Steve Rogerson talks with Enrico Milanese from Telit Cinterion about how to keep IoT networks secure in the 5G era.

One of the big advantages of 5G is it has more security features than previous generations, and these can be incredibly beneficial when deploying a network of connected devices. There are still problems though; a large IoT network creates a larger attack service. Tools using AI and machine learning can help protect a network, but they can also be used by the bad actors.

So what can be done? I had a chat this week with Enrico Milanese, a 5G security expert at Telit Cinterion (www.telit.com), and asked him that very question.

“5G’s security benefits are huge,” he said. “There was great work to improve the specifications. We can leverage a lot of functionalities and features to realise more reliable and secure communications. There are improvements in data confidentiality and integrity.”

And this was needed. Estimates suggest that within the next five years, more than 80% of the world’s population will have access to 5G. At the same time, the number of IoT connected devices will be heading towards the 40 billion mark.

Just think of all those data whizzing between all those devices, and how businesses will come to rely on the access to those data not just to survive but to enable many, many new use cases, ones we haven’t even thought about yet. We all rely on connectivity and access to data today, but that is going to grow, maybe exponentially, within a very short time.

But the cloud hanging over that is, and probably always will be, security. Thankfully, as Enrico said, 5G comes with a lot of security features such as network slicing to keep secure and general services separate and make it harder for fraudsters to launch widespread attacks.

But 5G is also more complex, and that itself brings security headaches. Enrico is confident though.

“The benefits, for sure, will be much higher than the potential risks,” he said.

This does to some extent depend on the applications and the priorities of the companies using these data. Is a data breach the biggest fear? Or, maybe, business continuity is more important. Understanding that balance can be critical in how a security system is designed.

It is also important to understand the people who might attack your network, and they are becoming more organised. Enrico said botnets were available to buy or rent on the black market. “These are being sold as botnet-as-a-service,” he said.

And it is not just businesses; consumers too can be affected.

“Everything is interconnected,” said Enrico. “Protecting these devices is part of our lives. Our smartphones, our cities, our payments. Everything has a huge impact. We need to change the mindset to have a minimum set of security or there could be several implications that we don’t want to face in the future.”

To do this, he said, meant increasing awareness among consumers.

“They need to be more informed and make more informed decisions about purchases,” he said. “We want the customer to demand more security and care about data and privacy.”

So what about AI? Can this help?

“AI is beneficial,” said Enrico. “We are at the beginning of a new industrial revolution. AI in 5G will be beneficial in multiple areas, such as for anomaly or intrusion detection. It can detect and prevent common abuses.”

But, on the other side, AI is also in the hands of fraudsters and bad actors.

“We are seeing a lot of malware with embedded AI capabilities,” he said. “These can overcome current protection mechanisms.”

So bad AI versus good AI. That doesn’t sound good.

“As always, there is a fight between attackers and defenders,” said Enrico. “I am curious to see what this will bring. AI can be used to attack. We have already seen several cases in the field. Defenders need to act more quickly to use AI to block these new attacks. Every day is different. I don’t think there is a silver bullet that solves everything.”

What is crucial though is companies adopt security by design. I sighed when I typed that. This is not new; I have been writing about technology for decades and always people have talked about how important it is to design security in from the start and not treat it as an add-on when the product is nearly finished.

Sadly, not everyone has learned that lesson and so it still has to be said, which brings me onto Enrico’s next point and that is increasing awareness about security among people in an organisation.

“We need constant training and instructions across the departments as the threat is evolving quickly,” he said.

So, they are the lessons – security by design and education so people are not just aware of security but demand it. We have been here before but with the predictions of a connected world enabled by 5G and controlled by AI, perhaps this time the lessons really do have to be learned.