British defence firm Qinetiq warns of security risks of mixing 5G and IoT
British defence technology company Qinetiq, heavily involved in the UK 5G testbed project in Worcestershire, has warned next-generation 5G wireless networks will open businesses up to cyber threats.
The GSMA predicts as many as 1.4 billion 5G connections will be live by 2025, with revenue opportunities spiralling to $1.1 trillion in the period, with the internet of things (IoT) a major breeding ground for new connections. 5G networks are being “designed to be scalable, versatile and energy smart for IoT,” according to a recent report by Research Gate.
5G networks will accommodate more applications and devices, leading to a wide variety of mobile IoT applications and a shift to the cloud to reduce energy-use on mobile devices, it said.
In Worcestershire, in the UK, a team of industrial 5G experts are leading a 5G testbed with the Worcestershire Local Enterprise Partnership (LEP.) The consortium comprises of Worcestershire County Council, the University of Surrey, alongside Huawei, O2 and BT, along with local businesses Worcester Bosch and Yamazaki Mazak, and certain other organisations.
The Worcestershire project will focus on ways to increase industrial productivity through preventative and assisted maintenance using robotics, big data analytics and augmented reality (AR) over 5G. It retains a focus on the industrial IoT space as well.
The project’s cybersecurity aspect is being led by QinetiQ. Mark Hawkins, the company’s technical lead on the project, said cybersecurity is central to design of next-generation wireless networks. “5G deployment envisions enterprises and industry verticals – such as manufacturing, transport and retail – moving their business-critical data to the mobile network,” said Hawkins.
“However, this means the security focus shifts from the corporate network or data centre, to the mobile network. Not only is data migrating to the mobile network, but so too are business critical operations. If there is a problem with the mobile network it is inconvenient if you can’t make a phone call, but it is extremely costly if your factory cannot operate, and extremely dangerous if your autonomous car gets hacked.”
Back in March 2018, European cybersecurity agency ENISA warned 5G mobile networks come with “extremely dangerous” risks. “As mobile plays a huge role in our digital society, assuring our everyday digital infrastructure in support of the economy itself, the stakes are high,” it said.
LTE-based 4G networks also carry security risks, of course. In a study by Purdue University and the University of Iowa, most of the world’s 4G networks are likely to be exposed to a range of security flaws that cybercriminals can tap into. Organisations within the IoT space have tried to secure standardised security specifications for the industry. Mixing IoT and 5G together could result in vulnerabilities across the globe, said Hawkins.
“Previous generations of mobile networks have been consumer orientated so security was not a primary consideration,” he said. However, due to the business applications available thanks to 5G, especially when it comes to industrial IoT, security is the main priority for the design and implementation of the networks, devices and applications. QinetiQ is promising security-by-design in the Worcestershire 5G testbed, using it to develop security test and assurance services.
“The key is both the 5G network itself, but more importantly the applications and services running over the top of it, can be assured to security requirements,” said Hawkins. “We are looking at how the 5G network can be secure by design and proved to be so via testing.”
Working for clients such as the Royal Navy, the company has been working in the field since 2001, when the Ministry of Defence split its Defence Evaluation and Research Agency (DERA) in two. The company is also looking at security testing and assurance of applications for LTE applications and IoT devices. “Being involved in the Worcestershire project gives us two real advantages in developing security assessment approaches for IoT,” he said.