Securing the 5G opportunity

This year at Mobile World Congress, 5G was the talk of the town, especially when it came to network infrastructure. Telecoms carriers revealed plans to start testing live networks this year, while vendors were busy announcing live tests.

If we look back at previous cellular network generations, they have all unlocked major new possibilities, changed how we think about connectivity, and created many winners and losers. 1G was a patchy picture of disparate analog technologies, restricted to a given country. At that time Nokia was mostly producing tires, and Apple was selling Macintosh computers to students and ad agencies. With 2G, also called GSM, a fantastic breakthrough made international calling possible, firstly in Europe and soon after across the planet. But arguably the most important characteristic of 2G was the introduction of handset subsidies—a fantastic innovation in the business model.

In the 90s, new mobile phone models blossomed like daisies in spring, at affordable prices with only a vague commitment from users to stay with their network. The name of the game for the mobile industry of the late 90s was subscribers — the more, the better. New carriers launched services much like start-ups today, leading to mega-mergers and acquisitions. France Telecom bought Orange, and Vodafone bought Mannesmann Mobilfunk, both for tens of billions of dollars. However, besides SMS, 2G did not really add other service innovation. Data services were already in view at the turn of century with pioneers like i-mode in Japan from DoCoMo, but adoption was very low.

In the early 2000s, 3G arrived to carry more data at higher speeds. Unfortunately, the end of the dot-com bubble severely indebted balance sheets and the lack of killer apps meant the mobile industry couldn’t continue on the same trajectory as before. The fundamental idea was to provide — and sell(!) — more content through the mobile screen that made the most of 3G technology. The most iconic demonstration of this vision being the creation of Vizzavi, an ambitious mobile service portal, and a joint venture between Vivendi and Vodafone.

Unfortunately, poor user experience and a lack of compelling services limited data adoption until the birth of the iPhone in 2007. Apple, and soon-after Google, paved the way for the massive adoption of mobile internet portals and App stores, both of which required enhanced data transmission speeds. This drove the 4G deployments we’ve seen over the past 10 years.

Three decades and four generations later, what are the main lessons? Mobile is everywhere, from Espoo to Nairobi. Mobile Internet has enabled giants in the US and China to emerge and monetize content. One constant; 90% of the profit pool of the mobile handset business has historically been enjoyed by one player, from Motorola to Nokia, to Apple. Mobile carriers are covering the world, but they have missed the content and the payment opportunities? And are they going to miss the Identity opportunity?

Preparing for the next G

5G is not just another radio transmission standard, but rather a platform for digital transformation and disruption that promises to automate many aspects of our lives. It has to be seen as a collection of service opportunities. The fifth generation of mobile networks not only promises to deliver greater speeds to billions of people, it is designed to connect the next big wave: billions of Things. This includes the Mobile Internet that people use and the Mobile Internet of Things comprised of cars, meters, health care monitors, watches, censors, captors, cameras, manufacturing machines, robots and so on.

The security challenge for previous mobile generations is still there: ensuring satisfactory mutual authentication between the network and the device. This issue remains a major requirement and concern, with 5G connecting all sorts of new devices unknown to the mobile network to date.

New challenges are also emerging. More advanced IoT services require local cloud resources to support really low latency interactions. In an urban infrastructure environment, traffic lights might need to react to a vehicle incident faster than transmission and analysis in a centralized cloud core would allow. Therefore, more on-device and edge-processing will be needed, which opens up a new security challenge for 5G. If you’re looking for more context on the rise of edge computing, I would recommend this primer in The Economist.

Edge computing triggers a lot of questions from a data protection and confidentiality perspective, too. With 5G and the IoT, edge computing services will collect information and then store and analyze it locally at the edge of the network. Sometimes this will be on the device (such as a connected, autonomous vehicle) and sometimes in more local ‘edge cloud’ environments. This adds to the amount of data across the network that needs protecting, with the added complication that some processed data will live in edge resources, far from the relative security of the core.

Building a secure foundation

Historically, cellular networks have been built from a combination of proprietary hardware and software with standard interfaces that customer devices connect to. As we move to 5G, we are moving to standard hardware with specialized software – virtual machines in the cloud. This will make it much easier for malicious users to get to grips with network infrastructure and figure out how to disrupt services in a 5G environment.

5G operators will need to be vigilant and apply the latest authentication and data encryption methods to safeguard the new generation of systems. The challenge is how to ensure that only the right people and devices can access network resources, and if the bad guys get in, to ensure that all the data is encrypted and therefore worthless to them.  Data privacy and security will be paramount because 5G will connect more people and things than ever.

The 5G network of tomorrow

We have recently been working with Intel on solutions and foundational elements to secure virtualized network environments both at the processor level and also in the cloud. This includes protecting confidentiality and the integrity of each of those solutions and the data that is stored. Through this work, we believe there are five important elements that contribute to the overall security of the network:

  • Each device needs to be fully authenticated on the network
  • For consumer devices, each user needs to be authenticated correctly onto the device itself, making sure they use legitimate connectivity and cloud services
  • The radio network needs to continue to be protected
  • All data must be protected according to its value. And the cost implications for any consequences resulting from the use (or abuse!) of these data must also be factored in
  • The network itself needs to be structured correctly –virtualized network functions must be properly secured and network slices should be correctly isolated (as should all the different functions that form each network slice)

The SIM card has been a fantastic enabler for the subsidized handset business model innovation. We now have the eSIM ready to go, to authenticate Things and People by the billions in the 5G environment. We also know the Exabyte of data generated by 5G must be protected whether at rest or on the fly.  We must work together to ensure the integrity of 5G so that carriers and their partners are able to secure this huge opportunity with a profitable growth perspective. Our teams are working closely on the topic and if you’re interested in reading further then take a look at Gemalto’s recommendations for building a new trust model for 5G.

I’m very excited to see what the year ahead will bring.

 

This post can also be found on Philippe Vallée’s LinkedIn profile.

Leave a Reply

Your email address will not be published. Required fields are marked *