Cybersecurity and 5G: a more secure technology in a more complex environment

The Internet of Things, one of the achievements of 5G technology, opens up enormous possibilities in sectors such as industry. Cybersecurity procedures must adapt to a new, more heterogeneous environment to keep up with it. 

Imagine a large industrial plant, in which machines adjust their work in real time, based on the data transmitted between them. Fleets of autonomous vehicles circulate through the facility, with fluidity and maximum efficiency. All the data from the factory is transmitted to a control center, perhaps thousands of kilometers away, where all the information converges and decisions are made. That scene, with hardly any human intervention, already corresponds in some aspects to reality, and will be something everyday when the deployment of the 5G network is generalized.

The industry will be one of the areas most benefited by the development of the Internet of Things (IoT), that is, the ability of all types of robots, sensors, devices and devices to communicate with minimal latency, through 5G, to act in the face of a changing environment. It will transform the way of working in factories, and also areas such as surgical medicine, mobility or energy management.

With 5G, the possibilities of the Internet of Things are enormous: it is estimated that by 2025 there will be 25,000 million connected devices, and thanks in large part to artificial intelligence (AI), they will be able to share information and act efficiently based on that data. But in this development there is a potentially very dangerous curve, cybersecurity.

The IoT is a new industrial paradigm that also demands a new approach to cybersecurity. Beatriz Martínez Candano, Director of Customer Security for Spain and Latin America at Ericsson, explains: "We are moving from a homogeneous and fundamentally closed environment to a heterogeneous one, where the number of actors in aspects such as the use of the cloud and virtualization is multiplying. All this supposes an exponential change: there are more requirements and they are more demanding, and their order, their traceability, also becomes more important".
Federico Ruiz, head of the National 5G Observatory, uses the examples of previous generations of telecommunications to explain why: "With 2G and 3G the focus was on the voice, and cyberattacks could have only a specific interest in capturing it. When we started handling data, everything changed and layers of security began to be applied, largely reactively to the attacks that were occurring. However, cybersecurity has been at the heart of 5G network design since minute 1." The consequence, he says, is that "with 5G it is much more feasible to develop more secure communications."

From standards to best practices

Starting from that solid foundation of cybersecurity in 5G, how to order the most complex environment to take full advantage of the IoT? "If we think about the typical Russian 'matrioskas', the smallest, the first thing is standardization," explains Martínez Candano. That standardization, the work of international telecommunications organizations such as 3GPP, is much more complex now that it is not only about cybersecurity in mobile phones and computers, but also in sensors, televisions, vehicles, industrial machines ... and even refrigerators. The number of actors involved, from very diverse fields, is multiplying. And the challenge is to manage and orchestrate IoT components both horizontally (appliances, services and users) and vertically (from hardware to application).

Based on these standards aimed at providing transparency and establishing the use of reliable algorithms, protocols and architectures, companies like Ericsson create in a next phase network solutions with a multitude of elements that must be designed from start to finish under rigorous secure development processes.

In a third phase, these solutions must be integrated and deployed in the operator's network, through configurations that harden and reinforce its architecture. The fourth phase would consist of applying best practices related to cybersecurity, such as constant network monitoring, threat identification and response, or prompt and effective recovery from an attack.

The importance of human judgment
Given the critical importance of IoT cybersecurity and the need for constant monitoring, the use of Artificial Intelligence is key in this phase. However, from Telefónica they comment on how human criteria still have a lot to say, at least in the short and medium term. One reason is that, with the drastic increase in the number of data on the network, the number of automated alerts is going to skyrocket, and many of them can be false positives.

Patricia Díez, Global Head of Network Security, IT Platforms and Customer Devices at Telefónica, explains this problem with a couple of examples: a special discount campaign, such as Black Friday, or the sale of tickets for a large concert. In those situations, machine learning techniques could mistake the extraordinary increase in legitimate traffic to a server for a Distributed Denial of Service (known as DDoS) attack and react to end a truly non-existent attack. This is a clear example of the IT world, but extrapolated to the internet of things.

Miguel Ángel Recio, head of IoT/OT security at Telefónica Tech, highlights that human criteria are very important in the application of Artificial Intelligence to the industry. "In this area, stopping a factory has an impact of many millions of euros", because what is understandable is that, in the face of the detection of anomalies, the industry does not want to leave such decisions only to automated systems governed by AI. Of course, Recio clarifies, it will be necessary to have such solutions, due to the number, variety and complexity of alerts that can be produced.

There is, therefore, a way to go for the IoT to develop its full capacity. But the highway, 5G, is ready, and work is being done so that all the high value-added information it is capable of transmitting has the highest safety standards. It's not a simple process, but it's worth it. As Federico Ruiz, of the National 5G Observatory, says, "economies that have actors capable of incorporating these cybersecurity requirements into the network will have a lot of gains."