IoT can be considered the “device,” the “network” and the “application;” this is its DNA. Mobile IoT (MIoT) benefits from licensed bandwidth and SIM-based security in the same way your expensive smartphone does, so is inherently less vulnerable. However, the devices can be anything, some so small and limited in hardware resources they simply cannot support cybersecurity. Many will be sensors or other inaccessible nodes, meaning they are “set it and forget it,” generating limited maintenance and long lifecycles—both adversaries of security.
Speed to market and cost is key for IoT vendors, and to support this, most will reuse components and software to reduce overhead cost. This compromises the continuity and security of design and allows cyber techniques to be reused on multiple, possibly very diverse and not obviously related IoT solutions. Regulations and legislation could combat this issue but currently they appear to focus on particular segments of IoT such as government applications. This will eventually trickle down over time, but the exposure will be there, and success depends on how well-harmonized the guidelines are globally.
Some assets are too expensive to replace, so instead will require retrofitting of connectivity. This again represents a compromise in design, and potentially security. We must also remember that security, or even connectivity, may not be a core competence of the manufacturers upgrading, or building IoT—meaning processes and testing for security must be an integral part of rollout.
We’ve seen that MIoT and 5G will be large and consist of exponentially more vendors and suppliers than ever before and the skill needed to secure them will be equally more diverse. To be effective, security needs to be considered for the end-to-end solution, from the device through the network to the applications that run them. This is true in not only recognizing threats but addressing them. To tweak a problem with a network setting or in the application code is more effective than a visit to the hardware.
Cooperation between network operators, network vendors, IoT manufacturers, system integrators, security professionals and 5G consumers is the only way protection can scale to secure 5G. Enabling this collaboration is just as important as any technology.
What will we be contemplating in 2031?
5G will move the primary use of telecoms from individual humans communicating to something far more encompassing: any IoT device communicating with the network. Historically, this could be compared to the invention of the printing press. Instead of limited person-to-person communication by letter, newspapers and books allowed delivery of information much more widely. This sharing of data created a consciousness that drove a speed of social and political change never seen before. This was unprecedented and unpredictable, and it brought about huge global change, bringing down governments and monarchies.
2031 will see 6G designed to allow every device to communicate with every other. This could represent IoT’s arrival as true social media, with billions of interconnected devices communicating with each other at a global scale.