Intelligence Brief: Who cares about our data privacy?

As more of our everyday life takes place on the internet we inevitably share more of our personal data with online businesses, something which could be resulting in growing apprehension over the privacy of our data.

A recent survey by GSMA Intelligence found 70 per cent of consumers are concerned about the privacy of their data and 48 per cent say their concerns are growing. Worries relate specifically to identity theft (59 per cent cited it as their biggest anxiety) with 45 per cent most troubled about financial impacts.

And yet, even after suffering a security breach, the same survey shows nearly half of consumers are failing to take the most basic precaution of changing a password, 72 per cent are failing to add a second layer of security, and 69 per cent are failing to change their privacy settings.

People appear to be doing very little about their privacy concerns, so what is the reason for this inertia? Do we really care about what happens to our data?

The answer depends on a number of dynamics. Whether consumers are aware of the risks. Whether they consider themselves responsible for their data. And whether they have access to tools and settings for easily managing it:

Privacy risks: It seems a large majority (70 per cent) are aware of the risks of sharing data, at least when asked in a survey, but those risks may not be top of mind when people are desperate to get their hands on compelling digital content or services. In that moment they may not think about the risks, especially when only 22 per cent have experienced a security incident in the past two years.
Responsibility: It is also perfectly valid to care about data privacy but do nothing about it because it’s considered someone else’s responsibility. Here, opinion is divided: 20 per cent consider the online business which handles the data to be responsible, while only 18 per cent consider themselves responsible for securing their data.
Tools and settings: Of course, if consumers do care about their data privacy they need easy access to privacy settings and tools enabling them to manage it. However, in the UK alone, there are more than 600,000 businesses registered to process personal data and, on average it is estimated consumers have as many as 200 online login accounts each. Effectively managing privacy settings and permissions for many hundreds of websites and apps becomes an overwhelming task, unfeasible without tools to automate and centralise the process.

The answer, then, isn’t that people don’t care about privacy but rather that consumers don’t seem to care enough at key touch points when they consciously share their data.

For instance, most Europeans are already blithely clicking through websites’ ubiquitous cookie consent notices, 57 per cent of which, a recent study by the University of Michigan and Ruhr University showed, use design to bias the agree button to accept privacy-unfriendly defaults.

Consumers, doubtless, should care more, especially as the threat to data privacy will get worse with growing deployments of AI and machine learning. A common approach with AI and big data deployments, after all, is to vacuum up more data than is required for a particular purpose, often within opaque black-box algorithms. This goes against several clauses in the EU’s General Data Protection Regulation (GDPR), not least the seven principles of Article 5 which include purpose limitation, data minimisation and storage limitation. So regulations exist for AI, but policing it is a big problem for central authorities and without integrating consumers’ permissions into algorithms by design, privacy controls become out of reach for authorities and the consumer, whether they care or not.

If we also consider poor digital literacy in certain demographics and regions, and the power of compelling content to override privacy concerns, a consumer’s mind-set of careless resignation is only set to continue.

Consumers’ inability to match active care with their vociferous privacy concerns is a problem which will only get worse as we connect 1.2 billion more consumers in the next five years to the mobile internet, many of them in developing countries where privacy awareness, responsibility and access to management tools can be even lower. Alternatively, we could see a new generation embrace digital wellbeing (described by Google as a better balance with technology) and demonstrate an appetite to actively care about privacy, protecting their identity from theft, protecting their net wealth from exploitation, and guarding their knowledge against fakery.

Driving this awareness, however, will be the responsibility of the entire industry: all signs suggest consumers won’t simply get more interested in their privacy on their own.

– Mark Little – senior manager, Consultancy, GSMA Intelligence

The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.

Intelligence Brief: Why are we still talking about small cells?

While MWC20 Barcelona was cancelled, the planned product launches and innovation showcases were never going to simply disappear, which is why my GSMA Intelligence team has been releasing a set of market updates.

We’re calling the series Unwrapped because there’s nothing to actually wrap-up. Clever, eh?

The process behind these analyses is straightforward. Announcements from operators, suppliers and everyone across the ecosystem are closely tracked (starting from the beginning of February to the beginning of March). Themes and messages are then identified within the context of broad market segments like smartphones, enterprise and IoT, and network transformation. With that last one, we settled on three key messages: the continuing move towards OpenRAN (if not virtual RAN); edge networking business versus technology innovation; and network operations model innovation. One market segment, and the evolution within it, just failed to make the cut: small cells.

Based on operator priorities and views, leaving small cells off the list would seem to make sense: they trail all other key technologies in terms of expected RoI. Regardless, it wasn’t an easy decision to leave small cells out of the analysis, if only because the last month saw no shortage of announcements and innovations on the small cell front, including: Radio Dot additions from Ericsson; Verizon’s commitment to roll out five-times more of them in 2020 than it did in 2019; the Small Cell Forum’s automation roadmap; and Qualcomm’s commercial FSM100xx momentum.

And what do they all tell us?

Constantly evolving definitions
Back when femtocells were first introduced, the definition of a small cell was fairly clear: a self-contained, low-power, low-capacity base station. Then we added enterprise editions with higher power and capacity. Then, new architectures splitting baseband and radio for indoor deployments were introduced, some leveraging macro cell baseband assets. The result was a very fluid definition of what a small cell is circa 2020. This was evident from Qualcomm’s FSM100xx references. Originally positioned as a small cell platform, it’s now being pitched as something which supports “small cell and remote radio head infrastructure.” Of course, the fact that the Small Cell Forum now refers to “small cell networks” versus “small cells” reflects the same reality.

Scaling the business
On the topic of that Small Cell Forum automation roadmap, there’s an important message which could easily be obscured by the paper’s technical focus on optimisation and orchestration: namely that scaling small cell networks isn’t something which can be done manually. Instead, it’s a process requiring a substantial amount of automation. And because the small cell space has evolved to include consumer femtocells, enterprise small cells, distributed and virtualised architectures, the notion of automation cannot live in a vacuum, but needs to take an end-to-end view.

mmWave raises the stakes
Discussing the requirements for scaling small cell networks might seem like a waste of time without clear indications operators were actually looking to do so. This is only partly accurate. Like so many technologies, operators need to see a mature ecosystem before getting serious about planning and investment. In this case, however, it’s also clear that operators are moving forward on deployments, with Verizon tying an aggressive small cell deployment plan to its mmWave 5G expansion. The link between mmWave and small cells is fairly obvious: physics dictates coverage is generally limited. And, while US operators may be more active with mmWave deployment than those in other regions, high-band spectrum allocations (above 6GHz) are taking place around the globe. Not surprisingly, mmWave deployment is the second-highest 5G RAN investment priority per a GSMA Intelligence survey of operators around the world.

5G raises the stakes
If mmWave deployment is the number two 5G RAN investment priority for operators, you’re probably asking yourself an obvious question. What’s the top priority?

Smart question. The answer: in-building 5G coverage.

While it might seem surprising, it aligns with everything the market has been talking about in terms of 5G support for society-wide digital transformation and enterprise use cases. And it’s reflected in small cell portfolio additions (from Ericsson or its competitors), new in-building architectures and commercial momentum, and roadmaps for scaling small cells. To say that executing on 5G promises will require network densification is not controversial: it has become a well-accepted argument and is thoroughly baked into our own 5G capex forecasts. Fundamentally, however, densification involves small cells in some form.

– Peter Jarich – head of GSMA Intelligence

The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.

Intelligence Brief: Which APAC market will lead in 5G?

The APAC region will be the leading investor in 5G over the next seven years, contributing more than a third of global capex on next generation networks. Three countries, China, Japan and South Korea will lead the 5G evolution in the region, and we forecast that, together, they will invest more than $280 billion from 2019 to 2025 inclusive (see chart, below, click to enlarge). Meanwhile India will have a much lower level of 5G adoption in 2025, but will still have some 88 million connections by that time.

Each of these countries has its own vision of what 5G will look like in the years ahead, and the best strategy for 5G implementation will depend on factors specific to each market. One of the key challenges of 5G deployment is network densification, which means more money spent on RAN. Each country has a different approach to tackle this problem: Chinese operators have an advantage in that they benefit from widespread land ownership by the state, which speeds up site acquisition. South Korean operators, while being extremely competitive, are opting for site sharing. Meanwhile, in Japan, RAN sharing agreements between operators, combined with the government’s green light of hosting RAN sites in traffic signal infrastructure, should help with decreasing the cost of network densification.


China’s industrial 5G ambitions
We expect that China will quickly become the world’s largest 5G market after the technology launches there later this year. It is determined to lead the 5G industrial revolution by strongly focusing on enterprise use cases and the digital transformation of the economy. The Chinese government is focused on cementing its position as one of the world’s leading economies for decades to come by using 5G to support further automation of its manufacturing processes, which would particularly help as the cost of labour in the country continues to increase. Having obtained the first 5G licences in early June 2019 [2], operators are currently conducting trials and deploying base stations ahead of commercial launches planned from October, with China Mobile and China Unicom each targeting 40 cities, and China Telecom aiming at 46.

One crucial area where China‘s approach differs to other 5G deployment models so far is that all three of its mobile operators have announced plans to rollout 5G using standalone architecture (SA). During MWC19 Shanghai, China Telecom announced it will likely move to SA on both its core and RAN in 2020, to support ultra-low-latency applications and help keep the cost of 5G devices down. SA deployment in China presents a good opportunity for vendors to showcase the use cases not available in a non-standalone architecture (NSA), particularly as network slicing standards will be published in 2020. One example of a use case requiring network slicing is smart ports. China Unicom and Ericsson conducted trials at the port of Qingdao earlier this year, but until network slicing standards are in place, such an application cannot be launched commercially. The same applies to autonomous vehicles. China can act as a role model for vendor case studies of industrial 5G use cases, including massive IoT and ultra-reliable low-latency communication (URLLC) applications, driving the next wave of SA deployments in other regions of the world.

Strong support from the government is playing a crucial role in the scale of China’s 5G rollout. The two major challenges in SA deployment are the difficulty in obtaining sites required for densification, and creating sufficient fibre infrastructure to support the 5G RAN. One of China’s major advantages in deploying highly dense networks catering for low-latency applications is the fact that the land belongs to the government, which makes the process of site acquisition faster and easier. At the same time, the existing high level of fibre infrastructure coverage in China also will help Chinese MNOs to rollout SA at a faster pace and with lower initial transport investment than in other key 5G markets such as the USA.

South Korea – a pioneer of consumer 5G
South Korea was the first market globally to launch commercial 5G. All operators launched 5G at once [3] in April for consumers, following the unveiling of limited-coverage, enterprise-only services in December 2018. Similarly to China, in South Korea the aim was to launch 5G ahead of others to avoid repeating the same scenario as with the 4G launch, when both countries had to play catch-up.

Having used NSA to launch 5G ahead of other markets, South Korean operators are upgrading it on the go. The lack of initial coverage and devices are among the two major inhibitors to user satisfaction with the new technology, particularly as 5G tariffs come at a premium to 4G. Despite that, the Korean media reported 260,000 5G connections one month after the launch and we forecast the market total to reach 3.8 million connections by end-2019.

While the operators have chosen not to use network sharing as one of the ways to speed up the coverage expansion, site-sharing has been employed to decrease the costs of network densification.

After establishing an early lead in the consumer market, South Korea is now aiming at the industrial use of 5G as the next step in its strategy. In April the Ministry of Science and ICT announced its “5G+” strategy, stating its goal to “reach KRW180 trillion [$152.9 billion] in production, 15 per cent of the global market, $73 billion in exports [and] employment of 600,000 people by 2026”.

Japan – playing the long game
Japan is also aiming to be one of the 5G leaders in the APAC region and globally, but is taking a different approach to get to that position, with the country’s operators focused on ensuring quality of service once 5G goes live.

Our forecast of Japan’s 5G investment curve slows a shallow slope from 2019 to 2021, but a significant acceleration after that. This reflects Japanese operators’ caution around all-in 5G deployment, with lots of trials with multiple vendors taking place at the moment. There will be a soft-launch in time for the Tokyo Olympic Games in 2020, but the bulk of investment will only come once the business case is clearer. Nevertheless, the Olympic Games present a good opportunity for Japanese operators to showcase their 5G network capabilities and demonstrate use cases beyond enhanced mobile broadband (EMBB).

These operators face the same densification challenge with 5G RAN as elsewhere in the world. However, there are some steps being taken to reduce capex. For example, KDDI and SoftBank this month agreed on 5G RAN network sharing. Feasibility tests should take place in autumn, and there is also speculation about a possible 5G joint venture tower company to allow the two operators to share the costs of deploying 5G in rural areas. Meanwhile, NTT Docomo has chosen a different strategy and has invested in tower company JTOWER, therefore betting on JTOWER’s existing sites to help with 5G densification.

Another new market player, Rakuten, is yet to show its capabilities in the Japanese market, although it is already cited as an example of a lower-cost network thanks to its cloud-native core, which also means lower operational costs in the long-run. It is too early to speculate about the operator’s pricing, but given that Rakuten’s existing MVNO is focused on low-end subscribers, it is reasonable to assume it will try to grow its 5G subscriber base by offering lower tariffs than its three competitors, although still at a premium to 4G.

India – strong potential despite financial challenges
Not all markets in the APAC region will develop 5G at the same pace. We forecast that only 7 per cent of total connections in India will be on 5G by 2025. One of the major reasons for the slower 5G rollout in India is the investment and adoption pattern for 4G in previous years. The emergence of Reliance Jio in 2016 boosted competition and sped 4G rollout, but also meant the industry’s capex to revenue ratio went over 30 per cent, way over the APAC average which was less than 20 per cent.

At the same time, increased competition drove prices down and hence revenues. So while mobile internet in India has become much more affordable in the past three years, to the point where India has one of the highest average rates of data traffic per connection in the world, operators stretched themselves trying to increase 4G coverage. With ARPU per unique subscriber in India being significantly lower than the APAC average and one of the lowest globally, it will be challenging for Indian operators to fund 5G at the same scale as eventually happened with 4G.

The premium price of 5G devices in the next couple of years will also act as an inhibitor to 5G uptake. However, India is still forecast to invest $16 billion in 5G infrastructure between 2019 and 2025, at a 20 per cent average capex to revenue ratio, and with a steadier investment pace than in the top APAC markets by capex, such as China, Japan and South Korea.

As discussed in GSMA Intelligence’s report India: becoming 5G-ready [4], the steps that can help India in speeding its 5G adoption are more reasonable spectrum pricing, and supportive investment and taxation policies to improve the financial health of the mobile industry.

– Alla Shabelnikova – senior analyst, Financials – GSMA Intelligence

The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.


Intelligence Brief: How much will we pay for 5G?

In the past few months, a number of MNOs have introduced their highly anticipated mobile 5G services. Offers vary considerably across and within markets, with options for handset and router bundles as well as SIM only deals.

Launching in December 2018, South Korea was the first market to offer 5G services, first providing connectivity to a few business customers in a limited area before operators expanded services to consumers in April.

In May 2019, operators in Switzerland, the US and the UK launched their own consumer mobile 5G services.

With operators investing huge amounts in the new technology, they will need to launch their products and services at the right price.

Here we look at 5G tariffs by dividing them into two categories: unlimited and limited data plans.

With 4G, we saw operators move towards data-centric operating models. It is therefore interesting to compare unlimited 4G and 5G plans available.

Since the devices offered in bundled packages vary from market to market, we will predominantly focus on SIM only plans.

As one would expect, at least for the operators that have launched so far, unlimited 5G tariffs are more expensive than 4G.

Based on operators’ data, the average monthly 5G tariff is around $89 compared with $68 for 4G (see chart, below, click to enlarge).

[1]The difference in average cost between 5G and 4G unlimited plans varies from $5 to $72 per month. Some of the variation can be explained by the various extras offered by the operators.

Operators can prevent excessive usage by either adding fixed data caps or by throttling speeds once a certain amount of data has been consumed. KT’s 5G slim package for example reduces speed to 1Mb/s once 8GB of data has been expended in a month.

South Korea
KT has one of the widest gap in pricing with a $51 difference between unlimited 5G and 4G plans. The 5G average monthly tariff however, comes with up to a 50 per cent discount on premium family along with unlimited data roaming at up to 3Mb/s and VVIP Membership.

At the other end of the scale, LG Uplus 5G prices are only $5 higher than 4G. The extras include unlimited national calls, SMS and Mobile TV, these benefits are also available on its 4G packages.

SK Telecom (SKT), has a $9 gap: the lowest-priced 5G unlimited plan at $80 is actually cheaper than the 4G plan from this operator, but does not come with any extras beyond free calls and texts.

Verizon was the first US operator to offer 5G and its average tariff is the lowest of any of the investigated unlimited plans.

Prices are an average of $18 higher than 4G, but come with free roaming in Canada and Mexico along with Apple Music.

Switzerland was the first country with commercial 5G services in Europe: the higher cost of tariffs in this market are to be expected with it consistently coming top of the list of most expensive countries.

There is a huge $72 gap between the average cost of unlimited 5G and 4G packages with incumbent Swisscom, but users can chose to pay $198 for a 1Gb/s service, or $89 for 300Mb/s. Both include free roaming in Europe, Canada and USA, plus free Swisscom TV.

Sunrise, the second Swiss operator, simply offers 5G services for an extra $10 on top of its 4G unlimited plans, which equates to either $74 for the standard package or $105 with roaming.

In May, EE became the first operator to launch 5G in the UK. As with 4G, the operator has a policy of offering capped data packages and so unlimited data is not available.

We expect a more harmonised unlimited 5G tariffs across various countries once all the main operators have launched 5G services. This pattern will continue until challenger brands push the prices down to the level of current monthly 4G plans.

Limited data plans
These allow operators more control over the volume of data on their networks, while also enabling customers with less intensive data needs to get a flavour of 5G at a lower price point. Operators can also expect many customers, having experienced the power of high speed data, to upgrade to a larger or unlimited data package in the future.

Overall, the average cost for 1 GB data on 4G is $17 compared with $13 on 5G (see chart, below, click to enlarge). While customers will, in many cases, be able to get the same amount of data for a lower price, the faster speeds mean that more data may be consumed.

[2]South Korea
Operators offer substantial allowances on their limited plans. SKT’s allowance is 200GB per month for $63 USD, equating to a cost per GB of $0.32. Servicing the other end of the market, KT’s 5G plan provides 8GB a month for $46, averaging $5.75 per GB.

LG Uplus currently provides plans to service both ends of the market. Its high use tariff provides 150GB a month for $63 ($0.42 per GB), while lower volume users can opt for 9GB at $46 ($5.11 per GB). Both of these plans come with mobile TV and tethering.

Sunrise in Switzerland is the exception to this rule, with 5G cost per GB an average of $13 USD higher than 4G.

Verizon has not yet introduced 5G limited data plans however this is likely to change in the future as other operator launches introduce competition.

EE launched one the cheapest 5G plans in terms of cost per GB, at an average of $1.40. By selecting one of the larger packages, customers can bring the cost down to as low as $1.

Over time, 5G will become mainstream and, as with earlier generations, it will be included in standard tariffs. For the time being however, especially in the case of unlimited plans, customers should in many cases expect to pay a premium for the faster service.

Operators might also consider differentiating their 5G tariffs based not only on the amount of data in each package, but also by network performance indicators such as throughput and latency rates.

– Qmars Safikhani – senior forecast analyst, GSMA Intelligence

The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.


Intelligence Brief: Will OTT or traditional pay-TV providers win?

How many times have you heard this question? I have heard it on a recent webinar, and the presenter’s answer was that they will all win – but could not elaborate on why. It felt more like a politically correct answer, than a judgement based on analysis.

This got me thinking on the fundamentals that could help in answering this question. One way to look at it is to try to understand what makes a market attractive for OTT providers. This can be done from assessing three main elements, shown below by order of importance:
1. Availability of network infrastructure;
2. Consumer preferences;
3. Traditional pay-TV providers’ (for example satellite, cable and IPTV) propositions.

Availability of network infrastructure
Superfast broadband coverage is a must for OTT services to thrive, but the same can be said about some traditional pay-TV services such as IPTV. This infrastructure is key to deliver seamless high-definition video streaming. For example, the Australian market was for a long time dominated by Foxtel and Telstra, delivering pay-TV content via satellite and cable respectively (see the latest GSMA Intelligence Fixed, TV and Convergence [1] data for forecasts of fixed broadband, voice and pay-TV connections in Australia, as well as nine other key markets).

As the National Broadband Network (NBN, Australia’s government-owned wholesale network) expanded its superfast broadband coverage, so did the take-up of OTT providers such as Fetch, Stan and Netflix.

Consumer preferences
How big is the appetite in a market for OTT services? To understand that, we need to first segment consumers based on their preferences:

Convenience. Measures the importance given to having a single bill, user experience (UI, QoS), customer service, ease to start and cancel subscription.
Willingness to spend on pay-TV services. Value for money versus minimising absolute spend.
Desired content: choice versus limited content.

Figure 1 (below, click to enlarge) tries to illustrate the dynamic across the three variables to identify the consumer profiles for OTT and traditional pay-TV services.


OTT customers are expected to subscribe to a limited number of services. Perhaps they only need fixed broadband, and mobile voice and data, maybe from different providers. For consumers subscribing to more services (for example fixed voice, smart home, FWA), the convenience from dealing with a single provider increases. Those are expected to be more attracted to offers from traditional pay-TV providers.

In addition, the less consumers are willing to spend on content, the more likely they are to feel attracted to OTT services. On the other hand, traditional pay-TV providers are expected to offer more choice for better value-for-money, sometimes even including the OTT providers’ offer as part of their own proposition.

Traditional pay-TV providers’ proposition
The strength of pay-TV providers’ proposition will limit the success of OTT services, at least to win the race for being the primary pay-TV service at home. The first thing to acknowledge is that some consumers will simply not have the preferences that fit into traditional pay-TV providers’ strengths. Therefore, the proposition needs to primarily cater for the needs of the consumers who do. The stronger providers will have the following characteristics:

Strong bundling propositions. These should deliver value-for-money and the convenience from having a single provider for multiple services. Having bundles that reduce the incentive to have a standalone fixed broadband service can make a difference in resisting the OTT offers. For example, selling the standalone fixed broadband service at a higher price than having it bundled with the pay-TV service.
Inclusion of OTT providers in their pay-TV service. This move offers choice for consumers, but not necessarily value. The consumer would still have to pay for the OTT’s service subscription.
Their own OTT service. This is another channel that can be used to reach out to consumers who may not subscribe otherwise.
Content choice. The priority is to have customers using the platform. This will allow the provider to learn about them and develop more customised offers.

OTT providers are here to stay, as a primary or secondary pay-TV service at home. The two main reasons for that are:

Superfast broadband coverage keeps growing worldwide. The rollout of 5G FWA networks should help drive this growth.
They cater to a customer segment that values their proposition more than the one from traditional pay-TV providers.

Traditional pay-TV providers lost part of the pay-TV market to OTT providers but are also not disappearing. They cater for the needs of a different consumer profile.

It seems like the politically correct answer I got from that webinar is aligned with this conclusion.

– Nuno Afonso – lead analyst, Multiplay – GSMA Intelligence

The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.


Intelligence Brief: Is it time to amend 5G security talk?

I moderated the final panel of GSMA’s Mobile 360 Security for 5G event last week on a topic with potentially high controversy value: Certification and securing the 5G supply chain.

It was the starting point for four security veterans to debate the pros and cons of certification and, of course, touching on implications for the 5G supply chain given the current US-China political climate.

That this panel session also allowed anonymous questions to be asked only added to a sense of danger that the topic could be hijacked by geopolitical discussions.

What came out of the panel was more constructive than I had anticipated. Our head of GSMA Intelligence, Peter Jarich, summarised the key messages from the event’s first day via last week’s blog [1] on why security needs to be top of mind for 5G. However, our panel, on top of highlighting the specific risks arising from a 5G supply chain and discussing certification, offered three additional takeaways for individuals, the telecoms industry and the wider 5G ecosystem regarding the provision of the security assurance necessary for a resilient 5G supply chain.

Certification should lead to building a company’s cyber-resilience
The GSMA’s Network Equipment Security Assurance Scheme (NESAS) is an existing voluntary framework jointly defined with the 3GPP to provide a security baseline which demonstrates network equipment satisfies security requirements in vendor development and product lifecycle processes.

In March, the European Commission announced the EU Cybersecurity Act, which will include a European-wide cybersecurity certification framework related to 5G.

These schemes provide the necessary security assurances from network equipment manufacturers to operators, but also the visibility of the security status of network equipment to the other up- and downstream suppliers. These are only two examples of certification designed to provide an industry-accepted guidance for operators and equipment manufacturers to gain awareness of the security risks that may reside in their 5G systems as they deploy the networks.

With these schemes focused on certifying network components in a way that is achievable by the ecosystem, the scope and intent of certification may therefore be limited and give the wrong impression. The panel warned about the real possibility that individuals and companies would perceive certification as a tick-the-box exercise. Instead, they suggest certification should be framed to influence the behaviours of individuals and companies that entrench and practice “good” security habits. These desired outcomes exceed the scope of NESAS or the EU Cybersecurity Act certification framework, going beyond technology to include assurances on the company’s security operations and business culture.

What is needed is to reframe the security question: our industry should consider a metric that indicates a company’s cyber-resilience in a 5G era. While it is difficult to define something enabling like-for-like comparison, some kind of measure is essential, if only to be able to contribute to the telecoms sector and the wider 5G ecosystem security awareness.

I will be keen to explore how a 5G trust model might facilitate building a more resilient 5G network: watch this space.

Experiment, learn, iterate; then collaborate, cooperate and cultivate
A clear message from the event was that specific 5G security and service requirements are currently unknown to both enterprises and the ecosystem of operators, network equipment manufacturers and software vendors. In the UK, the Department of Culture, Media and Sport (DCMS) runs 5G testbeds and pilots to help discover use cases including enterprise needs and security requirements. Such experiments are also being conducted by various cross-industry organisations, including efforts from GSMA. The panel called for wider dissemination of learning points across the 5G ecosystem, to build the wealth of security research for 5G network systems.

An area of experimentation currently not yet explored in great detail is the possibility of security testing for failure. Our panel offered the example of the Chaos Monkey tool, an engineering concept of deliberately testing for network resilience by randomly disabling computers. Such an idea may be contrary to traditional telecoms principles, but the learning points at this initial 5G experimentation stage could enhance the scope of available security research of 5G systems.

Change the incentives
In the run-up to this event, I filled in for Peter on GSMAi’s weekly Data Point covering revenue for IoT security. Our IoT data estimates the share of security revenue to total revenue would grow from 1 per cent in 2018 to only 3 per cent by 2025, to reach $28 billion. For a comparison, IoT connectivity revenue is expected to make 5 per cent by 2025.

The 3 per cent understates the actual importance of IoT security, but also reflects the challenges in building the RoI case for investing in security.

Though 5G is more than IoT, the incentives equation remains the same. What is the best way for companies to build their business case to request additional funding to address 5G security issues?

As operators and the broader 5G ecosystem consider what enterprise will require as 5G security services, another alternative to the incentive challenge is to consider offering bug bounties. The panel suggested operators and network equipment manufacturers could encourage white hat hackers to conduct security research on 5G networks, an activity with much higher entry barriers than traditional enterprise IT security research. The learnings will form the knowledge base on which the broader 5G ecosystem of operators, equipment vendors, software providers, cloud services and vertical industry companies can build their awareness and visibility of security risks.

By the end of the event, I sensed the conversation around security for 5G is only just beginning. Being at this early start of the journey means we are still able to experiment and refine our efforts to build cyber-resilience in our 5G systems and the kind of services we as individuals and companies would consume.

I have received compliments for a candid and wide-ranging panel discussion, but all the good work comes from the panellists who conducted a rather lively exchange of views on this topic. See for yourself here [2].

– Yiru Zhong – lead analyst, IoT and Enterprise, GSMA Intelligence

The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.


Intelligence Brief: Should we worry about 5G security?

As I’ve highlighted a few times on my Data Point videos, I spent some time this week at the GSMA’s Mobile360 Security for 5G event in The Hague.

What did I do there? Ate some stroopwafels. Moderated the first two sets of keynotes. Did a taste test of different types of stoopwafels. Moderated a panel of security experts. Bought some stroopwafels to take home. I mean, the security stuff is super-important, sure. But…priorities, right?

In addition to weighing down my carry-on bag with delicious Dutch desserts, I did manage to pick up a few insights into the conference topic. If only thanks to osmosis, the caliber of the speakers and the frankness of the discussions, it would have been hard not to. And, all joking aside, anyone interested in 5G, either rolling out networks or services, needs to be concerned with how we’ll secure it. While not necessarily exhaustive, here’s what I’m now paying more attention to.

5G imperative. I kicked off the keynote panel with a simple question: “Why has 5G brought the question of security to the fore?” What’s different about 5G versus 4G or 3G that makes security so much more important? The panelists’ answers centered on the attention 5G is getting from operators and regulators and consumers. The real answer, however, is implicit in that attention: it implies a massive amount of connected devices (potentially unsecure endpoints) as well as the critical digital systems expected to run on 5G.

To worry or not. If we expect lots of critical systems to run on 5G (from connected cars to connected industries) then we need to be really worried about the security of 5G networks, right? Doomsday scenarios of power grid shutdowns and cars getting hijacked, are more than just abstract concepts, they’re real world possibilities that should be keeping us all up at night. Maybe. While these might all be connected by 5G, it’s silly to believe that the only security applied to them will be in the 5G network. The services running over the 5G networks will need to be secured as well. We hear a lot about multi-layer security architectures. If we believe that they are indeed necessary, then we can’t pin all 5G security responsibilities on the 5G network alone.

Dangerous cost cutting (aka, security RoI). I’m cheap. Just ask my boss, my team, or my wife. So, when I went shopping for a home security camera on Amazon, I opted for the low-cost option, then wondered about how secure it would be and if I could trust its cloud services. The same applies to network security. Policies, products, and architectures optimised for costs may come with security risks. Or, rather, security policies, products and architectures optimised for costs may be ineffective, incurring their own costs. Ultimately, the issue is one of RoI, recognising that security outlays need to be seen as investments that deliver returns in terms of network protection, service integrity, and customer satisfaction.

SOS (Same Old Skills gap). The concept of a “skills gap” among operators is not new. Years ago when I did some work on barriers to implementing virtualisation, a lack of internal skills was cited as critical. Fast forward and the same thing exists for security skills, forcing operators to rely on the skills of their vendor partners.

Skills gap, meet innovation gap. Where a skills gap forces operators to rely on their vendors, we are forced to acknowledge a long-term evolution in the vendor landscape. Where there was once a large set of major mobile network vendors, the market is now largely concentrated amongst three main ones, especially in the RAN. Why is this a problem? Put aside theoretical arguments around the impact on pricing and incentives to innovate. If operators have a smaller set of vendors to choose from, then they have little option but to live with the decisions those vendors make around security (or how well they secure their own solutions).

Deadly rotten eggs. Apparently, connected egg trays are a real thing. If you live in a civilised country where eggs are stored in the fridge, you might now worry about how long your eggs have been around. If you keep your eggs in the pantry like a Neanderthal, however, then a tray that lets you know how long they’ve been around might make sense (note to self: Connected Neanderthal would be a great band name). But where the issue of 5G Security often revolves around critical infrastructure or connected industries, securing the lowly connected egg tray might seem unnecessary. I’d thought we’d got past that thinking, recognising that anything connected to the network becomes part of a potential attack surface. Regardless, potential threat examples ranging from light bulbs to aquarium heaters, to egg trays all got invoked as a reminder.

Moving beyond generalities. If we need 5G security to be a topic that everyone pays attention to (everyone owns in some way), then we need a broad set of stakeholders at conferences, learning about it. Simple enough. But that means the way we talk about it (technical versus strategic) will need to accommodate them all. That’s problematic, because talking about security in terms of broad trends and generalities won’t result in real, on the ground, solutions to real problems. Does that mean we exclude the less technical folks (like myself) from these conversations? No. It means we need to all get smarter and become conversant in security the way we are for RAN or device specs.

AI imperative. Another “imperative,” I know. But just as much as 5G has increased the profile of network security, network security has elevated the profile of AI. IBM highlighted this when noting the sheer volume of security notices, updates and research produced on a daily basis (around 7,000 pages). The takeaway: we need good AI tools to help us identify what matters and to help find the data we need when we need it. Beyond discovery, though, there’s a role for AI in helping us adapt to evolving threat tactics and strategies.

5G for good. In presenting the value that 5G and mobile networks can bring (and the importance of getting them right), the GSMA’s Director General Mats Granryd pointed to the promise of enhanced connectivity combined with AI and Big Data to do things like mitigate or halt tuberculosis outbreaks. It’s an important reminder, and not just because he’s my bosses’ boss. But, it also highlights an important knock-on requirement.

Trust, trust, trust. Security is different from privacy. They are two different sets of issues with different requirements and associated risks. But if 5G will be connecting us all and leveraging data to do great things, then users need to have trust in the privacy of their data, or at least trust in the way that their data is being used. Again, these issues are different from security, and they may be more difficult to tackle, requiring consumers to pay attention. But, if we want to execute on the 5G promise, they may be the most important issues.

– Peter Jarich – head of GSMA Intelligence

The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.

Intelligence Brief: Will India get 5G in 2020?

Four million new jobs. $100 billion new investments in the telecom industry by 2022. Boosting the sector’s contribution to 8 per cent of GDP from 6 per cent in 2022. Seems like an excerpt from an election manifesto, right?

It’s not. This is the latest telecom policy of India: The National Digital Communications Policy (NDCP) 2018. With three strong pillars (Connect, Propel, and Secure India), the NDCP seeks to fulfil the Prime Minister’s vision of a truly Digital India.

Headed towards this vision, the country reached some major milestones on the way and is now standing on the edge of next digital wave. India today consumes nearly 1.5 billion GB of data per month and was ranked second in the world in terms of app downloads in 2018 by App Annie. What’s more, digital transactions on the Unified Payment Interface (UPI, an instant payment system developed by the National Payments Corporation of India) increased by more than 110-times over the last two years to 780 million monthly transactions in April 2019, on a base of more than 500 million data users.

Undoubtedly, the world’s most affordable data rate of INR18.50 ($0.26) per GB was one of the main contributors to this digital uptake.

Trying to capitalise on changing internet consumption habits, operators are also gearing up for what is expected to be the next big contributor in the digital future of India: the launch of 5G services.

With the twin promise of high throughput and low latency, 5G is expected to help India with digitalisation in sectors including manufacturing, healthcare and education to become a truly digital economy.

And yet, as much as it hopes to join world leaders by launching 5G in 2020, it cannot be denied that India lagged in introducing previous generations of technologies and the transition to 4G only picked up speed after Reliance Jio’s arrival [1]. So, the key question is whether or not India is really prepared on a 360-degree basis to make the big jump in 2020?

To answer this overarching question, let’s first try to answer the basic questions that are critical to the launch of 5G.

Is the country’s infrastructure ready?
A lack of required infrastructure appears to be one of the major challenges for 5G rollout in India. Fibre backhaul, in particular, is expected to be one of the key enablers for 5G in India. But regulatory body TRAI states merely 22 per cent of towers in India are connected to fibre, unlike China where as much as 80 per cent of the towers are connected to fibre. Strategies like the Fibre First Initiative laid out in the NDCP 2018 require at least 60 per cent of the telecom towers to be connected by 2022, however industry experts believe there’s a need for 100 per cent, something which will be tough to achieve.

Another major infrastructure challenge is the current network of base stations and small cells. According to some experts, the current BTS capacity will require tenfold expansion (with the help of small cells) for a successful 5G rollout. Complicating this is the difficulty in getting right of way (RoW) permissions in the country. The lack of collaboration between the concerned authorities results in costs as high as $85,000 to $140,000 per km, including operations and maintenance.

The government is cognisant of the importance of fibre connectivity and the challenge that lies ahead in RoW permissions. To address this, it has provided a framework in the NDCP for seamless fibre deployments: “To accord the status of public utility to Optical fibre cable, promote collaboration models between state, centre and local authorities, and a requirement for mandatory telecom installation and cabling in national building code by 2022.”

This framework will help lower costs and tackle RoW challenges, which in turn is expected to encourage operators and infrastructure companies to increase the fibre footprint in the country. However, the key here is the successful implementation of proposed measures, which is a time consuming process and is unlikely to happen in 2019, or support a 5G rollout in 2020.

Have operators gained access to the required spectrum?
The need of the hour is harmonised spectrum at affordable rates in the 3,300MHz to 3,600MHz and mmWave bands. The regulatory body has already submitted its recommendations to the government on spectrum pricing, but the operators are not unanimously agreed on auction timing.

Some demand that spectrum should be auctioned quickly, while others want to wait given the debt-laden state of the industry and their stressed P&Ls. The government is yet to allocate spectrum for trials as well. Clearly, the uncertainty in the air is a big question mark as to when the airwaves should be auctioned for 5G, and whether or not operators would be able to purchase the spectrum at the recommended pricing.

Have sufficient real-life trials been conducted to make the commercial move in 2020?
Countries like South Korea [2] and the US [3], the front-runners in 5G, were extensively conducting live trials in 2018 before commercial  launches in 2019. Following suit, operators in countries including Australia, France, Italy, Spain, Saudi Arabia and UK, which are now planning their 5G launches later in 2019 or 2020, are already conducting live trials.

And in India? To date, only Bharti Airtel and Reliance Jio have conducted field trials. The limited trials can be partly attributed to the fact that spectrum for 5G trials has not been allocated and, partly, to limited clarity around applicable use cases. Regardless, without a base of trials, launching services will be difficult.

Is the industry aware of where and how 5G would be used in India?
Time and again Industry experts have mentioned that the use cases foreseen or tested globally might, or might not, be applicable to India and the country would have to come up with its own use cases. On one hand, the industry acknowledges the value of features like low latency and high capacity in sectors like manufacturing, healthcare and education. On the other hand, the exact use cases in these sectors are still unknown. The only use case that the industry is sure of is high-speed broadband to homes (fixed wireless): a recent survey by ET Telecom revealed 85 per cent of participants cited this as the most relevant use case for India.

Are operators prepared to invest in 5G in the current scenario?
[4]Already sweating profusely under the rising pile of INR8 trillion debt, the Indian telecom sector is apprehensive about investing too much on 5G too soon. India is a price-sensitive market and the price wars triggered by Reliance Jio’s entry led to declining ARPUs in the last three years (see chart, above, click to enlarge), impacting their cash reserves. Declining ARPUs along with an increasing capex-to-revenue ratio makes 5G investment decisions more difficult.

What does this all mean?
Irrespective of the operator, the required infrastructure and access to adequate spectrum are essentials for a 5G launch. As these get established, operators can be proactive in conducting trials, investing in network upgrades and exploring use cases.

Reliance Jio believes it is ready for commercial 5G launch in six months of spectrum allocation. The company already has an all IP-based network and a 5G-ready LTE network. Moreover, it is laying out the fibre optic network on a scale for its fixed broadband services, which is expected to help it to launch seamless 5G services.

Airtel, likewise, has revealed plans to launch 5G building on massive MIMO field trials. And, every major operator in the market has begun collaborating with vendors on potential rollout and technology evolution plans.

Although, it is tough to place bets on who will lead the 5G launch in the market, there is a likelihood of 5G becoming reality in 2020 if the spectrum is auctioned in a timely manner. Whether or not it will become a mass reality is a million dollar question, awaited to be answered in 2020.

– Radhika Gupta – head of data acquisition, strategy, GSMA Intelligence

The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.


Intelligence Brief: Are homes the next battle-ground?

Cable operators were among the first in the telecom space to start to take the home experience seriously, but there have been a range of announcements from other telecom operators over recent months indicating the industry as a whole is now focusing on the issue.

At a recent cable conference in London, the panel which provoked one of the most interesting discussions between participants was one focused on the in-home experience and whether this was explicitly part of the service provider’s responsibility.

Attitudes ranged from “no, it stops at the door” to “of course it is”. A couple of cable operators from the latter camp were also keen to highlight newly-launched commercial solutions targeting issues including blackspots and seamlessly connecting new devices to home networks.

Home experience a growing focus
While cable operators were among the first to start to take the home experience seriously, there have been a range of announcements of similar services from other telecom operators over recent months. Examples in Europe include:
– Bouygues announced it will deploy a managed home Wi-Fi solution to its broadband customers in France, using the AirTies Smart Wi-Fi software and Mesh extenders;
– BT chose a white-label mesh Wi-Fi solution as the basis for its Whole Home Wi-Fi solution, with an app that advises on device placement and Wi-Fi discs that self-configure;
– Virgin Media has offered a similar service, with a new app which monitors Wi-Fi signal strength in the home. Customers can order a Wi-Fi booster when blackspots are identified, a feature that is free to higher-tier customers.

Having tried the Virgin app myself I can testify that it works, and I received a power line adapter set soon after using it to identify blackspots in my home. While this adapter feels a less future-ready and slightly clunkier choice than the mesh Wi-Fi solutions favoured by others, it certainly works and offers a more reliable connection than my previous Wi-Fi booster.

Interestingly the services from BT and Virgin offer a range of additional features, including the ability to proactively manage the whole network including temporarily pausing internet access or blocking access for specific devices.

From a strategic perspective, the move to offer managed Wi-Fi services has two benefits, namely generating incremental revenues and reducing costs.

Typically operators are positioning these managed Wi-Fi services as either a premium service for an additional cost, or including them for free in higher-end packages. As well as a new source of revenue, these services can be an important a tool for churn reduction as satisfied customers are typically less likely to switch. In-home connectivity problems can be a major source of calls to customer support teams, and issues can be challenging if not impossible to solve remotely. So addressing these issues upfront can be an important cost saver at a time when operators are looking to increasingly digitise their customer service functions.

Among multiple networks and standards, don’t forget the customer
As we enter the gigabit era, with a range of access technologies promising ever higher speeds to end users (whether delivered over FTTH, cable networks, fixed wireless access, or pure mobile), it is important that, in the real world, customers get to experience something close to what they are promised by operator marketing. As noted above, operators will increasingly need to accept responsibility for the in home experience, especially if the higher speeds on offer mean higher prices for customers, rather than adopting a somewhat utility style perspective that their responsibility ends at the home gateway.

With the advent of the new Wi-Fi 6 standard alongside the launch of 5G services, consumers are facing an often bewildering array of acronyms and technologies, few of which actually make their life easier. At the same time, the growing number of connected devices in the home can further increase complexities for the non tech-savvy user. Operators which can address these issues, ensuring both full home connectivity and the seamless connection of new devices, will likely create a clear competitive advantage. As well as happier customers, newer routers and intelligent network apps can also provide improved information to operators on network performance, allowing issues to be identified and addressed remotely – again, contributing to cost reduction.

Technological advances could also help, for example with the promise of seamless roaming between mobile and Wi-Fi networks with the arrival of 5G and Wi-Fi 6. But the proliferation of new networks also highlights the need for operators to manage increasing levels of network complexity. This does raise a separate point, though: Wi-Fi and 5G will coexist for the foreseeable future, putting the onus on operators and vendors to ensure these technologies can be managed to work together for the benefit of users.

– David George – head of consulting, GSMA Intelligence

The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.

Intelligence Brief: Who needs 5G when Wi-Fi is at 6?

Let’s be honest. The Wi-Fi versus mobile data debates are old and tired.

I can remember the early iterations when Wi-Fi creeped into phones and people began asking if the 802.11 family of technologies would cannibalise 3G usage. Then, as smartphones became an integral part of our lives, we had the “revelation” that most usage was indoors, where Wi-Fi signals were more likely than cellular ones. And still, data traffic on mobile networks continued to rise, with Wi-Fi and 4G living alongside one another.

But, like my 14 year-old Icelandic Sheepdog (now somewhat blind and deaf), a well-thrown stick is all it takes to kick those debates back into action, no matter how old or tired they are. And, in 2019, that stick comes in the form of Wi-Fi 6.

If you aren’t familiar with Wi-Fi 6, the short story is pretty simple. Known from a technical perspective as 802.11ax, the follow-on to 802.11ac (now given the marketing handle of Wi-Fi 5) it uses technologies including OFDMA; Multi-user MIMO; Beamforming; new modulation options; and wake time improvements to deliver better performance. Higher throughput? Sure. But, more importantly, better user scale (support for more users/devices), and battery life and coverage improvements.

[1]Now, if you hear some of these highlights – MIMO; Beamforming; improved throughput; enhanced user capacity; boosted battery life – and think 5G, you’re not alone. These are exactly the sorts of things 5G is supposed to bring.

Thus, we return to the age-old question of whether or not Wi-Fi and mobile data are friends or enemies, and whether or not one can replace the other. Or, in a view of the world taken from the film Highlander, will these long-lived technologies battle until only one remains? There can be only one, right? And 6 is better than 5.

A kind of magic?
Let’s put aside the question of mobility support (where cellular technologies excel) and the indoor-versus-outdoor dynamic. Let’s put aside 5G’s focus on edge computing and network slicing: after all, those should be possible with Wi-Fi. Where mobile networks have always had an upper hand is on the authentication and on-boarding front. Pop a SIM into your phone and it works. Get into a moving bus or car and it works. Roam from one country to another and it works. There’s no need for splash pages, logins or fears of security breaches due to dodgy public hotspots.

In launching its Wi-Fi 6 portfolio this week, then, it was great to see Cisco introduce its OpenRoaming initiative. The concept leverages Hotspot 2.0 technologies alongside a “federation” of Wi-Fi access providers (retailers, venues, hotels, et cetera) and identity providers (operators, device vendors and cloud providers) to deliver seamless connectivity onto Wi-Fi networks, and across Wi-Fi and mobile data networks.

As Cisco’s SVP of product management for Enterprise Networking Sachin Gupta put it during a virtual launch event held for customers, “imagine a world where you can walk in anywhere and you’re on the network.” In retort, Cisco’s Enterprise Networking GM Scott Harrell summed up how most of us feel: “I’m looking forward to that world. That will be awesome.”

He’s correct, it would be awesome. More importantly, if Wi-Fi 6 can deliver on all of its performance promises and if the average user can expect seamless Wi-Fi 6 connectivity, then it really would be a viable alternative to 4G or 5G, at least for many indoor and campus environments.

Done deal. Call the debate over?

Waiting for the hammer to fall
Well, there’s a lot of “ifs” above. That said, I don’t doubt any of the technical claims (no more than I doubt the technical promises of 5G). Where things often break down in bringing new ecosystems to life is the commercial front. Even where the technologies are fully in place, the business cases and organisational will necessary to move forward are often the major impediment.

Consider a few directional indicators:
– Hotspot 2.0 (an OpenRoaming enabler) has been around for a while. And yet, the mass deployments once hoped for haven’t arrived.
– In highlighting how the OpenRoaming Federation will be comprised of identity providers and Wi-Fi access providers, Cisco failed to do one thing: name any of them.
– Detailed in Cisco’s OpenRoaming launch materials, the “find out more” link doesn’t actually lead anywhere beyond a “stay connected to know more” page, which doesn’t paint the picture of anything more than a good idea in the works. While this might sound like a minor nit, it is all indicative of something that is either not fully baked, somewhat rushed or lacking in support.

With that, we have a conclusion to the debate. Or rather, a sign that there is no debate. Nothing has changed from the first, second or last time we all asked whether Wi-Fi was going to kill mobile data…or vice-versa.

With Wi-Fi 6, Wi-Fi will be significantly better. With 5G, mobile data will be better. We will still live with both. They will live together. No debate.

And, hopefully, my dog is around long enough to see the next stick get thrown about.

– Peter Jarich – head of GSMA Intelligence

The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.