The timeline of human history is marked by inflection points of major technological advancement. The plow, the printing press, the telegraph, the steam engine, electricity, the telephone, the internet: each of these breakthroughs precipitated tectonic shifts in how people lived and worked. Now, in the early part of the 21st century, we stand witness to the birth of a new industrial revolution built on 5th generation cellular technology - 5G network.
As the name implies, 5G network follows a developmental chain. First came 1G, the first generation of cellular communication that freed us to make voice calls without being tethered...
Not even 30 years separate us from the end of the Cold War. Yet, we appear to be witnessing the emergence of a new one, a technology Cold War between the United States and China. This time, instead of a ‘red under the bed’, the US government has declared there is one at the back door. It accuses Chinese technology companies of deliberately building vulnerabilities into their tech, allowing the Chinese to access and control the 5G critical infrastructure, and through it the connected devices and machinery at will.
Headlines are dominated by the case against Huawei, and debate continues...
Don’t let the “5G” in the title confuse you. This post is not only about the telcos’ core networks, but about the 5G security and privacy issues in our (very) near, and very different future that 5G will enable. In the 5G-enabled massive Internet of Things (mIoT) world we’re about to find ourselves in, we are expected to have 1000 devices connected for every person… These devices will be the components of the ‘5G operating system’ for our smart cities, our industry 4.0, our smart homes, smart transportation, smart healthcare, and much more. To enable this future, we will...
More than half of the world’s population lives in cities. The UN estimates that by 2050 that proportion will be 68% - more than 6 billion people living in high-density conditions. This raises significant challenges. What is the best way to ensure that human needs are met in a fair and equitable way? How will we face challenges like resource strain, waste and pollution management, traffic congestion and connectivity?
In response to these wicked problems, cities are increasingly relying on smart technologies to foster greater efficiency and sustainable growth. These interventions do not, however, come without their own complications. Just...
On 14th March 2019, NATO Secretary General Jens Stoltenberg at the launch of his Annual Report for 2018 touched on security and geopolitical concerns of 5G (full transcript here).
Stoltenberg said that allies are "...consulting closely on this issue, including on the security aspects on investments in 5G networks."
The Secretary General acknowledged that “NATO allies have expressed their concerns over Huawei and their role in providing 5G infrastructure” and added “NATO takes these concerns very seriously.”
“We will now assess the issue and find out how NATO, in the best way possible, can address the challenges in terms of investments into...
After Washington last week warned Germany that it would scale back intelligence data-sharing with Berlin if China’s Huawei was allowed to participate in German 5G implementation, German Chancellor Angela Merkel pushed back to assert independence.
Merkel stated that the German government was keenly focused on security 5G mobile infrastructure, but Berlin would keep its own counsel. "Security, particularly when it comes to the expansion of the 5G network, but also elsewhere in the digital area, is a very important concern for the German government, so we are defining our standards for ourselves,” Merkel said.
Reuters report here.
The Global mobile Suppliers Association (GSA) today issued a 5G Security Primer whitepaper. The whitepaper provides a top-level overview of the security considerations and required approaches necessary for securing 5G networks. GSA calls on industry to adopt security best practices to make 5G a success.
The whitepaper includes detail on trust models and assumptions within 5G networks compared to LTE. It also outlines how 5G architecture and features enhance security including network slicing and SBA (Service-Based Architecture), Authentication and Identity Management, Privacy, Inter-operator Security, the role of multi-access edge computing (MEC), the potential security impact on user experience and the...
Getting smart about security in smart systems
Smart used to be something we called people or pets. It wasn't a term one would use to describe one's hairbrush. That is changing, of course, in an era of accelerating digital transformation. Now we have smart homes, smart cities, smart grids, smart refrigerators and, yes, even smart hairbrushes. What's not so smart, though, is the way the cybersecurity and cyber-kinetic security risks of these systems are often overlooked, and with new horizon technologies like 5G, these problems are set to grow exponentially.
Cyber-physical systems and the smartification of our world
Cyber-connected objects have become...
Cybersecurity strategies need to change in order to address the new issues that Machine Learning (ML) and Artificial Intelligence (AI) bring into the equation. Although those issues have not yet reached crisis stage, signs are clear that they will need to be addressed – and soon – if cyberattackers are to be prevented from obtaining a decided advantage in the continuing arms race between hackers and those who keep organizations’ systems secure.
ML and AI can magnify existing vulnerabilities and open the door to new attack strategies. At the same time, though, they offer new tools to help organizations secure...
Cybersecuring railway systems from potential attackers must become paramount in the digitization that those systems currently undergo. Their cybersecurity is too closely interlinked with the railway safety to leave the door open to disruption. To make matters worse, they are increasingly being targeted.
Railway systems have long been critical. Mass transit systems move hundreds of thousands of people throughout urban areas each work day. Freight systems move an estimated 40 tons of freight for every person in the U.S. every year. Imagine the chaos if they were disrupted.
These systems have always been challenging to secure. Even urban mass transit systems...
As IoT adoption continues to proliferate, manufactures and adopters are increasingly aware of cybersecurity risks to IoT. Yet, even among the IoT security professionals, one significant potential remote attack vector is often overlooked: intentional electromagnetic interference (IEMI).
Electromagnetic interference (EMI) surrounds us – natural causes, such as solar flares and lightning; and man-made sources such as radio and TV broadcasting, radars, microwaves and many others all emit electromagnetic waves that could disrupt operation of electrical and electronic devices. That is, if devices wouldn’t comply with numerous electromagnetic compatibility (EMC) standards which ensure correct operation in common electromagnetic environment and resilience...
Targeted cyberattacks against critical infrastructure (CI) are increasing on a global scale. Critical systems are rapidly being connected to the internet, affording attackers opportunities to target virtual systems that operate and monitor physical structures and physical processes through various modes of cyberattack.
When people think of cyberattacks, their minds often go first to the financial sector. After all, that’s the type of attack people hear about most frequently; it’s where the money is and it’s what seems most natural for cybercriminals to target. Enterprises frequently focus on such cyber-enabled financial crimes to the point that they give too little thought...
My article "Growing cyber-kinetic threats to railway systems" was published on CSO Online. Cybersecuring railway systems from potential attackers must become paramount in the digitization that those systems currently undergo. Their cybersecurity is too closely interlinked with the railway safety to leave the door open to disruption. To make matters worse, they are increasingly being targeted.
While Stuxnet is gone, the world now knows what can be accomplished through cyber-kinetic attacks.
As we approach the 10th anniversary of when Stuxnet was (likely) deployed, it is worthwhile to examine the effect it still has on our world. As the world’s first-ever cyberweapon, it opened Pandora’s box. It was the first true cyber-kinetic weapon – and it changed military history and is changing world history, as well. Its impact on the future cannot be overstated.
Stuxnet’s beginnings
Stuxnet is believed to have been conceived jointly by the U.S. and Israel in 2005 or 2006 to cripple Iran’s nuclear weapon development...
In their growing efforts to increase efficiencies through digitization and automation, railways are becoming increasingly vulnerable to cyber-kinetic attacks as they move away from strictly mechanical systems and bespoke standalone systems to digital, open-platform, standardized equipment built using Commercial Off the Shelf (COTS) components.
In addition, the increasing use of networked control and automation systems enable remote access of public and private networks. Finally, the large geographical spread of railway systems, involving multiple providers and even multiple countries, and the vast number of people involved in operating and maintaining those widespread systems offer attackers an almost unlimited number of attack...