CTIA creates IoT cyber-security certification programme
August 23, 2018
Wireless industry association the CTIA has created a cyber-security certification programme for cellular-connected IoT devices. The programme was developed in collaboration with wireless providers across the USA.
By offering certification for IoT devices built from the ground up with cyber security in mind, the programme should protect consumers and wireless infrastructure, while creating a more secure foundation for smart cities, connected cars, mhealth and other IoT applications.
"America's wireless industry has long been a leader in cyber-security best practices and establishing an industry-led cyber-security certification programme for IoT devices is a major step in building a trusted, secure wireless ecosystem for the internet of things," said Tom Sawanobori, CTIA chief technology officer. "The IoT cyber-security certification programme harnesses CTIA's network of authorised labs and reflects our commitment to securing networks and devices in an increasingly connected wireless world."
Wireless operators, technology companies, security experts and test labs collaborated to develop the programme's test requirements and plans. The programme builds on IoT security recommendations from the National Telecommunications and Information Administration (NTIA) and the National Institute of Standards & Technology (NIST).
"Establishing a common and readily achievable security programme that protects devices, consumers and our networks is a critical initiative as the IoT market continues to grow exponentially, both in the USA and globally," said Cameron Coursey, vice president at AT&T
For more than 25 years, CTIA's certification working groups have developed and managed product test plans and certification requirements for devices, networks and other wireless technologies, with more than 70,000 certification requests handled to date by over 100 CTIA authorised test labs. These programmes ensure interoperability between wireless devices and networks, as well as set standards for a secure, high-performing and innovative wireless ecosystem.
"IoT security is fast becoming a priority as the global market grows to 3.5 billion cellular-connected IoT devices, with a 48 per cent 5G mobile adoption rate in the USA by 2023, according to the latest Ericsson Mobility Report,” said Tomas Ageskog, head of digital services for Ericsson in North America. “CTIA's scalable and standards-aligned programme complements Ericsson's secure-by-design approach to developing, deploying and managing communications infrastructure."
The certification programme will begin accepting devices for certification testing starting in October 2018.
"Designing for security from inception is a critical element of 5G networks and, by extension, the IoT,” said Mike Murphy, CTO for Nokia in North America. “CTIA's certification programme will build on industry's efforts in this area, thereby ensuring that trustworthiness of IoT devices and the networks is well established. This will be critical in driving consumer adoption and confidence and enabling the massive IoT growth that has been forecasted and to enable verticals to thrive in the future."
Ivo Rook, senior vice president of Sprint, added: "IoT is increasingly important to all companies. We need to act proactively in securing the data of our customers, and this is not just a technology challenge, it is a collaboration challenge. All operators and technology providers need to work together to ensure that robust security can foster continued growth and innovation."
And William Boni, senior vice president of T-Mobile, said: "To realise the exciting promise of IoT, security must be considered at every turn. By setting these standards, the wireless industry is proactively leading the charge to secure previously unsecure devices, protecting our networks and customers against cyber attacks."
Chris Schmidt, executive director at Verizon, added: "Verizon has long prioritised the security of our global IP network and wireless networks. We are encouraged that CTIA is taking the initiative to establish security requirements that will help guide the ecosystem as we strive for a safer and more secure IoT future."