LIVE FROM GSMA M360 MOBILE SECURITY AND INDUSTRIES, LONDON: Raphael Glatt, head of customer success management at BICS (pictured), warned every IoT device is vulnerable to attack, with the surface area of threats continuing to grow as critical industries begin to adopt more connected set-ups.

During a session on e-SIM, Glatt discussed work done by the European Commission (EC), along with a BICS-backed GSMA initiative to address a high number of threats including privacy breaches; impersonation; hacking; malware and viruses; and interception.

Glatt said BICS finds vulnerabilities in every connected device, from TVs, connected refrigerators, cars, mobile phones and smartwatches, citing research which found IoT attacks had quadrupled over five years to hit 112 million.

“From the network layer, to the radio and to the core, every item can be hacked somehow.”

With critical sectors including public health, transport and business being encouraged to implement IoT and private networks, the scale of threat inevitably increased, said Glatt.

This pushed the EC to update its 2019 Cybersecurity Act to implement new Network and Information Security (NIS2) legislation in 2022.

NIS2 requires companies in critical sectors to take “appropriate and proportionate technical, operational and organisational cybersecurity measures, with obligations around implementing an end-to-end solution covering an entire lifecycle”.

IoT Safe
BICS believes the challenge of complying with NIS2 lies in providing “the most robust single root of trust to simplify end-to-end protection”, addressing connectivity, devices and applications.

The executive then turned to the IoT Safe platform, the GSMA initiative BICS backs, which recommends the industry use the SIM as the hardware secure element, or “root of trust”, to establish end-to-end security spanning device and cloud/server applications.

Glatt said IoT Safe backed the proven security strength of the SIM to store credentials and is fully standardised, enabling interoperability between devices.

It also covers lifecycle management and end-to-end encryption of communications.

Glatt added IoT Safe is futureproof, as it is compliant with e- and i-SIM, allowing users to change from one profile to another without losing device identities.