The UK telecoms security bill: A signal of change in the global 5G industry?

Following the introduction of the Telecommunications Security Bill in the United Kingdom, the stakes for security compliance have never been greater. As Jimmy Jones, telecoms cyber security expert at Positive Technologies says, many have focused on the complete ban on Huawei’s involvement in the UK’s 5G network, which is a major aspect.

However, the situation with Huawei has been front and centre for some time, thus it may be a moot point as the exclusion of their equipment has potentially been accounted for in 5G network planning. In truth, the more important details that operators should be focused on are the heightened security responsibilities they now face.

EU and US security theme

While the UK is the first to move towards legislation, it is only following the theme of others, such as the European Union and the United States. The intention to increase and quantify security in telecom networks is palpable across the globe.

Following a 5G conference in Prague in 2019 that was attended by 32 countries, the EU unveiled their EU Toolkit, which was designed to give member nations a set of measures to alleviate the risks that 5G networks present. Shortly thereafter, the US Cybersecurity and Infrastructure Security Agency presented a strategy document of their own.

Now the UK has taken things one step further by enshrining these powers in law and putting the onus on telecoms operators, with fines of £100,000 (€ 110,690) a day or 10% of revenue for non-compliance. High security standards will now be government mandated and paramount, a change for the industry from setting their own standards of security gaps. This legislation represents the logical next steps of the previously published regulatory documentation; therefore, it’s likely these principles will be replicated globally.

Security in 5G networks

It’s critical that security is delivered in 5G networks due to the huge increase in connectivity it ushers in. More connectivity means more varied services and more devices relying on network resilience, and the wider the impact if security is compromised. 5G must also address pre-existing threats. Most 5G networks will actually consist of an existing 4G network core, with 5G just present in the radio access edge. These hybrid networks, known as Non-Standalone will be with us for the foreseeable future.

With a majority of operators relying on already established 4G networks as a building block for their 5G networks, this leaves them open to the same vulnerabilities as the previous generation that hackers have been exploiting. This includes intercepting calls and SMS messages, tracking users locations, and more. We have seen firsthand in the media, with Circles and later the events spotlighted by IBM the impact these treats pose not just to operators, but for consumers as well.

Our recent research showed that 100% of 4G networks are also susceptible to Denial of Service attacks. This can affect millions of legacy devices and older networks globally, which is grave as these cannot be suddenly switched off so will coexist with their newer 5G counterparts for years to come. Thus, as operators work towards building out exponentially more complex and expansive networks while delivering security in 5G, they must also find the resources to secure older network generation architecture, with this audited and monitored as part of the new legal framework.

Supply chain changes

The telecom supply chain itself is also going to dramatically change, requiring additional scrutiny and protection. So-called high risk vendors had already been banned from the core of networks, but that will now be applied to its entirety.

The legislation pushes to diversify even further to create a far richer and diverse pool of vendors. Removing the expertise and experience of Huawei and replacing it with new entrants is a noble goal, but some say this will slow the 5G rollout. Which could potentially hamper new technology adoption (IoT) and the advantages to the economy that that brings, while possibly also adding expense.

Jimmy Jones

This is addressed most obviously by the Open Radio Access Networks (RAN) initiative, which has the concept of creating telecoms infrastructure that can seamlessly integrate different vendors together. The UK’s decision to create the SmartRAN Open Network Innovation Centre and the support of the NeutrORAN project with NEC is their direct attempt to help this process by creating opportunities and driving innovation for new vendors to enter the market and help operators abide by the new regulations.

The UK should be applauded for the ambition shown in this legislation, and it represents a blueprint for nations everywhere in integrating the shared consensus of security ideas into law. In the 5G era, everybody from the telecom operators, vendors, Internet of Things (IoT) suppliers all the way to the end consumers need to prioritise security more than ever before to counter the growing threat landscape. This is just the beginning.

The author is Jimmy Jones, telecoms cyber security expert at Positive Technologies.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Bluetooth Range and Reliability: Myth vs Fact

Posted on: September 21, 2021

As Bluetooth is becoming more and more ubiquitous in smart homes, buildings, and factories, there are many myths about what the wireless technology can and cannot do. In fact, its capabilities go far beyond its use in consumer electronics and enables a wide range of professional solutions in commercial and industrial environments. Here are some of the common myths around Bluetooth – and the lesser-known facts

Read more

OQ Technology reveals patent portfolio in the US and Europe to improve satellite communications

Posted on: September 21, 2021

5G satellite operator OQ Technology has revealed six pending patent applications in the USA and in Europe that will improve satellite-based IoT and M2M communications in remote locations. OQ Technology’s patent applications include a “wake-up” technology for satellite IoT (Internet of things) devices, IoT device localisation, frequency and timing synchronisation, inter-satellite link technology and satellite

Read more