The Internet of Things (IoT) makes possible an enormous amount of opportunity for enterprises, promising to improve their overall efficiency, lower operational costs, and open the door to potentially disruptive applications. However, at the same time, C-suite executives are waking up to the reality that the world of IoT security is going to look a lot different from today’s security environment. When you add in 5G networks with greater capacity, faster speeds and reduced latency, it’s clear that there are many challenges ahead for executives looking for the optimal way to combine 5G connectivity with IoT security.
Findings on IoT security from IoT World
In an attempt to quantify the risks and opportunities for executives in nearly every industry, the IoT World conference and expo (which took place in mid-May in Santa Clara, California) recently surveyed more than 100 IoT executives to see what issues, concerns, and challenges they see ahead. The report (“What’s Keeping IoT Executive Up At Night?”) found that the three primary concerns were implementation of the technology (mentioned by 34% of the respondents), cyber security (25%) and initial purchase cost (17%). Somewhat surprisingly, “ongoing upkeep costs” barely registered as a concern, cited by only 3 percent of those surveyed.
Given that IoT security ranked as the second-leading concern of top executives, it’s perhaps no surprise that organizations are already starting to put into place new processes, programs and policies that are intended to keep their networks and data centers safe. For example, nearly one-half (46%) of the respondents said that they were introducing internal training systems designed to get employees up to speed on topics like IoT security. And a similar percentage (45%) of the respondents said that they are planning to deploy IoT devices on dedicated networks in order to mitigate the risk of these deployments.
Once the new IoT systems are deployed, the executives plan to commit to all the “small things” needed to keep these systems up and running. For example, 68 percent said that they will commit to regular firmware and software updates. And 43 percent said that they will be regularly checking whether physical access to edge devices (e.g. sensors deployed outside the security perimeter of a business) might be at risk of hacking. And another 35 percent say they will make data encryption the default setting on all new devices added to their network.
The role of 5G in IoT security
This commitment to a “checklist of best practices” will certainly aid in improving the overall IoT security profile of an organization, but will it go far enough? In today’s 4G world, perhaps these steps would be enough, but more and more organizations are preparing for a 5G future, realizing full well that 5G is a potential game-changer.
After all, with 5G networks, it’s not just a matter of doing more, faster. It’s also about fundamentally changing the opportunity set of what’s possible in the first place. Common examples of innovations cited as particularly benefiting from 5G technology include autonomous vehicles and remote surgery. With 5G technology, autonomous vehicles will be able to connect in real-time with each other, thereby solving problems like traffic management on the fly. With 5G technology, a surgeon in New York City would be able to advise on tests, scans and medical procedures anywhere in the world, in real-time.
Plus, at the same time, the number of connected devices is set to explode exponentially over the next few years. According to Statista, there will be 31 billion IoT devices by 2020, and 74 billion connected devices by 2025. Just by sheer numbers alone, that radically changes the potential attack surface for hackers. With so many devices connected to each other via a vast, invisible wireless mesh, it will put a premium on security tools specifically formulated for 5G security. And it will make device security paramount. By 2025, hackers will have their choice of 74 billion “weak links” in a security chain. If you thought that today’s botnet attacks are a scourge for IoT security, just imagine what will be possible in a few years. Not only will hackers be able to take down infrastructure and energy grids, but also they will be able to hack medical devices and bring a network of connected cars to a literal standstill.
New approaches to IoT security in a 5G world
So how will IoT security change and evolve in response to these new threats involving mobile networks? One idea currently gaining currency is that 5G-based IoT networks will lead to a very prominent role for artificial intelligence (AI) and machine learning. Human operators can’t possibly track all the security threats across vast 5G networks, but machines can. With machine learning, networks will be able to “learn” about new security threats, identify them in real-time, and then launch automated remediation tactics.
Moreover, recognizing that 5G enables greater network capacity (i.e. more devices can share the same bandwidth at the same time), IoT security will likely turn to strategies such as “network slicing” that enable more efficient consumption of available resources. And, in contrast to the current “DevOps” model, the new IoT security model for the 5G world will likely transition to a “DevSecOps” model, in which security (“Sec”) is baked directly into the connected device from the very beginning. It is far better to ensure that full end-to-end encryption is available right out of the box, rather than try to encrypt all 5G network traffic at a later date.
And, finally, IoT security experts say that organizations will likely need to move to a new security framework. The current model – known as the “point defense” model – basically assumes that all enterprise networks are based on a hub-and-spoke approach. The new 5G model will be much more of a “security fabric” model, in which devices move effortlessly between integrated networks, automated systems, open APIs, and common IoT security standards.
The future of IoT in a 5G world
Obviously, IoT devices present both challenges and opportunities for organizations of all sizes, across every industry. More thinking will need to take into account IoT security on the edges, as well as the new ways that emerging technologies (especially AI) can help to reduce the daunting task of keeping IoT networks safe. By the year 2022, nearly 15 percent of the world will have access to 5G networks, so it’s not too early to consider the steps needed to take now in order to prepare for this inevitable future.