GlobalPlatform is the standard for managing apps on secure chip technology - combining security feature of hardware and software - which enables the provision of secure services. GlobalPlatform is committed to working with the IoT community to identify and understand the security risks associated with linking services to connected devices and ensuring that a ‘chain-of-trust’ is established to avoid vulnerabilities at the weakest point. Using this knowledge, GlobalPlatform is advancing its standard framework to ensure it supports device connectivity within an IoT ecosystem.
In this interview, Gil Bernabeu, Technical Director at GlobalPlatform, explains further the challenges facing the IoT community.
1. Will concerns regarding cyber security delay IoT growth?
No, as the market is not fully aware of the risks that it could face. IoT technology is early and revolutionary, therefore today the market is more concerned about revenue generation, not additional cost factors, such as security.
From the perspective of the hacking community, there is also little motivation to attack IoT technology and we have not yet witnessed a big brand IoT data breach. This will change as IoT achieves mass market status and the IoT initiatives of big brands become more prominent. Once hackers fully focus on this market, they will be quick to identify points of weakness and exploit them to cause brand damage and to achieve financial gains.
We have already seen one threat model materialize, where hackers blackmail organizations by threatening to close / disrupt their operations if vast sums of money are not received. Maybe this will be the future that businesses need to protect against?
A key challenge for the IoT community when addressing security is that it incorporates such a broad range of markets. Each of these will assess risk and not all IoT services require the highest level of security. Yet, it is important to remember that vulnerabilities are present at the weakest point in the ecosystem. Often a hacker will identify a route to attack a sensitive service, using an unused basic and benign service that has limited or no security requirements. End users may stop investment if the security became a critical point.
As IoT connects many components, businesses and services, a baseline of security standardization is therefore needed to build a chain-of-trust. This would then be layered with further security standards for more sensitive services.
As always, there needs to be a balance between security that is workable and does not impact or limit the innovation cycles of this progressive market.
2. What work must be done to enhance open shared standards for interoperability?
Collaboration rather than interoperability is key. For such a vast industry that incorporates many markets, we are not looking to any ‘one’ industry standard or regulatory body to establish a standardization framework. Instead many different markets will come together to create industry best practice based on good technological bricks. It is at this level that GlobalPlatform Technical Standards add value.
GlobalPlatform is working with the marketplace to enhance its secure application management specifications to support the IoT world. This is particularly important as IoT services will connect devices, for which GlobalPlatform standards offer functional interoperability and security. GlobalPlatform technology provides cost effective and high security embedded solutions which perfectly meet the requirements of the IoT market. Adding a GlobalPlatform secure component into an IoT device provides a state of art crypto engine and protection, with limited bill of material (BoM) impact. Also the variety of providers that already support GlobalPlatform standards ensures that the costs will stay controlled; this is vitally important for the OEM.
Regardless of how these standards evolve, they will be severely lagging behind the IoT industry needs and requirements. IoT schemes need to address this quickly and ensure that standards can be retrospectively applied to already deployed components and solutions.
3. Where do new opportunities lie with Industrie 4.0?
The potential of this market is huge. Brands that maximize IoT services can significantly reduce production costs while delivering exciting and engaging services to end users.
A security breach would be detrimental to brand reputation and brand integrity. It would also impact trust in the IoT offering, regardless of sector. This is why creating and enforcing the chain-of-trust is so fundamental.
Industrie 4.0 needs to embrace and implement security standards to ensure it can fully maximize market opportunities. Security should be viewed as a cost of doing business. It is the foundation on which to build this next generation of innovation, which offers limitless potential.
To find out more about GlobalPlatform’s work within the IoT ecosystem, listen to Gil’s presentation on 22 September at 2 pm or visit their website.
About Smart Summit London
Smart Summit is a 2 day conference and exhibition covering the Internet of Things (IoT) ecosystem and its impact on the digital society.
With 3 in-depth event tracks and over 180 leading speakers, no other IoT event covers the Smart Home, Smart Cities and Industrial Internet of Things in as much detail.
Co-located with a joint networking exhibition, each track (summit) features over 20 unique and topical sessions – gain a unique insight from industry heavyweights and hear case study examples from major contributors.
Make sure you are present in London on the 21st and 22nd September for THE Smart event of 2016.