A major wave of change is coming to the wireless world. 5G mobile towers are cropping up in cities from Boston and Seattle to Dallas and Kansas City. This 5th generation wireless network touts a new level of speed and reliability. With the exponential growth of smart devices and the internet of things, current 4G networks are straining to meet bandwidth demand. 5G promises to deliver increased capacity and energy efficiency at a fraction of the cost.
However, the adoption of any new technology is always fraught with challenges. The transition to 5G will not happen at the press of a button. Initially, 5G will work in parallel to 4G networks as physical infrastructure is overhauled. Devices and network technology will need hardware upgrades to adapt to the new system. Eventually, 5G will be released as an all-software network that can be maintained like any other digital system today.
“The race to 5G is on, and America must win,” President Donald Trump said in April of 2019. And while politics and media have defined this race as whoever builds 5G the fastest, the tougher race is focused on retooling and securing this network. Because of software’s innate vulnerabilities, the ecosystem of 5G applications could pose a serious security risk, not just to individuals but also to the nation.
Let’s look at three key cyber security risks for 5G networks and what can be done to minimize them.
Risk Factor 1: Exponential Increase In Attack Surface
A network’s attack surface is the total of access points that can be exploited by a hacker. 5G’s dynamic software-based systems have far more traffic routing points than the current hardware-based, centralized hub-and-spoke designs that 4G has. Multiple unregulated entry points to the network can allow hackers access to location tracking and even cellular reception for logged-in users. This new architecture also makes current cybersecurity practices redundant, opening up the network to dangerous attacks.
Risk Mitigation: Early Planning And Investment
5G technologies require a complete rehaul of network security, which isn’t possible without significant funding and executive support. This is a shared responsibility between both governments and 5G businesses. Government policies need to take into account where the market falls short and how it can be addressed. We need to invest now — before we’re caught with no sustainable cybersecurity plans in place.
Risk Factor 2: Nonexistent IoT Security Standards
Many IoT devices are being manufactured with minimal or non-existent cybersecurity measures. These devices are already being used by hackers as entry points to enterprise networks. We may soon live in a world where billions of everyday devices, from toothbrushes to coffee machines, could be connecting to the internet automatically. In the future, such unsecured IoT devices could easily allow for man-in-the-middle attacks. A cybercriminal could intercept and change sensitive communication over 5G.
Risk Mitigation: IoT Manufacturer Incentives And Consumer Education
Just like the FCC (Federal Communications Commission) grades radio systems, we should have a new regulatory body to oversee IoT devices. But it’s important to plan for a scenario where IoT manufacturers may still not comply with new regulatory frameworks. This especially holds true for low-end IoT brands, which just may not be able to afford the added cost of production when it comes to these changes. Incentives like market monopoly or logistics support for complying brands will be required to effectively regulate the IoT market.
Moreover, 5G security is only as strong as its weakest links. Despite regulation, a wide variation in security quality may still exist. Customer education on how to choose and use IoT devices safely will be crucial. For example, labeling standards may need to be introduced to indicate which devices are secure and which are not.
Risk Factor 3: Dynamic Spectrum Sharing Makes Network Partitioning Complex
Current 4G systems use network partition methods to limit cyber attacks. Networks are subdivided by hardware to prevent the existence of a single point of failure. If one node of the network is attacked, it can be “quarantined” to limit the attack, without ceding control of the whole network. On the other hand, 5G uses short-range, low-cost and small-cell physical antennas within the geographic area of coverage. Each antenna can become a single point of control. Botnet and denial of service (DDoS) type attacks can bring down whole portions of the network simply by overloading a single node.
Also, 5G uses dynamic spectrum sharing, a telecommunication system that breaks data packets into “slices.” Each slice from different, parallel communications is sent over the same bandwidth. Each slice thus contributes to its cyber risk degree.
Risk Mitigation: Artificial Intelligence And Machine Learning In Network Management
The dynamic nature of 5G’s network architecture requires a dynamic and fast-learning management system. Software-based and intelligent computing solutions are required for effective countermeasures. AI-powered cyber solutions will continue learning and updating themselves. AI and machine learning can serve as powerful tools for 5G cybersecurity.
Cybersecurity Best Practices For Adopting 5G Networks
If you plan to switch to 5G networks, here are some things you can do to protect data misuse and system tracking from your devices.
1. Use a VPN when connecting any device to the internet. You can do this by implementing VPN routers in your home or office.
2. Set up complex passwords for all personal devices. Change default passwords on any IoT devices you may have at home.
3. Update your computer, phone and other devices regularly. Set up and use antivirus software on critical devices.
With this, you should be well on your way to embracing 5G and the innovation it will bring to all industries.
Artificial intelligence (AI) has many use cases, including cybersecurity. However, securing AI systems themselves has to be a priority. That’s the stance of the Securing AI Industry Specification Group (SAI ISG) at the European Telecommunications Standards Institute (ETSI), which released an official problem statement on the issue earlier this year.
An Aim to Secure AI
Alex Leadbeater, the Chair of SAI, told 6GWorldTM it’s critical to look beyond use cases, at least to start. Being the first standardisation initiative looking to secure AI, SAI faces many challenges, including promoting widespread adoption. Leadbeater sees the report as a step towards this and also finding common ground.
“How would you ensure the citizen could actually use an AI application and say, ‘You know what? I can prove and I can understand it’s unbiased. I can get some assurance it’s secure. I can get some assurance that when an AI makes a decision I stand somewhere being able to assert or at least be given some assurance that it’s working as intended,” said Leadbeater, who also acts as Head of Global Obligations Futures and Standards at BT.
Speaking to 6GWorld separately, Kathleen Walch, Principal Analyst at AI research firm Cognilytica, said bias can be tricky. She said it can be hard to spot and gave an example in which people born in even years had gotten loans at a higher rate than their odd-year counterparts.
“The system made a correlation that people born in even years would have a better chance at getting a loan and that really had nothing to do with anybody’s ability to get a loan. It was just what was in the data that was fed to the system. So you have to be careful about things like that, where no gender or race or geographic location came into play,” she said. “There’s been lots of discussion about what data is trained in these systems and how often do you need to retrain it. Bias is always going to be there. So how do you try and mitigate it?”
Navigating the AI Threat Landscape
It’s an ambitious goal, but one that’s necessary. Leadbeater said part of the problem is how AI has such a complex threat landscape for security precautions to navigate, compared to traditional IT systems.
“The actual bigger AI itself and all of its layers, its data sources, its models, its algorithms, its feedback loops, its actual fundamental building blocks, all have subtleties and nuances and additional complexities and layering, which security will be able to consider that don’t exist [in traditional IT systems],” he said. “The other challenge is there’s no what you might term, ‘Walks like a duck, quacks like a duck, it’s a duck‘ equivalent in here.”
As a result, Leadbeater said one cannot simply replicate the same precautions taken with older technologies, implying it’s almost like starting from scratch. It doesn’t help that things change very rapidly in the field.
“Things come into fashion and then go out of fashion… AI is an evolving area. Therefore, there is a tendency for AI to just creep into things relatively unintended,” he said.
Leadbeater‘s goal is to use the release of the report as a launch pad for a high-level view of the situation over the next 1.5-2 years. At that point, he said the group plans to start developing technical mitigations and “pick out some threads.” These may be ethics and security challenges; for example, AI’s “obscurity.”
Many people, despite perhaps having reservations about AI systems, currently use them without knowing it, with the SAI report making the distinction between automated vehicles and AI in lifestyle applications. Walch said sometimes it’s a matter of being willing to accept some risk for the sake of convenience when the stakes are lower.
She compared vehicles, where an accident could be disastrous, to a voice assistant at home. With the latter, if you were to ask for a recipe, it might not taste good. If you were to ask about the weather outside, you could always check for yourself. In other cases, like with vehicles, there just isn’t that fallback if humans are taken out of the equation.
“When we talk about artificial intelligence, we talk about it as the seven patterns of AI, because two people can be talking about AI and not talking about the same thing. I could be talking about chatbots. You could be talking about [automated] vehicles. Someone else could be talking about predictive maintenance. We’re all talking about AI, but it’s not the same application, and I think that when you use more of an augmented intelligence approach, which is keeping the human in the loop, not replacing the human. Then adoption becomes easier and the technology seems less threatening and the ramifications of it going wrong aren’t as high,” she said.
AI Ethics vs. Security
Walch was interviewed about AI ethics. Asked if she foresaw greater regulation to prevent things like the spread of misinformation through social-media bots, she said she sees a crackdown coming in some form, but it’s going to take time.
“I think that with any new and transformative technology we always say that you need to see how it plays out before you regulate it, because people who want to do bad things will just work around whatever regulations there are if you regulate it too early. Plus you need to see how people are using it,” she said.
In the announcement of the SAI report, Leadbeater had been quoted as saying that discussions about AI security standards tend to take a backseat to the subject of AI ethics. However, he did discuss the undeniable link between the two, with the need for privacy being front and centre today.
“That seems to be the way the two have ended up gelled together of late… due to some of the early unfortunate malfunctions of AI systems,” he said. “You think of some of the chatbots and things that turned accidentally racist or similar, because they’ve not got the security right or they’ve not got the feedback loops.”
Leadbeater also referenced the tug of war between those responsible for securing AI and malicious actors as a bit of a feedback loop itself. Improving security will only drive attackers to up their game. Ironically, ethics can have a part in originating the vicious cycle.
Image courtesy of ETSI ISG Securing Artificial Intelligence
“Some of the blocking techniques are reasonably public because the browser vendors or others want transparency and ethics and would therefore […] provide some interaction or indication to the user as to how they work, AI or otherwise. The attackers obviously don’t have that particular moral requirement to need to do the same,” he said.
Ultimately, Leadbeater called security a hidden, lower layer that helps ensure ethics are maintained. The ethics aspect is something people can easily lock onto because it’s easier to understand, especially when things go wrong and you don’t get the expected results. However, security is just as important.
“In order to ensure an AI acts ethically and it cannot be manipulated, ultimately you have to have some form of assured trust underneath and therefore you come back to the security problem.”
The UK is currently a hive of activity for government and regulatory involvement in telecoms. I can’t remember a time when so much emphasis has been put on my domain – from election commitments on gigabit broadband, to concerns over “high risk vendors” (HRVs) – notably Huawei.
This week has seen further progress through Parliament of the Telecom Security Bill (link) which makes telcos face legislation on cybersecurity and HRVs. There has also been the linked publication of the 5G Supply Chain Diversification Strategy (link), which ties the removal of Huawei gear with the government’s intentions to expand operators’ choice of other vendors.
I’m going to be spending considerably more time on the policy aspects of telecoms in coming months – not just my normal areas like spectrum, but more broadly the intersection with geopolitics, technology evolution and industrial strategy, competition and trade.
This article focuses on the diversification aspects – my thoughts on the published strategy, plus what I’d like to see in recommendations from the Task Force and policies from government in 2021. It’s a follow-on from my recent post on interoperability. Note: I’m not revisiting the HRV or Huawei issue here.
I should stress that this isn’t just parochial and UK-specific – it has wider ramifications on the global telecom market, and links up with activities in Brussels, Washington and elsewhere, such as the US Open RAN Policy Coalition, and the EU’s cybersecurity “toolbox” and upcoming European Cybersecurity Strategy review.
Disclosure – my advisory clients span a broad range of UK and international organisations, from startups to large vendors, service providers of numerous types, investors and branches of government. I work with companies and organisations that enable closed macro & small-cell networks, Open RAN, Wi-Fi, satellite connectivity and more. As people who know me will attest, my opinions are my own – and attempts to influence them will often backfire, even if made by paying clients. In fact, people pay me because I regularly say things they don’t want to hear. I like saying “no”.
Background
Even before the pandemic there was huge UK government engagement – and manifesto commitments – on “full fibre”, 5G mobile networks, sponsored testbeds & trials, and even satellite communications with the investment in OneWeb.
A lot of my own focus in recent years has been triggered by the Future Telecom Infrastructure Review in 2018, which kicked off the current regulatory enthusiasm for localised spectrum, enterprise/private cellular and neutral host networks – although other commentators had also advocated this for some time previously (*coughs modestly*).
In the last 6-12 months, there has been a specific focus on “supply chain diversification”, and a desire by policymakers to increase the number of equipment/software vendors in the market for network infrastructure. This isn’t new – the Government published its initial Telecom Supply Chain Review in mid-2019 – but it has lately taken on greater urgency.
The largest catalyst has been the recent action taken on Huawei and what that means for supply of equipment in the UK as a result, particularly for national 5G RAN build-outs by the four main UK MNOs BT, Vodafone, Telefonica O2 and 3UK.
The net result of this has been the establishment of the UK Telecoms Diversification Task Force as an advisory group (link), aligned with an internal project to develop a strategy and policy for broadening the vendor base, being run by DCMS (Department of Digital, Culture Media & Sport).
The new strategy document highlights what it sees as a duopoly of Nokia and Ericsson, especially for macro RAN gear, and suggests that if that continues it implies a risk to future resilience of the supply-chain. During the various Science & Technology committee hearings this year, there has been input from vendors, operators, security officials, task force members and others.
The discussion has largely been 5G-dominated, although the strategy document also mentions fixed-infrastructure diversification (subject to ongoing consultation and review). Many of the parliamentarians seem to think 5G is something special, and have bought into the “unicorn” visions of GDP uplift and “ubiquity”. (My regular readers know that 5G is “just another G” – an important upgrade, but not something which will change the world).
The strategy proposes three areas of action:
“Supporting incumbent suppliers” (Nokia and Ericsson) as major vendors, but suggests various approaches towards nudging them to greater levels of openness.
“Attracting new suppliers into the UK market” – this essentially means working out ways to get Samsung, NEC & Fujitsu more involved, as well as others. The parliamentary debate’s speakers also name-checked Mavenir, Parallel Wireless, Rakuten’s platform business and others.
“Accelerating open-interface solutions and deployment” – which refers more to the realm of industrial policy around Open RAN, and components such as semiconductors.
As you might imagine, I’ve got some fairly trenchant opinions on much of this.
Is the market that concentrated?
Clearly, the UK MNOs are today almost entirely dependent on Huawei, Nokia and Ericsson for their macro RAN deployments, although Samsung has previously been present in the 3UK’s 4G network, and Vodafone has recently started deploying gear from Mavenir in its Open RAN deployment.
However, some countries such as the US and Japan have maintained a greater diversity in macro RAN supply, despite a lack of Huawei gear – although there are some differences compared to the UK. Continued support of older 2G/3G services currently relying on combined “single RAN” infrastructures is a valid concern – and the Diversification report suggests it might be possible to sunset or improve interoperability there. The Samsung presentation and letter to the committee also had some suggestions about this (link).
I think there’s perhaps also a link to the historical “3GPP monoculture” in UK/Europe. Other regions had a mix of GSM, CDMA and local alternatives, which fostered greater supply fragmentation originally, which endured over time as the “single RAN” approach wasn’t as much of an obvious win (or lock-in).
It is worth noting that there is already good diversity for private cellular networks and specific mobile products such as 4G/5G cores, indoor wireless and other niches such as fixed-wireless access. Many alternative suppliers are gaining traction first in rural and other “secondary” areas, rather than dense urban macro locations.
One aspect the government hasn’t appeared to consider is how much of the anticipated 5G “upside” (whether you believe the $billions GDP numbers or not) is conveniently located in these very contexts which have greater levels of supply diversity. Many of the expected new 5G applications are indoors (in factories, hospitals etc), or in sectors such as agriculture.
Another set of “advanced connectivity” applications have alternative technology options, especially over the 3-5 years it will take 5G to mature. WiFi 6/6E/7, LoRa, 60GHz FWA, new satellite constellations and proprietary platforms like Amazon Sidewalk all offer alternatives to 5G. Yet I still hear people talking about 5G for low-latency AR/VR in peoples’ homes when it’s obvious that 90%+ of that will use Wi-Fi, for multiple reasons.
Reading the report and listening to the debates, there seems to be a certain amount of hindsight here, with regrets that previous governments hadn’t thought through possible consolidation from three big cellular vendors to two, irrespective of which was taken out of the equation or how. Some speakers went back further, to the days of Nortel and Marconi, mourning the loss of greater diversity and national sovereign capability.
There’s also an implied sense of worry that one of the existing incumbents might make a mis-step. It’s notable that the “supporting incumbents” line was absent in January discussions, but was perhaps catalysed by Nokia’s 5G woes earlier in this year. The US Attorney General floating the possibility of a US company acquiring either Nokia or Ericsson, probably raised the stakes even further, even if that suggestion was rapidly shot down at the time.
Other concurrent drivers have related to Brexit, trade deals with Japan (and presumably EU, US and S Korea in future) and the enthusiasm of the current administration for more “industrial policy”. There is interest in state-aid for many areas of technology, ranging from hydrogen-powered aircraft (“Jet Zero”) to biotech to quantum computing, with the aim of improving the UK’s export and trading prospects in new and emerging areas. Telecoms technology needs to be seen in the context of a very expansive vision from artificial meat to nuclear fusion. (Wearing my futurist hat, I heartily approve of this).
Open RAN & disaggregation
Perhaps the least-cohesive part of the strategy document (and some initial actions like the testing and interoperability lab announcements) is the focus on Open RAN as the main saviour of supply-chain diversification. It got a huge amount of airtime in the DCMS report, as well as in politicians’ speeches.
In my view, Open RAN is similar to 5G more generally – important, but getting rather over-hyped. It’s going to be very important in future, but it’s not the only game in town. Perhaps it will form the centrepiece of 6G, but for 5G macro – which is being deployed now – it’s going to be secondary, even if some of the Huawei rip/replace by 2027 uses it.
There seems to be quite a lot of disagreement between the MNOs as well – Vodafone is clearly a fan, while BT and 3UK seem more sceptical, with O2 somewhere in the middle.
I’m far from convinced that some of the detailed aspects in the document and annex – going as far as discussing eCPRI interfaces and 7.2 O-RAN splits – are the pivot-points for the overall diversification or resilience story. We don’t have TIP specs for OpenRAN 5G Massive MIMO yet, and may not get there for quite a while.
We’ll see a growing amount of vendor orientation on cloud and open RAN approaches anyway – Samsung, NEC and even Nokia are pursuing it. Ericsson and Huawei are being more diffident, but also seem to recognise that virtualisation is important, even if they’re not breaking open all bits of the RAN. Ericsson’s recent Cloud RAN announcement could reasonably be described as “tentative” (link).
While there’s a lot of action and excitement with Rakuten, Dish and other greenfield networks, that doesn’t mean that operators in the UK or elsewhere would necessarily follow suit, even if they could do it tomorrow. It would be nice for the option to be there – but I’m a little concerned that the document asserts that interoperability should always be a default rather than a viable option. (If you haven’t seen my post on interop, have a scan through it here). Different operators have different views – and different legacy infrastructure.
Think of an analogy: should the government also suggest that Airbus planes should interoperate with Boeing avionics? Or, for that matter, how many of the advocates would accept Linux as the “default” OS for their laptops, rather than being able to choose Windows or MacOS if they prefer?
I expect we’ll see a growing amount of Open RAN in rural and then perhaps suburban areas – but it’s going to be a long time before it’s common in existing MNOs’ urban cores and high-density macro domains. It’s an interesting platform for neutral host networks too, as the NEC trial points out. It is part of the overall “choice architecture” for future networks, but arguably the most interesting domains for advanced connectivity will get more choice / vendor competition from non-5G technology options. The normal 5G macro RAN is more about capacity for smartphone broadband, rather than clever new applications.
What we should aim to see from future UK Diversification recommendations & policy
What comes next is the Diversification Task Force recommendations, which are expected early in 2021. This will feed into the policies and actions taken by the rest of government – potentially DCMS, although some have suggested aspects should reside with Ofcom, the security agencies or other departments.
As some external input, I thought I’d lay out some my own preferences, principles and what I’d like to see. (I may also submit more formal comments into the consultation process).
Clarity of purpose(s): There is a tendency in the report and parliamentary debate to conflate security, supply resilience, competition, innovation, export opportunity and other drivers for telecoms (de)regulation. All are valid concerns and thus represent areas for government to become involved – but any individual recommendations or rules should break out the underlying purpose(s) clearly. Obviously, few politicians or media commentators are experts in telecoms networks arcana – so communications across Westminster and beyond needs to be crisp, and misconceptions and misrepresentations pointed out swiftly. Soundbites and spin always get attention – but must be rooted in technical reality rather than convenience and media-friendliness.
Technology neutrality: While there are specific concerns about 5G RAN as it’s a major current focus of investment – and because the intelligence/core functions are increasingly distributed – it’s far from the only important telecom technology, or the only one with a concentrated supplier base. 4G mobile, fibre and fixed-line broadband infrastructure, satellite and assorted other wireless technologies should also be considered as part of diversification. There’s no major UK Wi-Fi player, for instance, which ideally would be rectified. At a component level, we should rightly be considering semiconductors, but also many areas of cloud and software elements involved in ever-more-virtualised telecom networks as well.
Business model neutrality: This links to my recent post on interoperability. Governments shouldn’t mandate either proprietary or interoperable interfaces, or vertically-integrated or disaggregated solutions – as long as there’s enough competition. Openness is good – but both highest-performance and lowest-cost options may involve “black boxes”. Open RAN (which in any case needs more careful definitions and comes in multiple variants) has huge promise, but shouldn’t be a political football either. We should be encouraging market forces to operate effectively, in the demand side of telecoms networks. Choice is imperative. (You could say the same about net neutrality: if customers have a choice of 10+ ISPs, it doesn’t really matter if one of them sells “Ain’ternet” as long as it’s accurately marketed & distinguished from the real thing).
Realistic time horizons & paths: Regular readers of my posts may have noticed increasing mentions of “path dependence”. Timelines matter. If there’s an awkward 4-year gap between promise and reality for a given technology, for instance because of lengthy testing and commercialisation, that needs to be recognised upfront. We can’t leap straight to 6G, terabit FTTx or massive LEO satellite constellations, even if the UK might have an edge in specific components. The new rules need to reflect realistic time horizons – including buffers for delays. That’s especially relevant for things like Massive-MIMO 5G radios.
Removing obstacles: The UK’s telcos will continue to need large and medium sized international vendors for the foreseeable future. Ericsson and Nokia will obviously remain central, and we should be looking to encourage Samsung, NEC and Fujitsu in 5G – as well as the continued roles for Mavenir, AirSpan, Parallel Wireless, Commscope, Cisco, Juniper, Microsoft and so on. We need to address why, for instance, Samsung is largely absent from UK MNOs’ networks, despite its profile in Korea and the US. If it is about the need for continued support of 2G/3G and other legacy systems (for instance to support eCall), then we should be considering creative solutions for this. I could even imagine a government-sponsored 2G shared network to support M2M and emergency calls, leaving MNOs to focus on 4G/5G differentiation (and reclaiming spectrum).
Global vision: While I can understand why government likes the idea of home-grown UK telecom startups thriving, this vision needs to be tempered with reality. It isn’t realistic to expect UK firms to tackle all aspects of network infrastructure at the scale and expertise needed by major telcos. This doesn’t just mean “heavy iron” macro 5G networks, but also future elements such as fibre transport or hyperscale cloud for next-generation platforms. There won’t be a UK (or European) equivalent to AWS or Azure any time soon, nor a Qualcomm equivalent. If domestic self-sufficiency and ownership was a desire, there would have been obvious questions about recent sales of ip.access and Metaswitch. The diversification review should address areas where the UK should expect to collaborate internationally – as well as its contribution to new standards, for instance on 6G development.
Supporting cast: For all the various reasons mentioned above – security, supply resilience, export opportunity and so forth – the “leading actors” of MNOs, semiconductor designers and network hardware/software vendors will need other sets of market players to evolve in tandem. Government is right to be creating testing labs, but should also look at training centres for engineers and installers, university courses, systems integrators, infrastructure financiers, insurance providers and many others. It doesn’t have to (and probably shouldn’t) fund all of these, but it can perhaps advocate for their growth, and help remove barriers if they exist. How many indoor mmWave 5G URLLC vertical specialist engineers – or OpenRAN Massive MIMO maintenance teams – are there in the UK? How can we multiply that by 100x?
Flexibility to respond to emergent events: Linked to path-dependence is the concept of protecting “optionality”. I can come up with a range of scenarios under which the world might evolve in surprising directions, both technologically and geopolitically. China might reach a different set of compromises with Joe Biden on network vendors, components and trade. Brexit and new UK trade deals may impact supply chains and telecoms demand in unexpected ways – positive or negative. New cybersecurity vulnerabilities might come to light – or new safeguards developed. Any new policies on diversification should aim to enable new vendors and standards, rather than add constraints such as mandating specific interfaces.
Industry verticals & new applications: The UK authorities, like others around the world, seem focused on Industry 4.0, automation, IoT and the potential benefits of greater network-intensity in many sectors. This filters through to the idea of private networks, cloud/edge computing and other adjacent domains. It may also feature high on the telecoms diversification agenda. My view is that this should revolve around a general principle of “advanced connectivity”, rather than specifically relating to 5G and its supply chain. Wi-Fi, fibre, LoRa, Bluetooth and even proprietary network solutions have equally-important roles to play, and as before, neutrality of policy is desirable. The government should consider technology substitution between options, as well as vendor choice within one technology.
Awareness of energy & CO2 implications: One of the trade-offs of “abstraction layers” and simplicity/flexibility can sometimes be increased power consumption. “Software-defined X” or “Adaptive Y” can involve lower efficiency than something optimised or hardware-based. The UK should be thinking about a future of networks where everything has a CO2 budget – perhaps with cascading carbon taxes built in. Rather than least-cost routing, we might find networks built around lowest-energy optimisation. I didn’t see anything about energy or CO2 in the strategy document.
Overall, as a UK-telecom industry analyst and advisor, I see this as both worthwhile and exciting – and I’m keen to participate in one way or another when possible. I’m certainly intending to check up on how the ongoing pronouncements fit with the principles I’ve outlined here. (I’ll also be pondering the international ramifications and linkages).
I think the existing Diversification Strategy makes some good points and has clearly taken inputs from numerous well-placed and knowledgeable sources. However, it’s a bit too focused on 5G, Open RAN and macro networks, rather than the broader realm of “Advanced Connectivity”. I’d like to see more technology neutrality and optionality across the board.
It also blends together multiple issues – cybersecurity, resilience, UK industrial policy, competition, technical philosophy and so on – when they sometimes only have tenuous or debatable links. Interoperability is used as a “glue” to stick together the separate parts. I’d rather see broad top-level goals such as “security” and “optionality” and separate self-consistent analysis for each purpose.
A Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack occurs when one or many compromised (that is, infected) systems launch a flooding attack on one or more targets, in an attempt to overload their network resources and disrupt service or cause a complete service shutdown.
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks have plagued commercial and enterprise networks since early 1970. In terms of damage to network infrastructure, service continuity and business reputation, DoS/DDoS attacks have racked up some of the most successful cyberattacks to date. The Allot DDoS Attack Handbook outlines the most common attacks and their implications for CSP network assets and business. For each attack, real customer success stories demonstrate how Allot’s DDoS Protection solution, powered by Allot DDoS Secure, helps CSPs and enterprises establish a highly effective first line of defense against cyber threats.
To learn more about DDoS attack types see our DDoS Attack Handbook – Click here to download your copy.
In an ACK or ACK-PUSH Flood, attackers send spoofed ACK (or ACK-PUSH) packets at very high packet rates. In other words, they acknowledge session requests that were never sent and do not exist. Packets that do not belong to any existing session on the victim’s firewall or any security device along the path, generate unnecessary lookups in the state tables. This extra load exhausts system resources.
Read how Allot helps an ISP in North America stop ACK Floods.
Amplified DNS Flood
An Amplified DNS Flood is a DNS attack on steroids! It takes advantage of the Open Recursive DNS server infrastructure to overwhelm the spoofed target victim with large volumes of traffic. The attacker sends small DNS requests with a spoofed IP address to open DNS resolvers on the Internet. The DNS resolvers reply to the spoofed IP address with responses that are far larger than the request. All of the reflected/amplified responses come back to flood the victim’s DNS server(s), whitypes of DDoS attacks ch usually takes them offline.
Read how Allot helps VOO stop Amplified DNS Floods.
CHARGEN Reflective Flood
CHARGEN Reflection attacks take advantage of the Character Generation Protocol, originally designed for troubleshooting, which allows sending a random number of characters. The attacker sends tens of thousands of CHARGEN requests by utilizing botnets to one or more publicly-accessible systems offering the CHARGEN service.
Read how Allot helped stop CHARGEN Reflective Flood attacks.
CLDAP Reflection Attack
A CLDAP Reflection Attack exploits the Connectionless Lightweight Directory Access Protocol (CLDAP), which is an efficient alternative to LDAP queries over UDP. Attacker sends an CLDAP request to a LDAP server with a spoofed sender IP address (the target’s IP). The server responds with a bulked-up response to the target’s IP causing the reflection attack. The victim’s machine cannot process the massive amount of CLDAP data at the same time.
Read how Allot helped MSSP in Australia stop CLSAP Reflection attacks.
DNS Flood
A DNS Flood sends spoofed DNS requests at a high packet rate and from a wide range of source IP addresses to the target network. Since the requests appear to be valid, the victim’s DNS servers respond to all the spoofed requests, and their capacity can be overwhelmed by the sheer number of requests.
Read how Allot helps a National Broadband Carrier in Africa stop DNS Floods.
HTTP/S Flood
HTTP (and its encrypted form HTTPS) is a transport protocol for browser-based Internet requests, commonly used to load webpages or to send form content over the Internet. In an HTTP/S flood attack the attacker exploits seemingly-legitimate HTTP GET or POST requests to attack a web service or application. These attacks often utilize many botnets such as infected IoT devices.
Read how Allot helped stop HTTP/S Flood attacks.
IoT Botnet Attack
IoT botnets are created as hackers infect numerous Internet-connected (IoT) devices and recruit them to launch large-scale DDoS attacks that have been measured in Terabits/sec! These attacks are difficult to detect and mitigate because they use hit-and-run tactics that originate from numerous IoT vectors distributed across many locations – often worldwide.
Read how Allot stopped IoT DDoS attacks powered by Mirai.
LDAP Amplification Attack
LDAP Amplification attacks leverage the Lightweight Directory Access Protocol (LDAP) which is used by Microsoft Active Directory and millions of organizations to verify username and password information and permit access to applications. The attacker sends small requests to a publicly available vulnerable LDAP server with open TCP port 389 in order to produce large (amplified) replies, reflected to a target server.
Read how Allot helps MSSP in Australia stop LDAP Amplification attacks.
NTP Amplification
In an NTP (Network Time Protocol) amplification, an attacker uses a spoofed IP address of the victim’s NTP infrastructure and sends small NTP requests to servers on the Internet, resulting in a very high volume of NTP responses. Since attackers spoof the victim’s NTP infrastructure, all of the reflected/amplified responses flood the victim’s NTP server.
Read how Allot helps VOO fight NTP Amplification attacks.
Ping Flood
In a Ping Flood, an attacker sends spoofed ICMP echo request (pings) packets at a high rate from random source IP ranges or using the victim’s IP address. Most devices on a network will, by default, respond to the ping by sending a reply to the source IP address.
Read how Allot helps BVU fight UDP Floods.
RST/FIN Flood
In TCP, a FIN packet says, “We’re done talking, please acknowledge” and waits for an ACK response. An RST packet says, “Session over” and resets the connection without an ACK. In an RST/FIN Flood, attackers send a high rate of spoofed RST or FIN packets in an attempt to use up resources on the target.
Read how Allot helps a Tier-1 operator in LATAM fight RST/FIN Flood attacks.
SNMP Reflected Amplification Attack
SNMP reflected amplification attacks leverage the Simple Network Management Protocol (SNMP) used for configuring and collecting information from network devices like servers, switches, routers and printers. Similar to other reflection attacks, the attacker uses SNMP to trigger a flood of responses to the target. The perpetrator sends out a large number of SNMP queries with a spoofed IP address (the target’s) to numerous connected devices that, in turn, reply to that forged address.
Read how Allot helped stop SNMP Reflected Amplification attack.
SSDP Reflected Amplification Attack
Simple Service Discovery Protocol (SSDP) is a network protocol that enables universal plug and play (UPnP) devices to send and receive information using UDP on port 1900. Vulnerable devices such as home routers, firewalls, printers, access points and the like, respond with UPnP “reply” packets sent to the spoofed IP address of victim’s network, overwhelming it.
Read how Allot helps an MSSP in Australia stop SSDP attacks.
SYN Flood
A SYN Flood, often generated by botnets, is designed to consume resources of the victim server, such as firewalls or other perimeter defense elements, in an attempt to overwhelm their capacity limits and bring them down. The target receives SYN packets at very high rates which rapidly fill up its connection state table, resulting in disconnections, dropping of legitimate traffic packets, or even worse – element reboot.
Read how Allot helps a tier-1 service provider in North America fight SYN Flood attacks.
TOS Flood
In a TOS (Type of Service) Flood, attackers forge the ‘TOS’ field of the IP packet header, which is used for Explicit Congestion Notification (ECN) and Differentiated Services (DiffServ) flags. There are two known types of TOS attack scenarios. In the first, the attacker spoofs the ECN flag, which reduces the throughput of individual connections thereby Allot’s DDoS Secure causing a server to appear out of service or non-responsive. In the second, the attacker utilizes the DiffServ class flags in the TOS field to increase the priority of attack traffic over legitimate traffic in order to intensify the impact of the DDoS attack.
Read how Allot helps a tier-1 operator in LATAM fight TOS Flood attacks.
Tsunami SYN Flood
A SYN flood attack is a flood of multiple TCP SYN messages requesting to initiate a connection between the source system and the target, filling up its state table and exhausting its resources. The Tsunami SYN flood attack is a flood of SYN packets containing about 1,000 bytes per packet as opposed to the low data footprint a regular SYN packet would usually contain.
Read how Allot helped stop Tsunami SYN Floods attacks.
UDP Flood
In a UDP Flood, attackers send small spoofed UDP packets at a high rate to random ports on the victim’s system using a large range of source IPs. This consumes essential network element resources on the victim’s network which are overwhelmed by the large number of incoming UDP packets.
Read how Allot helps BVU fight UDP Floods.
UDP Fragmentation
UDP Fragmentation attacks send large UDP packets (1500+ bytes) which consume more network bandwidth. Since the fragmented packets usually cannot be reassembled, they consume significant resources on stateful devices such as firewalls along the traffic path.
So what can we expect for 2020? We’re going to keep our forecast in the realm of cybersecurity and AI this year, looking at both the threat landscape and the emergence of innovative defenses.
Malware developers already use a variety of techniques to evade sandboxes.
In 2020, we believe that new malware–using AI-models to evade sandboxes–will be born.
The focus of the global hacker community will shift to emphasize ransomware and cryptojacking.
Our focus is on using deep learning to advance the standards in malware detection (and we see a lot of good happening in that regard) so we bring a unique perspective to these two areas.
And not to brag, but when the question came up last year we provided a modest forecast that turned out to be fairly accurate. Here’s a quick recap:
-Our bet was behind the emergence of AI-as-a-Service. It’s comforting to know that Microsoft CEO Satya Nadella agrees, and sees a $77 billion market by 2025, according to Motley Fool.
-Last year we predicted the emergence of more sophisticated learning techniques, advancing the capabilities and efficacy of machine learning and deep learning algorithms, and that has been happening.
-We’ll even take credit for our prediction that AI in all its forms would see greater commercialization and consumerization, even though that one was probably self-evident in hindsight. Development and improvement in products like smart assistants, smartphones, autonomous vehicles, medical devices and more will continue apace now that AI is mainstream.
So what can we expect for 2020? We’re going to keep our forecast in the realm of cybersecurity and AI this year, looking at both the threat landscape and the emergence of innovative defenses. Here are five trends we see developing in the new year.
Cybercrime will focus on ransomware and cryptojacking
The focus of the global hacker community will shift to emphasize ransomware and cryptojacking. Ransomware has proven to be a lucrative source of income for hackers, and as associated malware and delivery techniques become more effective, that is only going to embolden them. Most hackers launch attacks from locations beyond the reach of U.S. authorities, and they collect payments in the form of cryptocurrency to minimize the risk factor of their illicit endeavors. And as cryptocurrency becomes more mainstream, we foresee a sharp increase in attacks intended to hijack computing resources to power the computations necessary to “mine” coins. What we’re seeing in Blue Hexagon Labs research is that cryptojacking attacks appear to have an inverse relationship to ransomware attacks. This is likely driven by hacker motivations; as the value of cryptocurrency increases, it may be more lucrative (and easier) to focus on cryptojacking than ransomware.
Criminal hackers are innovators and entrepreneurial (even if they are evil, self-centered, and destructive innovators and entrepreneurs). As such, they are keen on minimizing cost and risk, and one way they are doing that is by productizing their tools and skills. As a result, Malware-as-a-Service hacking groups are now selling kits and automated services on dark web marketplaces. In March of this year, we wrote about Gandcrab ransomware-as-a-service. We will see these services increase in sophistication in the coming year–for example, the ability to select customizations such as the type of obfuscation or evasion techniques, and the way the malware is delivered. This will make it easier for anyone to get in on the malware game, creating a force multiplier effect that will increase the number of threats enterprises will face in the years to come.
First malware using AI-Models to evade sandboxes will be born in 2020
Malware developers already use a variety of techniques to evade sandboxes. A recent article explained that “Cerber ransomware runs 28 processes to check if it is really running in a target environment, refusing to detonate if it finds debuggers installed to detect malware, the presence of virtual machines (a basic “tell” for traditional sandboxes), or loaded modules, file paths, etc., known to be used by different traditional sandboxing vendors.”
In 2020, we believe that new malware–using AI-models to evade sandboxes–will be born. This has already been investigated in academia. Instead of using rules to determine whether the “features” and “processes” indicate the sample is in a sandbox, malware authors will instead use AI, effectively creating malware that can more accurately analyze its environment to determine if it is running in a sandbox, making it more effective at evasion. As a result of these malware author innovations and existing limitations, the sandbox will become ineffective as a means to detect unknown malware. Correspondingly, cybersecurity defenders’ adoption of AI-powered malware defenses will increase.
The rollout of 5G networks will bring new attack vectors
The infrastructure needed to roll out and manage new 5G networks requires a more complex, software-defined architecture than older communication networks. This new architecture means services will operate within a more complex environment with a broader attack surface that requires more security diligence on the part of the service providers. In addition, the advent of 5G networks will enable more endpoint devices that will require security at the network edge. Hackers, in particular, nation-state threat actors, will work hard to find and exploit weaknesses in this architecture to intercept traffic, disrupt services, and deliver payloads to endpoints and networks.
Privacy regulations drive more spending in cybersecurity
The European Union’s General Data Protection Regulation (GDPR) has inspired a number of privacy regulations, including the new California Consumer Privacy Act (CCPA). In the CCPA, California has created a combined privacy and breach disclosure law that goes into effect on January 1, 2020. The office of the California attorney general recommends NIST (800-53 or CSF) or ISO 27001 as their standards for implementation, and uses CIS Controls for security program guidance. That means an emphasis on malware detection and prevention, and with data breach violations reaching hundreds of millions of dollars in the EU and U.S., we predict CCPA and the recent history of enforcement will drive a significant increase in cybersecurity spending.
Even though the overall theme of these predictions suggests increasing threats and risks to the enterprise, we do see cause for optimism. Our experience with the application of deep learning to meet the challenges of threat detection and prevention give us hope that, as our efforts and those of other innovators continue and build momentum, we are confident that 2020 will be regarded as the year our industry finally turned the tide against hackers.
Cybersecurity threats are as inevitable as superhero movie sequels. But what do you do when you don’t have the Avengers to block cyberhackers from exploiting every vulnerability you didn’t even know about?
First, you can’t underestimate the threat. According to Ginny Rommetti, President and CEO of IBM, “Cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.” Some estimates indicate that cybercrime will cost the world $6 trillion annually by 2021. Last year, Norton discovered that over 60 million Americans were targeted by cyberattacks.
The hard truth is that you and your business are at risk and making sure you aren’t exposed isn’t easy. While there are ample tools at your disposal to ensure your safety against what’s already known, preparation is the only way to handle the types of yet-to-be-defined problems that will hit millions of businesses in 2020 and beyond. We scoured all the data and published research forecasting emerging threats and discovered the five most dangerous trends to watch for next year.
1. Corrupting Government
With the 2020 US presidential elections only months away, the politically-targeted cyberattacks will continue in full force. This year alone had over 800 political cyberattacks, according to research provided by Microsoft in an interview with Rolling Stone. Though aimed at political parties, candidates, and the US government, attacks like these pose a serious threat to US residents—and we’re not just talking about the safety of their personal information and identity.
Foreign entities are attacking the US in a number of ways—many of which threaten the nation’s security offline. In 2019, North Korean hackers phished to find which countries were studying their nuclear efforts. Before that, an espionage group from Iran targeted US government infrastructures, according to the Center for Strategic and International Studies. The number of political cyberattacks to come in 2020 will likely make the 800 that happened this year seem insignificant.
2. Exposing Healthcare
The healthcare industry is a treasure trove of personal information and health data, making it one of the greatest gatekeepers of personal information. That means it is also a major target for cyberattacks. But criminals want way more than just your identity. In fact, a growing risk for 2020 is the theft of intellectual property such as the Chinese-state sponsored hackers who targeted US cancer institutes, according to CSIS.
What’s unusual about this is that some of those found to be hacking the healthcare industry are small bands of hackers, as opposed to large criminal organizations. Generally, personal information is the most valuable to small band hackers as it can be quickly sold for large sums. According to the healthcare analytics firm, Protenus, the number of exposed patient records has doubled from 15 million in 2018 to 32 million between January and June 2019.
3. Breaching Social
People are watching you on social. That is the purpose of social media after all. The trouble is, who is watching you and what type of information they’re looking for as well as how they can use that information for strategic cyberattacks. Social media has grown rapidly in the past decade, and with that, so has social media cybercrime. According to the Bromium report on Social Media and Cyber Crime, 20% of organizations are infected by malware from social media connections.
What makes social a gaping opportunity for cybercrime is that it can be used by hackers to act as a Trojan Horse. This creates a domino effect where a cybercriminal can infect an account or ad with malware that gets passed on to reach an entire user’s network, and those users’ networks. What’s more, hackers are becoming more advanced and are beginning to use social to not just hack individuals, but the companies that users work for, according to Fast Company. This means you could be exposing your employer to attacks or your employees could be unwittingly inviting these issues to your company.
4. Targeting New Tech
The much-anticipated rollout of 5G in 2020 holds the power to change the way we use the internet with faster-than-ever speeds, but it will also change the sheer volume of devices susceptible to cyberattacks, according to NeuShield. From increasing the risks involved with mobile banking to something as nonessential as virtual reality headsets, we will be surrounded by potential cyberthreats.
The reason 5G will make everyone more vulnerable to cyberattacks is that it enables such a diverse range of devices, making it difficult to create and provide security measures that can serve all. Mobile banking alone saw a 50% increase in cyberattacks from 2018 to 2019, according to Check Point’s “Cyber Attack Trends: 2019 Mid-Year Report,” and that number is likely to increase with the introduction of 5G.
5. Hacking Your Home
Smart homes are not always such a smart idea. While the technology was created to simplify our lives, devices like the Google Home and Amazon Echo are turning into smart spies. Your handy home assistant is prone to cyberattacks, enabling hackers to spy on users in their homes, according to an interview with Karsten Nohl, a chief scientist at Security Research Labs and the BBC News.
At-home safely also goes beyond smart home devices. Other tech tools and gadgets we use at home might feel like modern-day lifesavers, but many are putting our families at risk. It sounds great to get to turn off lights remotely or open your garage door from your phone, but these same technologies are highly susceptible to being hacked and in the process, both homes—and identities—are exposed.
Bottom Line – Emerging Cybersecurity Threats 2020
According to the National Cyber Security Alliance, 60% of small and midsized businesses that were hacked went out of business within six months of the assault. The reasons why are obvious with a 2019 study discovering that cyberattack incidents cost businesses of all sizes an average of $200,000. We conducted this analysis of the latest technologies to discover which pose the biggest cybersecurity threats in 2020 that have the power to affect the highest number of people.
Whether hackers are pursuing individuals, companies, or political systems, everyone is at-risk and when something happens millions are affected—directly or indirectly. While we can’t live in a bubble, the first step to protecting against cybercrime is awareness.
5G emerges in the shipping industry, playing a crucial role in the development of maritime technologies; 5G, once it sets in the industry, will play a crucial role in communications, providing an improved high-quality voice and data communications.
Specifically, ships are currently operating using VSAT support and Inmarsat voice and data communication.
Thus, 5G will also strengthen connectivity and cybe security, for shipping companies and vessels as well.
In the meantime, the European Space Agency is developing a 5G satellite implementation, whose trials are expected to be completed by 2020. Therefore, shipping companies have to begin preparations for the development of new digital services from the 5G satellite once they are available.
In light of the 5G network, the Korean Register will introduce it as a reference model to address cyber threats in ships and companies.
Shipping companies are primarily focused on the security isolation of IT and OT systems; To assist companies, 5G applied the following model:
As shown in the image above, the technical mechanism addresses the need for security isolation. The design subcategories considered are enforcement location and isolation granularity; another method is to apply policy design. Cybersecurity is an important factor to be considered in the ship design stage.
Scientists in Japan have transferred data at 100 gigabits per second in high-frequency wavelength bands over a distance of 330 feet for the first time. (Image credit: fhm via Getty Images) A consortium of companies in Japan has built the world’s first high-speed 6G wireless device, capable of transmitting data at blistering speeds of 100 […]
Discover the revolutionary Top 10 Technologies for 2025 that will shape our future. From AI to Quantum Computing, see what innovations await. Introduction to Future Technologies As we edge closer to 2025, the technology landscape continues to evolve at a breathtaking pace. Identifying the top ten technologies is not just about predicting trends; it’s about […]
6G is looking to achieve a broad range of goals in turn, requiring an extensive array of technologies. Like 5G, no single technology will define 6G. The groundwork laid out in the previous generation will serve as a starting point for the new one. As a distinct new generation though, 6G will also break free […]
It’s been years in the making, but 5G — the next big chapter in wireless technology — is finally approaching the mainstream. While we haven’t yet reached the point where it’s available everywhere, nearly all of the best smartphones are 5G-capable these days, and you’re far more likely to see a 5G icon lit up on your […]
With private networks connecting to many IoT devices, testing the device’s user interface requires updating test processes. Many IoT use cases rely on private 5G networks because they offer greater network control, better security, more reliable performance, and dedicated coverage and capacity as opposed to using a public network. With these advantages, private networks play […]