Guest blog post by Fennel Aurora – F-Secure
Two big challenges come with 5G. There will be orders of magnitude more connected devices, and edge computing in mesh-style networks will require rethinking cyber security.
In some ways, the edge computing revolution is a more serious concern than the explosion of “smart” devices. The security industry has had a lot of experience dealing with extreme volumes since the early 2000s. For example, F-Secure has been handling billions of security requests and protecting against tens of thousands of new threats per day for years. This obviously requires extreme automation and the use of machine learning backed up by human experts.
Conversely, edge computing will likely change some of the rules of the game.
Most current thinking about cyber security involves a 3-layer model. Layer 1 is centralized security in the network – this gives more or less 100% coverage for protecting users and devices on the network, but the level of protection is very basic. Layer 2, in the home/office router, gives coverage to all the devices in the home – including IoT gadgets like TVs, games consoles.
A higher level of protection is possible here, but there are still some necessary limits. Finally, layer 3 is on the endpoint (i.e. traditional anti-virus / anti-malware), and requires users to install something. This makes complete coverage very challenging, but it does offer the most comprehensive level of security – for example, this is the only layer which gives full protection against ransomware and banking trojans.
Today’s pre-5G IoT allows protection from layers 1 and 2. Current LTE-M and similar low power technologies mean that mass-deployed sensors still connect to the central operator network, and so can be protected by layer 1 solutions. Today’s consumer IoT allows protection from layer 2 via the home router, as the IoT device or hub is connected to the home network.
This changes with the 5G-enabled edge computing model, because most traffic never goes via any central system. You can picture this as 5G allowing each service to make lots of small separate internets. It is this de-centralization that brings new challenges.
We can’t apply security centrally from the network in an edge computing model. We also can’t apply the router security model easily, given that a mesh-style network – on which all devices talk to all other ones – does not have a central router that acts as choke-point for all the traffic. We can’t apply endpoint security either, because nobody is going to make AV versions for every type of sensor.
This mesh network model also has an added challenge of returning us to a “weakest link” threat landscape – something that is already true in the corporate security world to some degree, where the latest thinking is to “assume breach”.
Like all major disruptive technology changes, 5G will certainly lead to new use cases that nobody had considered. This means it is very hard to say exactly how these new challenges will play out in real 5G deployments. Even so, the lack of centrality and the mesh models do have precedence. These are both important features in today’s cloud IT revolution.
5G-deployment of large numbers of sensors will likely be managed in a similar way, reusing technology and ideas similar to the enormous distributed data centers behind all the big services we use currently.
Motorbike and sidecar
We also already see some ideas for how to solve security problems in that world. For example in the containers world, security is often enforced via the “sidecar” pattern and the “service mesh.”
The sidecar pattern is what you are picturing: a motorbike with a sidecar attached – the motorbike is your app (in fact, usually a microservice running in a container), and the sidecar is automatically attached to every app by the container management software (the service mesh). Just like in the picture, the sidecar contains a passenger, and that passenger makes sure the driver of the motorbike follows the rules of the road. The sidecar pattern with a good service mesh help IT teams to apply security across these incredibly complex systems while managing scalability issues. These are the first order security problems to solve.
There are also deeper issues around safety and privacy, however. What happens when your self-driving car loses its 5G connection while driving, for example? What happens when your insulin pump is connected to the internet? We already see examples of cars hacked while driving, and insulin pumps that can be hacked to murder the patient. These are scary cases. They are even scarier when we consider that these innovations are taking place in a more or less unregulated way.
There are huge social and individual reasons to want smart cities and other large-scale data and control systems. These technologies can most benefit the most vulnerable in society if used correctly. They can improve the quality of life for the poor, or even eliminate systemic discrimination.
A simple example of the utopian potential is public city transportation. As a lower-income worker, you tend to live further from work, school, and shops. You are also less likely to be able to afford personal transportation. Meanwhile, your area is likely to be less well-serviced by public transit. In addition, taxis often refuse to go to poorer neighborhoods, or may refuse to stop for people of color.
This could be easily change with guidance from using real-time sensor data from buses, bus stops, and roadsides. Instead of fixed lines and schedules that generally favor high-income areas, city bus schedules could be adapted the real needs of the whole population, while reducing traffic and improving air quality for everyone.
Back to the 1930s
We’ve also seen the consequences of data and surveillance technologies turned against some of society’s most vulnerable groups, however. Recent history, from first days of IT being used for data analysis in the 1930s to today, prove that many governments and companies around the world are ready and willing to turn technologies into a sophisticated surveillance apparatus that circumvents people’s right to privacy.
Smart grids, smart cities, self-driving cars, and other technologies that can make resource management more efficient may eventually play a huge role in combating climate change – an issue that transcends national borders.
It’s vital that the promise of new technologies like 5G isn’t realized on the backs of those already struggling for social equality. Technology is not a magic bullet and it is never neutral – technology always adapts to reflect the power structures and real (rather than aspirational) priorities of our societies.
5G technology will not be different. We individually, and as a society, will choose whether this technology will be used to usher in dystopian nightmares and to further exclude all but a very few people. Or will we use 5G to dramatically and inclusively improve the lives of everyone?