The next step in the journey of digital transformation, the fifth generation of wireless communications technologies (5G) will have an enormous impact on mankind, and on every industry including security. In short, 5G will disrupt the way we live and work. To discuss the changes, we presented our questions to Benoît Jouffrey, VP 5G Expertise at Thales, which is at the forefront of the transformation with an emphasis on trust and security. Following are his responses.

Q: In layman's terms, what is the difference between 4G and 5G ecosystems as they relate to opportunity, flexibility and choice in networking tools?

Jouffrey: Compared with largely one-size-fits-all 4G services, the 5G ecosystem will provide organizations with much greater choice and flexibility in the way they communicate over mobile networks. The network slicing capabilities of 5G means that business can have their own independent networks, with each one customized to their unique requirements and backed up by service-level agreements (SLA). Another aspect of 5G will be the ability to drive latency between UE (User Equipment) and network down to below a few milliseconds, which will massively boost the performance and scalability of enterprise applications.

Q: How can these capabilities drive a company's digital operations?

5G will allow enterprises to be connected more efficiently

Jouffrey: 5G will allow enterprises to be connected more efficiently: they can rely on a higher density of connected devices exchanging more information in a better timeframe. Due to these slicing capabilities, 5G networks allow for much greater personalization than 4G networks. This means that businesses could benefit from this personalized network, tailored to their portfolio of Internet of Things (IoT) use cases, and not be necessarily expected to rely on a one-size-fits-all network. By combining the unique capabilities of 5G with the insights derived from analytics, machine learning, and artificial intelligence, enterprises will be in much better stead to run their operations efficiently and securely.

Q: How might 5G impact the use of cloud systems?

Jouffrey: 5G is the first communication environment that is cloud-native. As such, 5G networks will support cloud-based applications in a way that 4G, 3G and 2G can’t support. For instance, sensors (e.g. in a manufacturing plant) often have a small internal storage and rely on synced devices (e.g. gateways) to interact with the cloud. Soon, these sensors will be able to work more efficiently, interacting with the cloud via the ultra-low latency and the edge computing capabilities supported by 5G networks. Unlike current IoT services that make performance trade-offs to get the best from these existing wireless technologies, 5G networks will be designed to bring the high levels of performance needed for the increasing use of IoT. It will enable a perceived fully ubiquitous connected world, with the boosted capacity offered by 5G networks transferring exponentially more data at a much quicker rate.

Q: How can one provide trustworthy 5G lifecycle management for IoT devices?

Jouffrey: Trustworthy IoT lifecycle management is an end-to-end approach from the secure provisioning of keys within the devices, to the proper identification of the users, from the authentication on the network or the network slice, to the secure handling of the data either at stored or in motion. Resources need to be invested long before this to qualify the business model, in prototyping, as well as prototype testing. Most organizations don’t have the resources to counter all the security challenges of their 5G IoT deployments. Businesses will often end up choosing between navigating a risk-laden 5G environment, with inadequate or incomplete trust mechanisms, or outsourcing these requirements. When looking at outsourcing, companies must choose a provider with expertise in digital security, ensuring 5G IoT deployments have data protection and connectivity credentials built in, together with end-to-end data protection solutions such as encryption – protecting data in the device, network, and cloud at rest and in transit.

Q: How can wireless modules address new 5G IoT use cases?

Wireless modules can be expected to play a bigger role than in previous generations of cellular

Jouffrey: As IoT considerations are integrated into the 5G ecosystem, wireless modules can be expected to play a bigger role than in previous generations of cellular. 5G modules support different characteristics to earlier generations – the 5G use cases are much more complex, varied, from high-end use cases requiring high data usage and throughput, such as for industrial routers, to low-throughput, energy consumption optimized devices, as required for some IoT sensors. At the end, compared to the largely one-size-fits-all approach that preceded it, 5G will increase the demand for vertical-tailored wireless modules.

Importantly, these wireless modules need to support new data protection and security features that go well beyond conventional compliance to 3rd Generation Partnership Project (3GPP) standards. Due to the extent of personalization within 5G networks, wireless modules must also offer providers and customers greater security as well as agility all along the device lifespan.

Q: What are the new data protection challenges posed by 5G, and how can they be addressed?

Jouffrey: The 5G era presents exciting opportunities, as well as security challenges. The greatest risks to enterprise data on 5G networks – including eavesdropping, man-in the middle attacks, denial of services, loss or compromisation of data – were already known in 4G. The 5G standards have looked at providing answers to these threats and come with some noticeable improvements, such as the encryption of the international mobile subscriber identity (IMSI), otherwise known as the Subscription Permanent Identifier in 5G. But what’s different with 5G is the threat surface area, due notably to the variety of devices that will be used over these 5G networks and the underlying technologies used for the deployment of the networks, such as cloud native virtualization. On top of this, it’s the first generation of cellular to launch in an era of global cyber-crime, funded by organized crime and states alike.

So, whilst enterprises should look to the ecosystem of telecom operators and cloud providers, vendors, and system operators to help understand the opportunities presented by 5G – this same ecosystem needs to guide them in countering any new risks that the 5G architecture may pose. The key to securing 5G enabled devices is to build security into devices from the outset using encryption.

The key to securing 5G enabled devices is to build security into devices from the outset

Q: What new roles can the 5G embedded universal integrated circuit card (eSIM) endorse in network authentication?

Jouffrey: 5G is the first generation of cellular to launch in a buoyant eSIM market. The eSIM will be key in supporting network slicing authentication and security, enabling enterprises to leverage their credentials to pre-select network slices. However, to support secure authentication for mobile networks that may require the usage of different authentication algorithms over time, these 5G eSIMs must support this flexibility of usage of multiple authentication and authorization credentials. With this capability built into these eSIMs from the start, mobile operators can remotely swap the authentication algorithm either for a dedicated primary authentication, or in a definitive way, thanks to key rotation management, thus maintaining a trusted environment.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

Larry Anderson Editor, SecurityInformed.com & SourceSecurity.com

An experienced journalist and long-time presence in the US security industry, Larry is SecurityInformed.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SecurityInformed's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

Finding Missing Persons Collaboratively Through AI
Finding Missing Persons Collaboratively Through AI

Smart cities, airports, stadiums, hospitals and other organizations are now liaising with government bodies and law enforcement to propel a new dawn of collaborative security and communication. The influx of new technology coupled with the ever-changing political and social landscapes has meant security is having to evolve. Artificial Intelligence is now allowing law enforcement, security personnel and organizations to a transformational method of fighting crime, maintaining public security and significantly finding persons of interest. AI-powered surveillance cameras Utilising surveillance cameras with implemented AI has revolutionized finding missing persons. Facial Recognition and IREX.ai’s “Searchveillance” have equipped both the public and private sector with the tools to collaboratively work together in finding persons of interest. The influx of new technology coupled with the ever-changing political and social landscapes has meant security is having to evolve Finding missing persons has been an underfunded and challenging issue across society, with many countries having no funding at all after the initial police investigation. Through artificial intelligence, surveillance cameras will never sleep on finding missing people by setting up alerts for once a missing person appears under surveillance. How it’s happening Technology like IREX.ai has delivered an AI collaborative security solution which is implemented into surveillance cameras enabling them to become “smart cameras”. Both public and private sector have not been able to collaborate through utilising their existing cameras, which are now powered by AI-backed smart video technology. With surveillance systems now veering toward becoming cloud based, this now allows an unlimited number of cameras for an organization or city to connect to. The AI platform is helping bringing about a collaborative network to help monitor crowded public areas in real time, something that would have taken a lot of manpower, time and cost to produce. Quicker response through “searchveillance” This has now become a crucial element in the fight against COVID-19. The ability to track and trace has been very effective but this particular AI module may only just be getting started in the fight to find persons of interest. When an individual goes missing or is abducted, every second is crucial along with information gathered. Unfortunately, this brings in human-error, when a person believes they may have seen the person of interest, it can lead law enforcement and authorities critically, in the wrong direction. AI-powered Facial Recognition helps eliminate human-error through 99.5% accuracy success, leading authorities to definitive sightings and factual information through the help of AI. “Searchveillance” enables authorities to liaise with the public and private sector organizations who have implemented the AI into their surveillance to run a single search with the person of interest’s photo. Instantaneously the user receives immediate results of, if and when this person last appeared under surveillance. Long-term missing persons It’s common knowledge that after 72 hours, statistically speaking the chance of finding the individual quickly diminish, but that doesn’t mean people stop searching. This week alone, September 2020, US Marshalls found and rescued 25 missing children in Ohio, many of whom had been missing for years. AI-powered facial recognition helps eliminate human-error through 99.5% accuracy success Implementing AI into surveillance cameras is becoming more frequently adopted around the world, enabling alerts in surveillance cameras and notifying appropriate law enforcement when a missing person appears under surveillance are all extraordinary tools. The alert system from the persons photo in the software. Facial recognition allows law enforcement to receive real-time footage of the missing person and their location. It is of great assistance for law enforcement to simply receive a notification and a real time feed of individual they are looking for. Security is becoming a more collaborative effort In light of recent events throughout the world, with protests surrounding police brutality, rioting, violence and deaths, security is evolving and it has to. Enabling technologies and building security collaboration and communication platforms is assisting in the fight to find missing people. It’s not just smart cities and smart airports who are providing a fishing net for find persons of interest, it’s also stadiums. The Superbowl and other major sporting events generate some of the biggest human slavery and trafficking busts of the year. Stadiums are now harnessing the responsibility to help counteract this and set up these alerts, utilize the AI in their cameras and collaborate with authorities, thus playing their part in finding persons of interest. IREX.ai has helped deliver the AI and the platform for collaborative security and communication, as technology grows and becomes more in our lives than we care for it to be, you often forget of the results it can provide, such as reuniting a family.

In Pursuit of Providing a Safe and Secure Environment in the Workplace
In Pursuit of Providing a Safe and Secure Environment in the Workplace

All public properties are faced with a diverse and complicated set of safety and security risks, from health and safety to violence, terrorism, natural disasters, fires, political and environmental. Reducing safety and security risks requires the hands-on support of all operating teams, not just the security team, each playing their part in the pursuit of providing a safe and secure environment for all customers and staff. The challenge is twofold, one many still rely on antiquated logbooks, checklists, and manuals to manage the broad spectrum of safety and security risks. And two, the resources we rely on to complete the tasks necessary to improve safety are generally junior, inexperienced, and not particularly loyal to the business. Continuing to rely on these outdated and complicated management practices is risky and could be very costly. It leaves organizations exposed to safety and security related incidents, it is unreliable, reactive, resource intensive, and easily debatable. Complex risks To complicate matters, as safety and security risks continue to grow more complex, the corresponding operating costs are also on the rise. Regulatory fines, commercial insurance premiums and lawsuits are increasing year over year, making non-compliance with safety regulations a risk no one can afford. Not only is business continuity a concern, but when something goes wrong, the negative impact on the brand/reputation and resulting legal liabilities and regulatory fines will cost dearly. We envision a world where physical safety is managed with the same commitment as digital and financial security At Zendelity, we envision a world where physical safety is managed with the same commitment as digital and financial security; where all safety and security risks are managed with the same level of due diligence and accountability. A day in the life To understand just how much risk these outdated management practices are exposing operations to and how complicated managing safety and security has become, we will look at just a single weave in the web of corporate safety and security. It’s a simple, yet common safety risk, one that every operation is faced with, the ‘slip and fall’ accident.  It’s the perfect example of a safety risk that no operation is immune to, it touches multiple departmental silos and when it happens you can be sure the executive management team will know all about it. Consider this for a moment, according to the Ontario Workplace Safety & Prevention Services (WSPS), 80 workers are injured every day because of a fall - that's one every 20 minutes and the cost to the organization is approximately $59,000 per injury. Now consider this, in Ottawa, Canada, on average it snows 63 days a year. Each time it snows, all public entrance ways will need to be shoveled and salted a minimum of twice per snow fall, halfway through and at the end. In the case, of an elementary school, hotel, hospital, apartment complex or commercial building, that has 9 entrance ways leading to the great outdoors that will translate to a minimum of 1132 net new tasks that must be completed per year on top of all the other daily safety requirements. Now ask yourself this, how often do you suppose one of those entrance ways are missed?  At an average cost of $60K for a slip and fall accident, I’m not sure I would want to play the odds. The challenge is not the job, that is simple enough, the challenge is making sure it gets done in the first place. While responsibilities are listed in safety manuals, requirements change based on the amount of snow or weather conditions making it hard for staff to remember the rules. Communicating requirements to staff is often done with paper-based checklists that are being updated, reprinted, and manually distributed. To measure and manage compliance, completed checklists are collected, and results manually compiled.  Inspections are invested in, to identify potential procedural errors, and catch negligence before someone gets hurt. Access to the data necessary to verify work and understand how the team is actually performing is time-consuming to consolidate, outdated and nearly impossible to verify. The stakes are getting higher The focus and priority of safety and security have been growing year over year While COVID has recently put the spotlight on safety procedures and the risk of a slip and fall is a simple example of the daily safety risks companies face, the focus and priority of safety and security have been growing year over year. Today more than ever before our physical safety and security is at increased risk, the threat of natural disasters, terrorism, violence or political actions has never before been at this level. Today people are equally as concerned for their physical safety as their financial and personal information. On top of the fear uncertainty and doubt in the minds of customers and staff, all businesses are facing an increase in operating costs, related to safety and security, according to: The Insurance Journal, commercial property insurance is expected to increase by an average of 20% in 2020, in one part due to the extreme catastrophic weather and wildfires since 2017 which have had a direct impact on pricing. A survey by U.S.-based Marsh LLC found that rates for directors and officers liability insurance rose more than 100% in the UK in Q2 as insurers fear that the pandemic will lead to hefty litigation claims. Occupational Safety and Health Association, for a willful violation, in which an employer knowingly failed to comply with an OSHA standard or demonstrated a plain indifference for employee safety, the maximum penalty has increase to $134,937/violation in 2020. The National Safety Council, the average cost of a workplace fatality and preventable death is now $1.19M. In addition to the legal and regulatory requirements, organizations are also faced with the new ‘see through economy’ where nothing is secret. Social media has created a world where it is no longer possible to keep even the smallest of incidents out of the public eye, exposing the brand in ways never before seen. When something goes viral, everyone, including customers, prospects, business partners, investors, etc. will know about it. To put the power of social media into perspective, consider a study by Cornell University, who found that hotels can expect to see an increase of 39% in their average daily rate if they can increase their score by just one unit on TripAdvisor, say from 3.5 to 4.5! A 39% increase in revenue is a huge incentive to protect the brand from the negative connotation of a safety and security incident taking place on your property, even if it’s as simple as a slip and fall accident. We envision a world where… At Zendelity, we envision a world where all organizations have a system of record for all types and levels of safety and security actions and issues. Where the safety and security team have a 365-degree view of all safety risks across the property and access to the real-time data necessary to improve response times. Where managing operating compliance is as simple as viewing a dashboard, running a report or receiving an automatic notification. We envision a time where operations will promote their ‘safety and security score’ as a badge of honor, as a means of competitive differentiation.  Similar to a ‘5-star hotel’, customers and guests will look for a ‘safety and security report card’ and those with a good track record will differentiate. Safety and security have become a complicated web We envision a world with smarter cities, where emergency services are able to respond faster and with more accuracy when they arrive on site due to improved situational awareness. Where both the on-site emergency response team and the emergency responders can act as one, to reduce the risk and improve safety during an incident. Safety and security have become a complicated web, the operating practices you employee to manage that risk will determine your success. So, ask yourself this, are the logbooks, checklists, and manuals really still good enough, are you willing to stake your business on it?

Protecting Retail Staff in a New Era: Live-streaming Body Cameras
Protecting Retail Staff in a New Era: Live-streaming Body Cameras

This year has been characterized by uncertainty and extraordinary strain, which has fallen heavily on all manner of key workers. Alongside our celebrated healthcare professionals, carers and the emergency services, those working in essential retail have proved themselves to be the backbone of our society during this challenging period. As people try to grasp onto normality and cope with the unexpected changes taking place in every aspect of their lives – including the way they are allowed to shop – it’s no surprise that tensions are now running higher than ever. Retail crime was already on the rise before the pandemic struck, with the British Retail Consortium finding that at least 424 violent or abusive incidents were reported every day last year. The Co-op recently reported its worst week in history in terms of abuse and antisocial behavior, with 990 incidents of antisocial behavior and verbal abuse suffered by staff between 20th and 26th July. 990 incidents of antisocial behavior and verbal abuse suffered by staff between 20th and 26th July To manage the increased risks currently faced by retail employees, businesses must adopt new initiatives to safeguard their staff. Growing numbers of retailers including the Co-op and Asda have equipped their in-store and delivery staff with body worn cameras to enhance safety and provide them with peace of mind, as well as to discourage altercations from taking place at all. Traditional tech Body worn cameras are nothing new and have been used within the law enforcement industry for years. Traditional devices are record-only and can be used to record video evidence able to be drawn upon ‘after the fact’ should it be needed as an objective view of an event and who was involved. These devices can also be used to discourage violent or verbally abusive incidents from occurring in the first place. If a customer is approached by an employee, they are likely to think twice about retaliating if they know their interaction is being recorded. This stance is supported by research from the University of Cambridge that found the use of body worn cameras improves the behavior of the wearer and those in its vicinity, as both are aware of the fact it can act as an objective ‘digital witness’ to the situation. However, record-only body worn cameras do leave much to be desired. In fact, the same University of Cambridge study found that, in the case of law enforcement, assaults against officers wearing these devices actually increased by 15%. This could be attributed to those being recorded being provoked by the presence of the camera or wanting to destroy any evidence it may hold.  Out with the old, in with the new Live-streaming enabled body worn cameras provide the benefits of record-only devices and more Fortunately, there is a better option. Live-streaming enabled body worn cameras provide the benefits of record-only devices and more. Live-streaming capabilities are able to take ‘after the fact’ evidence one step further and provide the wearer with ‘in the moment’ safety and reassurance. With these devices, if a retail employee is subject to a volatile situation with a customer, they can trigger live video to be streamed back to a central command and control room where security officers will be able to take the most appropriate course of action with heightened and real-time situational awareness. Having access to all of the information they could need instantly will enable security personnel to decide whether to attend the scene and diffuse the situation themselves or to take more drastic action if needed, before any harm has been caused. This capability is especially valuable for lone workers who don’t have access to instant support – such as delivery drivers, in-store or warehouse staff and distribution operators to name a few. The pandemic has also doubled the number of consumers who do their regular grocery shopping online, leading to potential supply and demand issues resulting in unhappy customers.  Live-streaming body worn cameras rely on uninterrupted mobile connectivity to excel, as they are not connected to any physical infrastructure. To minimize the risk of the live video stream buffering or freezing – a real possibility for delivery drivers who can be working anywhere in the country – retailers should look to deploy devices capable of streaming in real-time, with near zero latency footage, even when streaming over poor or constrained networks. To get the most out of their tech, retailers should also look to implement devices that can be multi-use and can be deployed as a body worn camera or a dashcam to record any incidents that may occur while driving.    Novel threats   This year brought about a new threat that retailers must protect their staff from While not to the same extent, retail workers have always been subject to a level of potential physical or verbal abuse. However, this year brought about a new threat that retailers must protect their staff from. The COVID-19 pandemic has been the cause of many of the new threats facing employees, but is also a threat in itself. To mitigate this, retailers should look to introduce remote elevated temperature detection cameras in their stores, which analyze body temperature and sound an alarm when somebody’s temperature exceeds a certain threshold – as this could indicate the presence of a potential fever. When deployed on the same cellular network as live-streaming enabled body cameras, these tools can be linked to a central command center and the alarms viewed remotely from any connected device. This means a network of cameras can be monitored efficiently from a single platform. Ensuring the protection and security of retail workers has come to the fore this year. With the risk of infection in high-footfall locations, such as supermarkets, and the added pressure that comes with monitoring and enforcing safety guidelines, retail staff are having to cope with a plethora of new challenges. Retailers should adopt innovative technologies within their stores and delivery trucks, such as live-streaming enabled body cameras and remote elevated temperature screening solutions, to minimize the threat faced by their employees and provide them with instant support and reassurance should it be required.