The Internet of Things (IoT) continues to grow as more and more devices, sensors, assets, and other "things" are connected and share data. Still, many remain concerned about the security threats and vulnerabilities of this environment -- whether it involves IoT networks, data, or the connected devices themselves.
Can 5G, the upcoming fifth generation of wireless mobile communications, help enhance the security of IoT?
SEE: 5G: What it means for IoT (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)
IoT ecosystems can be especially appealing as the targets of attacks such as distributed denial of services (DDoS), in part because there are so many different components involved.
Two of the major security issues at the moment are the lack of effective security being built into IoT devices themselves, and the existence of a large number of different standards frameworks, says Paul Bevan, research director for IT infrastructure at research and analysis firm Bloor research.
"The problem isn't with the standards themselves; rather it is the challenge of translating between the different domains and frameworks," Bevan said. "You are only as secure as your weakest link, and this need to translate between frameworks could be one such weakness."
IoT security generally encapsulates existing security threats, but also has some unique challenges, said Patrick Filkins, senior research analyst, IoT and mobile network infrastructure, at research firm International Data Corp. (IDC).
For example, enterprises have long juggled with how to address end-point security. "To balance the costs associated with deploying hundreds, if not thousands of sensors, end-point security is sometimes relatively unaddressed," Filkins said. That can leave those end-points open to security breaches. "This puts much of the security heavy lifting on network and IT resources positioned further away from end-points," he says.
Research by Gartner Inc., estimated that worldwide spending on IoT security would reach $1.5 billion in 2018, a 28% increase from 2017 spending of $1.2 billion. The firm expects to see demand for tools and services aimed at improving discovery and asset management, software and hardware security assessment, and penetration testing.
The lower latency, increased bandwidth, and ability to dedicate network slices to specific use cases that are inherent in 5G design specifications will enable a range of new mobile and remote applications not been feasible with 4G technology, Bevan said.
"The most widely touted have been autonomous vehicles and control of remote medical devices, both areas where latency issues are likely to have serious, life-threatening implications," Bevan said. If users need real-time response from devices in the field then it is likely that 5G will be a major enabler, he says.
The new mobile wireless standard will allow enterprises to seamlessly connect more end-points to a network, Filkins said. "Of course, being wireless 5G will be another tool for enterprises to connect end-points as a potential alternative to a wired connection," he said.
While 5G is being hyped for IoT, many use cases will continue to rely on infrastructure leveraging existing wireless network protocols such as WiFi. "As such, the use case/application will dictate which approach best fits," Filkins said. The low-latency characteristic of 5G will be appealing to many verticals, such as manufacturing, he said.
A key aspect of 5G for IoT is in the design principles related to both the service provider mobile core and radio access network (RAN) portions of the network, Filkins added. The core portion of 5G is designed to efficiently facilitate a diverse set of IoT use-cases.
"IoT connectivity needs can vary greatly by industry, which is where 5G will differentiate from prior mobile generations by enabling operators to service multiple IoT customers and/or use cases from their 5G network platform," Filkins said.
While 5G will eventually apply to both the consumer and enterprise spaces alike, it makes sense that many operators are focusing efforts to drive cellular IoT on Long-Term Evolution (LTE) networks with enterprise customers now, Filkins said. "Over time, these existing LTE-based IoT connections will be serviced by a multi-access 5G architecture [that] will simultaneously service 5G IoT connections as well," he said.
As such, 5G can be viewed as a further catalyst to the IoT market as a whole, by enabling mobile operators and possibly enterprises to apply customized, cellular solutions to an IoT deployment.
While 5G itself will not address IoT security threats, it will take a concerted effort from a range of stakeholders spanning mobile operators, enterprise customers, and perhaps specialty vendors to understand and address these issues, Filkins said.
"As the network itself is upgraded to 5G, the need to upgrade network security will also be present," Filkins said. "Operators have primarily focused on defending their networks from external, Internet-based intrusions. With IoT, you have greater potential for intrusions from inside the network or through 'middle-man' attacks."
It is likely that operators as well as enterprises leveraging 5G for IoT will take a closer look at ways to incorporate security measures more tactically, Filkins said, with security potentially present at more layers than it was in prior network generations."
"The vendor community is also moving swiftly to enhance 5G security, by converging traditional firewall functions with application visibility and security," Filkins said. "As more IoT applications are run on the network, which could be hosted in a traditional data center or in an edge cloud, securing applications themselves will be at the forefront of 5G security concerns."
Any 5G security concerns related to IoT will be more present once operators introduce 5G core networks and further cater to the IoT needs of enterprise customers, Filkins said. Such 5G core network deployments are not expected to see broad uptake for a couple years, he said, although there will be some China-based operators that plan to introduce this technology as early as next year.
"Good security is all about the combination of people, process, and technology; 5G by itself cannot properly address IoT security issues," Bevan said. "For sure, if an IoT device is communicating using a SIM [subscriber identity module], then validation of the device and encryption of the data via a secure link provides at least part of the end-to-end security solution."
But this capability is available in 4G and older technologies. Bevan said. "5G is not bringing anything new to the party," he said. "If the IoT device has been compromised through weak or non-existent passwords, then all 5G is doing is sending some secure but malicious commands to the infected device."
What's needed is to design security into the IoT devices themselves, move toward a common set of end-to-end security frameworks, and essentially shift the issue of security closer to the design phase of both IoT products and services, Bevan said. This should be backed up by adherence to policies and an increasing use of artificial intelligence and machine learning to automate security operations, he said.