IoTopia: A comprehensive framework for IoT security
IoTopia will provide a practical implementation guide to secure IoT devices across all markets and in line with global requirements. IoTopia consists of four foundational pillars that enable secure design, operation and management.
GlobalPlatform invites and welcomes contributions from chip vendors, device manufacturers, thing makers, IoT platform providers, system integrators, service providers, certification labs, network vendors, end users, government bodies and policy makers.
Secure by Design
Specific, detailed capabilities and features that go beyond best practice and define how secure components and APIs can be used with existing secure by design standards.
Device Intent
IoTopia leverages IETF’s manufacturer usage descriptions (MUD) and uniform resource identifier (URI) to outline device intent, allowing the network to create relevant policies and micro-segmentation rules.
Autonomous, Scalable, Secure Onboarding for IoT Devices
IoTopia will offer an open, standards-based secure onboarding process to streamline network administration.
Device Lifecycle Management
Software, firmware and hardware patching and updates, update tracking, end-of-life support/service, etc. to effectively manage devices throughout their entire lifecycle.
IoT is driving an explosion in the number of devices connected to networks. Various vertical markets are leading this charge – from consumer right through to industrial use cases – and predictions of 100B devices by 2025 forecast an even faster adoption of IoT in the coming years. However, serious security concerns and related issues need to be addressed to realize the potential of IoT.
Many of today’s connected objects do more than simply provide information at your fingertips – they can make use of sensitive data, gather information and even impact the physical world, in many cases in critical ways. In light of this, there is a need for ubiquitous and standardized end-point/network security, regardless of the use case, to prevent devices from becoming an entry point into a network or a platform for attacks.
Introducing IoTopia
Building on GlobalPlatform’s work to secure the IoT, IoTopia proposes a common framework for standardizing the design, certification, deployment and management of IoT devices. IoTopia device security is testable and meets vertical market requirements by building upon the following foundational pillars: secure by design; device intent; autonomous, scalable and secure onboarding; and device life-cycle management. It is a detailed but executable framework that is standards-based, industry-wide and able to evolve as security capabilities and requirements change. IoTopia also enables device makers to build in line with a consolidated set of parameters by mapping to the leading global guidelines and regulations, and support tiers of security as well as certification in desired verticals.
IoTopia will:
- Deliver a common, cross industry IoT security framework with set baseline references and standards-based approaches across the four pillars.
- Drive industry support, adoption and continued development of the IoTopia pillars.
- Engage & represent the entire IoT ecosystem: chip vendors, device manufacturers, thing makers, IoT platform providers, system integrators, service providers, certification labs, network vendors, end users, government bodies and policy makers.
- Give device makers a blueprint for how to build secure devices without having to become cybersecurity companies or experts.
- Ensure that compliance with the baseline requires low to no additional costs for device makers.
Download our eBook here to learn more about IoTopia and how its four pillars provide a practical framework for implementing secure IoT devices in line with global requirements.
For more information, visit the IoTopia Committee and join our next meeting.
Interested in contributing to IoTopia?
