Blog Tags AddThis Sharing ButtonsShare to LinkedInLinkedInLinkedInShare to TwitterTwitterTwitterShare to FacebookFacebookFacebookShare to MoreAddThisMore 29 MAY 2019 As I’ve highlighted a few times on my Data Point videos, I spent some time this week at the GSMA’s Mobile360 Security for 5G event in The Hague.What did I do there? Ate some stroopwafels. Moderated the first two sets of keynotes. Did a taste test of different types of stoopwafels. Moderated a panel of security experts. Bought some stroopwafels to take home. I mean, the security stuff is super-important, sure. But…priorities, right?In addition to weighing down my carry-on bag with delicious Dutch desserts, I did manage to pick up a few insights into the conference topic. If only thanks to osmosis, the caliber of the speakers and the frankness of the discussions, it would have been hard not to. And, all joking aside, anyone interested in 5G, either rolling out networks or services, needs to be concerned with how we’ll secure it. While not necessarily exhaustive, here’s what I’m now paying more attention to.5G imperative. I kicked off the keynote panel with a simple question: “Why has 5G brought the question of security to the fore?” What’s different about 5G versus 4G or 3G that makes security so much more important? The panelists’ answers centered on the attention 5G is getting from operators and regulators and consumers. The real answer, however, is implicit in that attention: it implies a massive amount of connected devices (potentially unsecure endpoints) as well as the critical digital systems expected to run on 5G.To worry or not. If we expect lots of critical systems to run on 5G (from connected cars to connected industries) then we need to be really worried about the security of 5G networks, right? Doomsday scenarios of power grid shutdowns and cars getting hijacked, are more than just abstract concepts, they’re real world possibilities that should be keeping us all up at night. Maybe. While these might all be connected by 5G, it’s silly to believe that the only security applied to them will be in the 5G network. The services running over the 5G networks will need to be secured as well. We hear a lot about multi-layer security architectures. If we believe that they are indeed necessary, then we can’t pin all 5G security responsibilities on the 5G network alone.Dangerous cost cutting (aka, security RoI). I’m cheap. Just ask my boss, my team, or my wife. So, when I went shopping for a home security camera on Amazon, I opted for the low-cost option, then wondered about how secure it would be and if I could trust its cloud services. The same applies to network security. Policies, products, and architectures optimised for costs may come with security risks. Or, rather, security policies, products and architectures optimised for costs may be ineffective, incurring their own costs. Ultimately, the issue is one of RoI, recognising that security outlays need to be seen as investments that deliver returns in terms of network protection, service integrity, and customer satisfaction.SOS (Same Old Skills gap). The concept of a “skills gap” among operators is not new. Years ago when I did some work on barriers to implementing virtualisation, a lack of internal skills was cited as critical. Fast forward and the same thing exists for security skills, forcing operators to rely on the skills of their vendor partners.Skills gap, meet innovation gap. Where a skills gap forces operators to rely on their vendors, we are forced to acknowledge a long-term evolution in the vendor landscape. Where there was once a large set of major mobile network vendors, the market is now largely concentrated amongst three main ones, especially in the RAN. Why is this a problem? Put aside theoretical arguments around the impact on pricing and incentives to innovate. If operators have a smaller set of vendors to choose from, then they have little option but to live with the decisions those vendors make around security (or how well they secure their own solutions).Deadly rotten eggs. Apparently, connected egg trays are a real thing. If you live in a civilised country where eggs are stored in the fridge, you might now worry about how long your eggs have been around. If you keep your eggs in the pantry like a Neanderthal, however, then a tray that lets you know how long they’ve been around might make sense (note to self: Connected Neanderthal would be a great band name). But where the issue of 5G Security often revolves around critical infrastructure or connected industries, securing the lowly connected egg tray might seem unnecessary. I’d thought we’d got past that thinking, recognising that anything connected to the network becomes part of a potential attack surface. Regardless, potential threat examples ranging from light bulbs to aquarium heaters, to egg trays all got invoked as a reminder.Moving beyond generalities. If we need 5G security to be a topic that everyone pays attention to (everyone owns in some way), then we need a broad set of stakeholders at conferences, learning about it. Simple enough. But that means the way we talk about it (technical versus strategic) will need to accommodate them all. That’s problematic, because talking about security in terms of broad trends and generalities won’t result in real, on the ground, solutions to real problems. Does that mean we exclude the less technical folks (like myself) from these conversations? No. It means we need to all get smarter and become conversant in security the way we are for RAN or device specs.AI imperative. Another “imperative,” I know. But just as much as 5G has increased the profile of network security, network security has elevated the profile of AI. IBM highlighted this when noting the sheer volume of security notices, updates and research produced on a daily basis (around 7,000 pages). The takeaway: we need good AI tools to help us identify what matters and to help find the data we need when we need it. Beyond discovery, though, there’s a role for AI in helping us adapt to evolving threat tactics and strategies.5G for good. In presenting the value that 5G and mobile networks can bring (and the importance of getting them right), the GSMA’s Director General Mats Granryd pointed to the promise of enhanced connectivity combined with AI and Big Data to do things like mitigate or halt tuberculosis outbreaks. It’s an important reminder, and not just because he’s my bosses’ boss. But, it also highlights an important knock-on requirement.Trust, trust, trust. Security is different from privacy. They are two different sets of issues with different requirements and associated risks. But if 5G will be connecting us all and leveraging data to do great things, then users need to have trust in the privacy of their data, or at least trust in the way that their data is being used. Again, these issues are different from security, and they may be more difficult to tackle, requiring consumers to pay attention. But, if we want to execute on the 5G promise, they may be the most important issues.– Peter Jarich – head of GSMA IntelligenceThe editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members. Subscribe to our daily newsletter Back Intelligence Brief: Does intent matter in network automation? GSMA Intelligence Intelligence Brief: Assessing recent spectrum developments Related Read more Author Intelligence Brief: Assessing latest developments in 6G and healthcare 5GGSMAisecurity Previous ArticleHuawei calls for US to halt state-sanctioned campaignNext ArticleLatest US 5G auction raises more than $2B HomeBlog Intelligence Brief: Should we worry about 5G security?
Similar Stories PhD Studentships in Social Sciences and Humanities at University of Aberdeen April 6, 2015 Published by michal Pocket Soundscape Workshop: Nature Meets Technology → Leave a Reply Cancel ReplyYou must be logged in to post a comment. +1 Reddit LinkedIn 0 ← Training on “Youth, Theatre And Intercultural Dialogue” Call for Application to the International Symposium “Change” Summer School “Kinship and Politics Undoing the Boundaries” 2017 Corruption in Eastern/Southeastern Europe and Latin America Tweet Deadline: 13 April 2015Open to: postgraduate Master degree holders in Citizenship, Civil Society and Rule of Law, History, Anthropology, Education, Sociology, Philosophy or TheologyScholarship: full UK/Europe fees and partial maintenanceDescriptionCentre for Citizenship, Civil Society and Rule of Law (CISRUL) aims to produce conversation across the social sciences and humanities on key concepts of the modern polity. Citizenship, civil society and rule of law are three key concepts, all three of some pedigree but enjoying a new lease of life, prescribed by bodies such as IMF and United Nations, championed by social movements, and debated in the media and in academic research, although CISRUL is also interested in related notions such as democracy, human rights, multiculturalism and pluralism. For this year CISRUL offer a inter-disciplinary 3-year PhD studentships. You have two options:You may select the PhD programme in Citizenship, Civil Society and Rule of Law if you wish to pursue inter-disciplinary study;If you wish to apply for a PhD programme in Law, History, Anthropology, Education, Sociology, Philosophy or Theology, please indicate under Funding that you are applying for a University of Aberdeen CISRUL studentship.EligibilityApplicants must hold or be close to completing a postgraduate Masters degree in a relevant field.The criteria for selection are:Quality of application;Closeness of fit to CISRUL’s ongoing debates (see other tabs on this site);Closeness of fit to one or more of our PhD supervisors (see list of People under the Home tab).ScholarshipCISRUL studentships will include full UK/Europe fees and partial maintenance. Overseas students are welcome to apply and would receive the same partial maintenance, but it’s possible they may need to pay the difference between UK/Europe and overseas fees (the difference is around GBP7100 per year).How to apply?To apply please full out this online application. Make sure you give as much information as possible in your Personal Statement. But the most important document is the Research Proposal. You must give a full, clear account of your proposed research. It wil be considered how closely your research proposal fits with CISRUL research profile – the best way of learning about CISRUL research is by reading on this website about previous and future events. Give your application reference and your name in the research proposal, and state that you are applying for a PhD studentship from the Centre for Citizenship, Civil Society and Rule of Law.For more information please check the official web-site. Share 0