With the rise of emerging technology, unforeseen security challenges can appear. As 5G becomes ubiquitous, it’s the machines that need to be protected from human beings. That’s because cybercriminals, hacktivists and industrial spies have set their sights on IoT devices as a massive attack surface for denial-of-service (DoS) strikes, data theft and even global disruption.
If you’re a communications service provider reading this, maybe you’re thinking “I’m glad that I’m not responsible for securing all those IoT devices.” But you are. If service providers wish to monetize IoT communications, they’ll need to wrap security around those communications. It’s a big task, compounded by the fact that most IoT devices will be so small that they’ll have no built-in security of their own. The stakes for service providers, however, are too high to ignore: personal data, mission-critical applications and even national security are all at risk from IoT-based attacks.
Okay, now take a deep breath: You don’t need to solve all these problems today — the IoT revolution isn’t here yet. But you do need to be thinking about IoT security right now, studying the potential attack surface of new applications (e.g., telehealth services, connected cars) and developing strategies to mitigate the unknown unknowns that will invariably arise as new IoT applications are created and launched.
What will this new attack surface look like? Let’s dig deeper into a few high-profile IoT applications to understand the potential security risks.
Telehealth use has taken off in 2020, but it was already becoming a popular alternative to in-person healthcare, particularly in areas where healthcare services weren’t readily available. One risk of telehealth, however, is the transmission of highly personal information that could be subjected to a man-in-the-middle attack. This risk becomes even more serious when you consider the number of connected medical devices that are expected to be activated on 5G networks. For example, what happens when a remote heart monitor is compromised or real-time emergency services are disrupted by a DoS attack? And who underwrites that risk: the communications provider, the healthcare provider or the device manufacturer?
It goes without saying that energy services are mission-critical applications. One of the more interesting 5G applications is the use of connected devices to manage smart grids, power plants and municipal energy services such as water and electricity. But what happens if cybercriminals seize control of wireless water meters? Or if a regional smart grid is disrupted? As for safety sensors in nuclear power plants that might manage heating and cooling—well, let’s not even go there.
Those scenarios may sound unlikely, but attacks like that have already happened and been highly successful. The Mirai botnet is a classic example. It compromised a massive field of 4G IoT devices that nearly brought down the Internet. An interesting caveat: that malicious code was quickly shared on the Internet for other cyber criminals as well. Yes, cybercrime as a service is a now a thing, and a lucrative one at that.
The concept of an Internet-connected vehicle may seem futuristic, but almost every modern vehicle is already a connected device. There are GPS connections, digital satellite radio connections, roadside service connections and collision radar connections. Then there are Bluetooth connections to our smartphones, which are themselves connected to a radio access network. And that’s before we even get into self-driving vehicles.
Beyond the safety risks of turning our car into a two-ton IoT device, personal data is also at risk in our car. We can log on the Internet right now and track where our family members are located through their GPS device. Going forward, in-car email and streaming video will be packaged with cars for a monthly fee, creating an even greater need for secure, encrypted communications. When vehicle-to-vehicle communications arrive, new security mechanisms will need to be put in place for that too.
Ultimately, service providers will need to extend their view of security to not only address subscribers but the millions of connected devices that ride alongside their network in massive Machine Type Communications (mMTC) slices or support enterprise applications at the network’s edge. This will require the ability weigh risk appetite against opportunity, anticipate the unknown and react to new threats in real time. In other words, 5G will be a very different world for service providers from a security perspective.
For a better perspective of IoT security in a 5G world, talk to Dell Technologies. We’re committed to providing service providers with end-to-end security solutions that can effectively monetize 5G opportunities while mitigating risk. At Dell Technologies, we believe the world is better when machines and human beings are working together for a common good.