Opinion | The changing dynamics of telecom security4 min read . Updated: 14 Jan 2021, 05:01 PM IST
- The main concerns that one should consider are decentralized security, more bandwidth strain on current security monitoring, building security by design into the manufacturing of IoT devices, need for suitable encryption at each stage of digital transactions
With increasing transformations in information technology, telecommunication, digital transformation of the economy itself, the risk that users across industry verticals are getting exposed to is rising on a daily basis. Defaming people on the internet, third party cookies, fraudulent activities, leakage of personal data, financial and bank details etc are just a few examples on expanding threats and illegal activities that take place on the internet. With 5G, IoT, AR etc. the potential threats increase ten fold.
The main concerns that one should consider are decentralized security, more bandwidth strain on current security monitoring, building security by design into the manufacturing of IoT devices, need for suitable encryption at each stage of digital transactions etc. 5G’s dynamic software-based systems have far more traffic routing points. To be adequately secure, suitable controls are to be embedded to enable security monitoring. Since this might prove difficult, any unsecured areas might compromise other parts of network. Speed and volume will challenge security teams to create new methods for stopping threats. Details such as operating system and device type (smartphone, vehicle modem, etc.) can help hackers plan their attacks with more precision.
Virtual and Augmented Reality are technologies that are going to aid the growth of all verticals. For example, let’s say the education sector, health or the automobile sector. Imagine blueprints of a component of a car being sent to India from Germany on a real time basis and using technologies such as 3D printers can be used to manufacture the car to make it readily available in the showroom in no time. Or imagine a class room of medical students where their professors are teaching them the practice of surgeries etc. Thereby, it is very essential to have good security practices to enable building trust in the usage of such technologies for public good.
Our data that lies in some corner of AR/VR companies can be accessed and viewed not only by these companies but by malicious actors too in case suitable security arrangements are not embedded. Malicious players use our behavioural data to impersonate us and try to interact with our family members or carry out illicit activity. A Distributed Denial-of-Service (DDoS) attack has the potential to overwhelm the network with irrelevant data, thereby disrupting the user’s VR experiences. Besides, the attack can manipulate content to the extent that users can start feeling physically sick.
Nonetheless, there are several practices that are best suited to tackle the crisis posed. Configure all AR/VR application tools for regular security analysis and audits. Ask permissions from users before collecting their data. Deploy security monitoring methods across every device and even the interconnection points. Use appropriate authentication methods when communication takes place between AR/VR devices. To protect networks against the pervasive cybersecurity threats in the telecom industry, one will need to take proactive security measures. Keeping this in mind the industry has been timely working in the 3GPP standardisation body with a sub group Security Assurance - SA3 which is building security by design in the 5G standards. Going forward, telcos are facing challenges like privacy concerns, supply chain issues, traffic integrity, global title leasing etc. in implementing better signalling controls.
IoT devices can be very easily used to initiate spam calls to harass people over voice call or video calls. These can also be used in orchestrating an attack against a critical infrastructure via the entry point within a corporate network. Threats to IoT systems and devices translate to bigger security risks because of certain characteristics that the technology possesses. These characteristics include:
-Gathering of abundant data
-Connection of virtual and physical environments
-Creation of complex environments
-Centralization of architecture.
For further clarity one should keep in mind the surface areas that are exposed to malicious activities as far as IoT is concerned such as devices, communication channels, applications and software. Such devices can be the primary means by which attacks are initiated. Parts of a device where vulnerabilities can come from are its memory, firmware, physical interface, web interface, and network services. Protocols used in IoT systems can have security issues that can affect the entire systems. Vulnerabilities in web applications and related software for IoT devices can lead to compromised systems. Web applications can, for example, be exploited to steal user credentials or push malicious firmware updates.
Keeping in mind the scope of potential risk that masses will be exposing themselves to, it is only best to educate oneself about IoT and AI Cybersecurity best practices. These include:
-Network operators should use UICC based mechanisms for the secure identification of IoT devices. You can also provide single sign-on services for devices but mind the security trade-offs.
-Enable secure authentication for all devices, networks and service platforms associated with an IoT Service.
-Offer data encryption services to IoT service providers to ensure high communication integrity and increase network resilience.
-Deploy private networks to support various IoT networks. These can be developed using Layer Two Tunnelling Protocol (L2TP) and secured with Internet Protocol Security (IPsec).
On the whole, digital literacy and security consciousness across all segments of the population need to be enhanced rapidly to build trust in the use of services based on digital technologies to effectively move forward as an economy.
(The author is director general of Cellular Operators Association of India or COAI. Views are personal and do not reflect Mint's.)