This story first appeared in the July 2018 issue of CommsMEA.
The industrialisation of the world began in the late 18th century with the advent of steam power and the invention of the power loom, radically, changing how goods were manufactured. A century later, electricity and assembly lines made mass production possible. In the 1970s, the third industrial revolution began when advances in computing-powered automation enabled us to programme machines and network.
Today, a fourth industrial revolution is transforming economies, jobs and even society itself. Under the broad title Industry 4.0, many physical and digital technologies are combining through analytics, artificial intelligence, cognitive technologies, and the Internet of Things (IoT) to create digital enterprises that are both interconnected and capable of more informed decision-making. This revolution is embedding smart, connected technology not only within organisation, but also our daily lives.
With the advent of 5G in the telecommunication industry; evolution of vertical industries like IoT, remote health monitoring services, autonomous vehicles, home automation etc. will only increase. Most, if not all, of these vertical industries need a common platform to exist – connectivity, authentication and trust. However, while the platform for connecting is common, the requirements from this platform can vary distinctly for each vertical industry.
Industries like home automation require strong authentication mechanisms with enhanced identity management capabilities for humans and machines alike.
Health monitoring services are heavily dependent on low latency networks with the ability to raise, analyse and action alarms in close to real time. Autonomous automobiles would require higher bandwidth availability with low latency depending on the function and sub-routines an event triggers.
5G networks are designed to have the ability to slice the network into distinct virtual networks with their own operational and security attributes that allow vertical industries to leverage the common platform while achieving their own unique attributes of the network service being utilised. The ‘core’ of this capability of 5G networks being able to differentially offer service capabilities across its network is the evolution of technologies like software defined networks (SDN) and network function virtualisation (NFV). While these technologies give 5G the capability to operate in a flexible and efficient manner they also bring with them security concerns that will need to be mitigated by telecommunication organisations through the implementation of strong authentication, authorisation and trust management capabilities.
With advent of IoT, the number of connected devices for every individual, enterprise have risen significantly and the devices are susceptible to security breach. The following considerations are merely the reality of the new cyber landscape we live in:
Exponential increase in attack points
Adopting IoT has not only introduce a vast number of devices to an individual or organisation’s network but also connect many loosely coupled end point via telecom infrastructure. Each organisation needs to not only look at security risks as they apply to themselves, but also due to its position in ecosystem.
Limited control on devices
Security features are limited in devices due constrains in terms of compute, specifications, capability and nonstandard manufacturing, specially non enterprise grade devices. These devices can have rouge applications, or backdoor code, or can be compromised through orchestrated cyber-attacks.
Authentication and authorisation
Multiple devices have access to network credentials and to user social platforms. These devices can lead to compromise of individual network or personal information. Devices shall authenticate themselves before they can access network or other applications.
Data security considerations
As the number of devices increase so is the amount of data being churned out through these devices. The massive amount of data can reveal trends by combining data points that by themselves are seemingly innocuous: power of aggregate data needs to be harnessed in a manner that takes into account both legal and ethical privacy considerations.
Cloud or not to cloud… this is no longer the question. As we start to overlay our connected world with artificial intelligence, machine learning and robotic automation the usage of cloud-based capabilities will be embedded in most industrial and domestic applications of technology. Telecommunication operators understood this trend a while ago and have been redefining the security norms to enable cloud capabilities as part of an end user service.
Addressing the issue of security in telecom requires a shift in approach by telecom service provider in how they treat connected devices. Telecom operators need to treat end users and end points part of their network. This includes strategic shift in viewing security as an enabler of business, adopting security by design methodology, creating and following reference IoT blueprint and even educating consumers.
The changing paradigm of security in the telecommunications space also requires a shift in strategy and capabilities. The focus will need to shift from ‘box-driven security strategy’ to ‘security through vigil’. Traditionally, security strategies have revolved around investing into carrier grade security appliances in order to meet regulatory norms and safeguard critical infrastructure. With the ingress points increasing multifold and new attack vectors being created rapidly; organisations will need to change their focus into integrating these boxes and overlaying them with analytics capabilities that gives them actionable intelligence in close to real time.
Technology security will require an engaged and dedicated team of specialists that have the tools, skills and as importantly, authorisation from the management, to identify threats in close to real time and respond quickly to mitigate new attack vectors on the fly.
From the traditional view of safeguarding critical assets the view would now need to be customer centric and safeguarding customer lifestyle – threats like identity theft, to data analytics randomisation, breaches in trusted equipment, etc.
Fundamentally, technology security is very heavily hinged to the trust model defined and this becomes much more evident in a 5G world. Organisations and end-users alike will need to define a trust model based on their ecosystem and identify automated and human led behavior on the network as genuine or not. Security, confidentiality and privacy will have to go hand-in-hand. This translates to creating a delicate balance between monitoring traffic and user behaviour, man or machine and ensuring that the data is utilised in an ethical manner.
Industry 4.0 & 5G enable organisations to take advantage of network-based, data-driven, autonomous and cognitive digital and physical technologies to create truly innovative business solutions—rather than simply using technology to pursue the same old ways of doing business. In the process, however, its effects can ripple outward to touch everything that organisation touches. It is therefore crucial to understand the important security touchpoints between business and technology needs; between financial outcomes and innovative strategies; between integrating existing technologies and creating completely new solutions.
As our environment evolves into 5G and the 4th industrial revolution – so would need to evolve our design principles. Design thinking takes front and centre stage again.