Internet of Things

How To Secure 5G — And The Internet Of Things Too

Internet of Things connectivity

The coronavirus has forced us to embrace the connected age in ways we might not have dreamed of a few short months ago. Work from home, play games (online) from home, bank from the comfort of your couch — because the bank branches are closed, of course.

The questions remain, though, as 4G gives way to 5G, as hackers target us with new attack vectors as commerce and daily life go increasingly online … is the infrastructure underpinning it all robust enough — and is it safe?

Jonathan Knudsen, senior security strategist at Synopsys, said in an interview with PYMNTS that a secure, standardized security framework can help various ecosystems move toward 5G with confidence.

Some high-level numbers show the appeal of 5G. The wireless technology is between 10 to 100 times faster and more data rich that the 4G that we are accustomed to.

If there’s been one positive of the coronavirus pandemic, it’s been that, as Knudsen said, the internet has worked — so far at least.

“We’ve really never had to test of it on this scale,” he said of the tech backbone that underpins all manner of devices. “The design of this, this thing dates back to the early ‘70s and we’re still running on this essentially very old technology.”

We’re a long way from flying cars, smart highways and predictive maintenance, but telemedicine is quickly becoming the norm, at least when it’s possible to have low latency and high security.

As Knudsen said, looking ahead, beyond the lure of speed on the 5G network, there is more capacity. There also will be more devices, of course, that will run on the network.

“From a cybersecurity standpoint, things haven't really changed that much,” he said, “so, the challenges remain the same.” As he told PYMNTS, the key challenge is to make sure that the systems and devices are better than reasonably secure before they go on the 5G network in the first place. That challenge is intensifying as 4G gets ready to give way to 5G.

Adding devices boosts vulnerability, he said. Each one of those devices represents a possible point of attack for hackers and fraudsters. There are hundreds of millions of devices now that can, conceivably, be compromised, in some way — and there will be billions of devices in the future.

The challenges of cybersecurity, he said, are the same whether from the standpoint of a manufacturer building an Internet of Things (IoT) device or from a healthcare company that is building devices that will be used by providers or a telecom company building network equipment.

“The key question,” Knudsen said, “is how do you build that system or device in a way that minimizes risk?”

The Secure Development Cycle

To do that — to build devices and at the same time design them so that risk is (largely) mitigated — the key is to focus on what he termed a secure development life cycle.

That’s easier said than done, because OEMs may be focused on basic functionality, against a backdrop where margins are slim.

But, he said, as any given tech ecosystem becomes more reliant on software, consumers are becoming more demanding on what they expect from the technology they buy — from baby monitors to mobile phones.

The individual customer may not hold much sway over tech firms — but their suppliers do. Thus the pressure to raise the bar on security comes in the B2B realm. Knudsen said that “a company that is considering buying 10,000 devices from another firm has some leverage and power. This means if they understand what a secure development cycle looks like, and the things the manufacturer should be doing, then they can ask the right questions and apply that leverage during the procurement process.”

To gain full insight into the vulnerabilities, partnering with firms like Synopsys can help clients build a “threat model” that can identify major software components, assets, threat agents, security controls and corresponding relationships between objects as new devices move through the design stage.

As Knudsen described it, “you figure out if the system as designed helps prevent those vulnerabilities or allows them, and, and what’s the risk? No consumer is ever going to do that. To a large degree, you have to trust your manufacturer.”

Ideally, he said, connected devices should hew to a standard, and to certification, that is uniform across all manufacturers so the consumers purchasing those devices know what they have in hand has met at least minimum thresholds for security (think, for example, of the score-based model seen in Energy Star ratings).

“Having a meaningful certification would be pretty great for everybody,” he said. “Once we have that sort of knowledge, we’ll move on to the next new thing and understand the full potential of what the internet means now.”

——————————

LIVE PYMNTS TV OCTOBER SERIES: POWERING THE DIGITAL SHIFT – B2B PAYMENTS 2021 

Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

TRENDING RIGHT NOW