Intelligence Brief: Should we worry about 5G security?

As I’ve highlighted a few times on my Data Point videos, I spent some time this week at the GSMA’s Mobile360 Security for 5G event in The Hague.

What did I do there? Ate some stroopwafels. Moderated the first two sets of keynotes. Did a taste test of different types of stoopwafels. Moderated a panel of security experts. Bought some stroopwafels to take home. I mean, the security stuff is super-important, sure. But…priorities, right?

In addition to weighing down my carry-on bag with delicious Dutch desserts, I did manage to pick up a few insights into the conference topic. If only thanks to osmosis, the caliber of the speakers and the frankness of the discussions, it would have been hard not to. And, all joking aside, anyone interested in 5G, either rolling out networks or services, needs to be concerned with how we’ll secure it. While not necessarily exhaustive, here’s what I’m now paying more attention to.

5G imperative. I kicked off the keynote panel with a simple question: “Why has 5G brought the question of security to the fore?” What’s different about 5G versus 4G or 3G that makes security so much more important? The panelists’ answers centered on the attention 5G is getting from operators and regulators and consumers. The real answer, however, is implicit in that attention: it implies a massive amount of connected devices (potentially unsecure endpoints) as well as the critical digital systems expected to run on 5G.

To worry or not. If we expect lots of critical systems to run on 5G (from connected cars to connected industries) then we need to be really worried about the security of 5G networks, right? Doomsday scenarios of power grid shutdowns and cars getting hijacked, are more than just abstract concepts, they’re real world possibilities that should be keeping us all up at night. Maybe. While these might all be connected by 5G, it’s silly to believe that the only security applied to them will be in the 5G network. The services running over the 5G networks will need to be secured as well. We hear a lot about multi-layer security architectures. If we believe that they are indeed necessary, then we can’t pin all 5G security responsibilities on the 5G network alone.

Dangerous cost cutting (aka, security RoI). I’m cheap. Just ask my boss, my team, or my wife. So, when I went shopping for a home security camera on Amazon, I opted for the low-cost option, then wondered about how secure it would be and if I could trust its cloud services. The same applies to network security. Policies, products, and architectures optimised for costs may come with security risks. Or, rather, security policies, products and architectures optimised for costs may be ineffective, incurring their own costs. Ultimately, the issue is one of RoI, recognising that security outlays need to be seen as investments that deliver returns in terms of network protection, service integrity, and customer satisfaction.

SOS (Same Old Skills gap). The concept of a “skills gap” among operators is not new. Years ago when I did some work on barriers to implementing virtualisation, a lack of internal skills was cited as critical. Fast forward and the same thing exists for security skills, forcing operators to rely on the skills of their vendor partners.

Skills gap, meet innovation gap. Where a skills gap forces operators to rely on their vendors, we are forced to acknowledge a long-term evolution in the vendor landscape. Where there was once a large set of major mobile network vendors, the market is now largely concentrated amongst three main ones, especially in the RAN. Why is this a problem? Put aside theoretical arguments around the impact on pricing and incentives to innovate. If operators have a smaller set of vendors to choose from, then they have little option but to live with the decisions those vendors make around security (or how well they secure their own solutions).

Deadly rotten eggs. Apparently, connected egg trays are a real thing. If you live in a civilised country where eggs are stored in the fridge, you might now worry about how long your eggs have been around. If you keep your eggs in the pantry like a Neanderthal, however, then a tray that lets you know how long they’ve been around might make sense (note to self: Connected Neanderthal would be a great band name). But where the issue of 5G Security often revolves around critical infrastructure or connected industries, securing the lowly connected egg tray might seem unnecessary. I’d thought we’d got past that thinking, recognising that anything connected to the network becomes part of a potential attack surface. Regardless, potential threat examples ranging from light bulbs to aquarium heaters, to egg trays all got invoked as a reminder.

Moving beyond generalities. If we need 5G security to be a topic that everyone pays attention to (everyone owns in some way), then we need a broad set of stakeholders at conferences, learning about it. Simple enough. But that means the way we talk about it (technical versus strategic) will need to accommodate them all. That’s problematic, because talking about security in terms of broad trends and generalities won’t result in real, on the ground, solutions to real problems. Does that mean we exclude the less technical folks (like myself) from these conversations? No. It means we need to all get smarter and become conversant in security the way we are for RAN or device specs.

AI imperative. Another “imperative,” I know. But just as much as 5G has increased the profile of network security, network security has elevated the profile of AI. IBM highlighted this when noting the sheer volume of security notices, updates and research produced on a daily basis (around 7,000 pages). The takeaway: we need good AI tools to help us identify what matters and to help find the data we need when we need it. Beyond discovery, though, there’s a role for AI in helping us adapt to evolving threat tactics and strategies.

5G for good. In presenting the value that 5G and mobile networks can bring (and the importance of getting them right), the GSMA’s Director General Mats Granryd pointed to the promise of enhanced connectivity combined with AI and Big Data to do things like mitigate or halt tuberculosis outbreaks. It’s an important reminder, and not just because he’s my bosses’ boss. But, it also highlights an important knock-on requirement.

Trust, trust, trust. Security is different from privacy. They are two different sets of issues with different requirements and associated risks. But if 5G will be connecting us all and leveraging data to do great things, then users need to have trust in the privacy of their data, or at least trust in the way that their data is being used. Again, these issues are different from security, and they may be more difficult to tackle, requiring consumers to pay attention. But, if we want to execute on the 5G promise, they may be the most important issues.

– Peter Jarich – head of GSMA Intelligence

The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.

Intelligence Brief: Are homes the next battle-ground?

Cable operators were among the first in the telecom space to start to take the home experience seriously, but there have been a range of announcements from other telecom operators over recent months indicating the industry as a whole is now focusing on the issue.

At a recent cable conference in London, the panel which provoked one of the most interesting discussions between participants was one focused on the in-home experience and whether this was explicitly part of the service provider’s responsibility.

Attitudes ranged from “no, it stops at the door” to “of course it is”. A couple of cable operators from the latter camp were also keen to highlight newly-launched commercial solutions targeting issues including blackspots and seamlessly connecting new devices to home networks.

Home experience a growing focus
While cable operators were among the first to start to take the home experience seriously, there have been a range of announcements of similar services from other telecom operators over recent months. Examples in Europe include:
– Bouygues announced it will deploy a managed home Wi-Fi solution to its broadband customers in France, using the AirTies Smart Wi-Fi software and Mesh extenders;
– BT chose a white-label mesh Wi-Fi solution as the basis for its Whole Home Wi-Fi solution, with an app that advises on device placement and Wi-Fi discs that self-configure;
– Virgin Media has offered a similar service, with a new app which monitors Wi-Fi signal strength in the home. Customers can order a Wi-Fi booster when blackspots are identified, a feature that is free to higher-tier customers.

Having tried the Virgin app myself I can testify that it works, and I received a power line adapter set soon after using it to identify blackspots in my home. While this adapter feels a less future-ready and slightly clunkier choice than the mesh Wi-Fi solutions favoured by others, it certainly works and offers a more reliable connection than my previous Wi-Fi booster.

Interestingly the services from BT and Virgin offer a range of additional features, including the ability to proactively manage the whole network including temporarily pausing internet access or blocking access for specific devices.

From a strategic perspective, the move to offer managed Wi-Fi services has two benefits, namely generating incremental revenues and reducing costs.

Typically operators are positioning these managed Wi-Fi services as either a premium service for an additional cost, or including them for free in higher-end packages. As well as a new source of revenue, these services can be an important a tool for churn reduction as satisfied customers are typically less likely to switch. In-home connectivity problems can be a major source of calls to customer support teams, and issues can be challenging if not impossible to solve remotely. So addressing these issues upfront can be an important cost saver at a time when operators are looking to increasingly digitise their customer service functions.

Among multiple networks and standards, don’t forget the customer
As we enter the gigabit era, with a range of access technologies promising ever higher speeds to end users (whether delivered over FTTH, cable networks, fixed wireless access, or pure mobile), it is important that, in the real world, customers get to experience something close to what they are promised by operator marketing. As noted above, operators will increasingly need to accept responsibility for the in home experience, especially if the higher speeds on offer mean higher prices for customers, rather than adopting a somewhat utility style perspective that their responsibility ends at the home gateway.

With the advent of the new Wi-Fi 6 standard alongside the launch of 5G services, consumers are facing an often bewildering array of acronyms and technologies, few of which actually make their life easier. At the same time, the growing number of connected devices in the home can further increase complexities for the non tech-savvy user. Operators which can address these issues, ensuring both full home connectivity and the seamless connection of new devices, will likely create a clear competitive advantage. As well as happier customers, newer routers and intelligent network apps can also provide improved information to operators on network performance, allowing issues to be identified and addressed remotely – again, contributing to cost reduction.

Technological advances could also help, for example with the promise of seamless roaming between mobile and Wi-Fi networks with the arrival of 5G and Wi-Fi 6. But the proliferation of new networks also highlights the need for operators to manage increasing levels of network complexity. This does raise a separate point, though: Wi-Fi and 5G will coexist for the foreseeable future, putting the onus on operators and vendors to ensure these technologies can be managed to work together for the benefit of users.

– David George – head of consulting, GSMA Intelligence

The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.

Intelligence Brief: Will India get 5G in 2020?

Four million new jobs. $100 billion new investments in the telecom industry by 2022. Boosting the sector’s contribution to 8 per cent of GDP from 6 per cent in 2022. Seems like an excerpt from an election manifesto, right?

It’s not. This is the latest telecom policy of India: The National Digital Communications Policy (NDCP) 2018. With three strong pillars (Connect, Propel, and Secure India), the NDCP seeks to fulfil the Prime Minister’s vision of a truly Digital India.

Headed towards this vision, the country reached some major milestones on the way and is now standing on the edge of next digital wave. India today consumes nearly 1.5 billion GB of data per month and was ranked second in the world in terms of app downloads in 2018 by App Annie. What’s more, digital transactions on the Unified Payment Interface (UPI, an instant payment system developed by the National Payments Corporation of India) increased by more than 110-times over the last two years to 780 million monthly transactions in April 2019, on a base of more than 500 million data users.

Undoubtedly, the world’s most affordable data rate of INR18.50 ($0.26) per GB was one of the main contributors to this digital uptake.

Trying to capitalise on changing internet consumption habits, operators are also gearing up for what is expected to be the next big contributor in the digital future of India: the launch of 5G services.

With the twin promise of high throughput and low latency, 5G is expected to help India with digitalisation in sectors including manufacturing, healthcare and education to become a truly digital economy.

And yet, as much as it hopes to join world leaders by launching 5G in 2020, it cannot be denied that India lagged in introducing previous generations of technologies and the transition to 4G only picked up speed after Reliance Jio’s arrival [1]. So, the key question is whether or not India is really prepared on a 360-degree basis to make the big jump in 2020?

To answer this overarching question, let’s first try to answer the basic questions that are critical to the launch of 5G.

Is the country’s infrastructure ready?
A lack of required infrastructure appears to be one of the major challenges for 5G rollout in India. Fibre backhaul, in particular, is expected to be one of the key enablers for 5G in India. But regulatory body TRAI states merely 22 per cent of towers in India are connected to fibre, unlike China where as much as 80 per cent of the towers are connected to fibre. Strategies like the Fibre First Initiative laid out in the NDCP 2018 require at least 60 per cent of the telecom towers to be connected by 2022, however industry experts believe there’s a need for 100 per cent, something which will be tough to achieve.

Another major infrastructure challenge is the current network of base stations and small cells. According to some experts, the current BTS capacity will require tenfold expansion (with the help of small cells) for a successful 5G rollout. Complicating this is the difficulty in getting right of way (RoW) permissions in the country. The lack of collaboration between the concerned authorities results in costs as high as $85,000 to $140,000 per km, including operations and maintenance.

The government is cognisant of the importance of fibre connectivity and the challenge that lies ahead in RoW permissions. To address this, it has provided a framework in the NDCP for seamless fibre deployments: “To accord the status of public utility to Optical fibre cable, promote collaboration models between state, centre and local authorities, and a requirement for mandatory telecom installation and cabling in national building code by 2022.”

This framework will help lower costs and tackle RoW challenges, which in turn is expected to encourage operators and infrastructure companies to increase the fibre footprint in the country. However, the key here is the successful implementation of proposed measures, which is a time consuming process and is unlikely to happen in 2019, or support a 5G rollout in 2020.

Have operators gained access to the required spectrum?
The need of the hour is harmonised spectrum at affordable rates in the 3,300MHz to 3,600MHz and mmWave bands. The regulatory body has already submitted its recommendations to the government on spectrum pricing, but the operators are not unanimously agreed on auction timing.

Some demand that spectrum should be auctioned quickly, while others want to wait given the debt-laden state of the industry and their stressed P&Ls. The government is yet to allocate spectrum for trials as well. Clearly, the uncertainty in the air is a big question mark as to when the airwaves should be auctioned for 5G, and whether or not operators would be able to purchase the spectrum at the recommended pricing.

Have sufficient real-life trials been conducted to make the commercial move in 2020?
Countries like South Korea [2] and the US [3], the front-runners in 5G, were extensively conducting live trials in 2018 before commercial  launches in 2019. Following suit, operators in countries including Australia, France, Italy, Spain, Saudi Arabia and UK, which are now planning their 5G launches later in 2019 or 2020, are already conducting live trials.

And in India? To date, only Bharti Airtel and Reliance Jio have conducted field trials. The limited trials can be partly attributed to the fact that spectrum for 5G trials has not been allocated and, partly, to limited clarity around applicable use cases. Regardless, without a base of trials, launching services will be difficult.

Is the industry aware of where and how 5G would be used in India?
Time and again Industry experts have mentioned that the use cases foreseen or tested globally might, or might not, be applicable to India and the country would have to come up with its own use cases. On one hand, the industry acknowledges the value of features like low latency and high capacity in sectors like manufacturing, healthcare and education. On the other hand, the exact use cases in these sectors are still unknown. The only use case that the industry is sure of is high-speed broadband to homes (fixed wireless): a recent survey by ET Telecom revealed 85 per cent of participants cited this as the most relevant use case for India.

Are operators prepared to invest in 5G in the current scenario?
[4]Already sweating profusely under the rising pile of INR8 trillion debt, the Indian telecom sector is apprehensive about investing too much on 5G too soon. India is a price-sensitive market and the price wars triggered by Reliance Jio’s entry led to declining ARPUs in the last three years (see chart, above, click to enlarge), impacting their cash reserves. Declining ARPUs along with an increasing capex-to-revenue ratio makes 5G investment decisions more difficult.

What does this all mean?
Irrespective of the operator, the required infrastructure and access to adequate spectrum are essentials for a 5G launch. As these get established, operators can be proactive in conducting trials, investing in network upgrades and exploring use cases.

Reliance Jio believes it is ready for commercial 5G launch in six months of spectrum allocation. The company already has an all IP-based network and a 5G-ready LTE network. Moreover, it is laying out the fibre optic network on a scale for its fixed broadband services, which is expected to help it to launch seamless 5G services.

Airtel, likewise, has revealed plans to launch 5G building on massive MIMO field trials. And, every major operator in the market has begun collaborating with vendors on potential rollout and technology evolution plans.

Although, it is tough to place bets on who will lead the 5G launch in the market, there is a likelihood of 5G becoming reality in 2020 if the spectrum is auctioned in a timely manner. Whether or not it will become a mass reality is a million dollar question, awaited to be answered in 2020.

– Radhika Gupta – head of data acquisition, strategy, GSMA Intelligence

The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.


Intelligence Brief: Who needs 5G when Wi-Fi is at 6?

Let’s be honest. The Wi-Fi versus mobile data debates are old and tired.

I can remember the early iterations when Wi-Fi creeped into phones and people began asking if the 802.11 family of technologies would cannibalise 3G usage. Then, as smartphones became an integral part of our lives, we had the “revelation” that most usage was indoors, where Wi-Fi signals were more likely than cellular ones. And still, data traffic on mobile networks continued to rise, with Wi-Fi and 4G living alongside one another.

But, like my 14 year-old Icelandic Sheepdog (now somewhat blind and deaf), a well-thrown stick is all it takes to kick those debates back into action, no matter how old or tired they are. And, in 2019, that stick comes in the form of Wi-Fi 6.

If you aren’t familiar with Wi-Fi 6, the short story is pretty simple. Known from a technical perspective as 802.11ax, the follow-on to 802.11ac (now given the marketing handle of Wi-Fi 5) it uses technologies including OFDMA; Multi-user MIMO; Beamforming; new modulation options; and wake time improvements to deliver better performance. Higher throughput? Sure. But, more importantly, better user scale (support for more users/devices), and battery life and coverage improvements.

[1]Now, if you hear some of these highlights – MIMO; Beamforming; improved throughput; enhanced user capacity; boosted battery life – and think 5G, you’re not alone. These are exactly the sorts of things 5G is supposed to bring.

Thus, we return to the age-old question of whether or not Wi-Fi and mobile data are friends or enemies, and whether or not one can replace the other. Or, in a view of the world taken from the film Highlander, will these long-lived technologies battle until only one remains? There can be only one, right? And 6 is better than 5.

A kind of magic?
Let’s put aside the question of mobility support (where cellular technologies excel) and the indoor-versus-outdoor dynamic. Let’s put aside 5G’s focus on edge computing and network slicing: after all, those should be possible with Wi-Fi. Where mobile networks have always had an upper hand is on the authentication and on-boarding front. Pop a SIM into your phone and it works. Get into a moving bus or car and it works. Roam from one country to another and it works. There’s no need for splash pages, logins or fears of security breaches due to dodgy public hotspots.

In launching its Wi-Fi 6 portfolio this week, then, it was great to see Cisco introduce its OpenRoaming initiative. The concept leverages Hotspot 2.0 technologies alongside a “federation” of Wi-Fi access providers (retailers, venues, hotels, et cetera) and identity providers (operators, device vendors and cloud providers) to deliver seamless connectivity onto Wi-Fi networks, and across Wi-Fi and mobile data networks.

As Cisco’s SVP of product management for Enterprise Networking Sachin Gupta put it during a virtual launch event held for customers, “imagine a world where you can walk in anywhere and you’re on the network.” In retort, Cisco’s Enterprise Networking GM Scott Harrell summed up how most of us feel: “I’m looking forward to that world. That will be awesome.”

He’s correct, it would be awesome. More importantly, if Wi-Fi 6 can deliver on all of its performance promises and if the average user can expect seamless Wi-Fi 6 connectivity, then it really would be a viable alternative to 4G or 5G, at least for many indoor and campus environments.

Done deal. Call the debate over?

Waiting for the hammer to fall
Well, there’s a lot of “ifs” above. That said, I don’t doubt any of the technical claims (no more than I doubt the technical promises of 5G). Where things often break down in bringing new ecosystems to life is the commercial front. Even where the technologies are fully in place, the business cases and organisational will necessary to move forward are often the major impediment.

Consider a few directional indicators:
– Hotspot 2.0 (an OpenRoaming enabler) has been around for a while. And yet, the mass deployments once hoped for haven’t arrived.
– In highlighting how the OpenRoaming Federation will be comprised of identity providers and Wi-Fi access providers, Cisco failed to do one thing: name any of them.
– Detailed in Cisco’s OpenRoaming launch materials, the “find out more” link doesn’t actually lead anywhere beyond a “stay connected to know more” page, which doesn’t paint the picture of anything more than a good idea in the works. While this might sound like a minor nit, it is all indicative of something that is either not fully baked, somewhat rushed or lacking in support.

With that, we have a conclusion to the debate. Or rather, a sign that there is no debate. Nothing has changed from the first, second or last time we all asked whether Wi-Fi was going to kill mobile data…or vice-versa.

With Wi-Fi 6, Wi-Fi will be significantly better. With 5G, mobile data will be better. We will still live with both. They will live together. No debate.

And, hopefully, my dog is around long enough to see the next stick get thrown about.

– Peter Jarich – head of GSMA Intelligence

The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.