.3.  Russ holds an appointed position on the FCC-TAC (Technical Advisory Council) where he has chaired Working Groups on the “sunset of the PSTN”, “network resiliency”, “IoT”, Next Generation Internet and “Next Generation Policy and Regulations”.  He is currently the working group Chairman for the 5G/IoT FCC working group team.  He was just reappointed to another 2-year term on the FCC TAC in May of 2019.  Russ has led and participated on numerous technical policy teams in the past 10 years.  These include the state of California, West Virginia, and the country of Lebanon.  Prior to Cisco, Russ held senior technical and leadership roles at BellSouth (AT&T), in the networking part of the business.

Gonda Lamberink

Device Intent Working Group Chair


Ms. Gonda Lamberink is the current Chair of GlobalPlatform’s Device Intent Working Group where she oversees the organization’s involvement in developing documentation for creation, management and certification of MUD files. The working group will also focus on creating MUD Proof of Concept implementations, industry outreach, and exploring liaisons with stakeholders and organizations to help drive MUD. Ms. Lamberink also works as Cybersecurity Senior Business Development Manager at UL (Underwriters Laboratories).


Working Group Chair

Chair nominations in process


Working Group Chair

Chair nominations in process


Working Group Chair

Chair nominations in process

Interested in contributing to IoTopia?

Hey There!

It seems you are using an outdated browser, unfortunately this means that our website will not render properly for you. Update your browser to view this website correctly.