Home Blog

Digital Actions, Lethal Consequences: A Cyber-Kinetic Risk Primer

Chemical Plant Cyber-Kinetic

Our physical world is becoming more connected – which makes it more dependent on the cyber world. Many physical objects around us are no longer just physical, but extend into cyberspace, being remotely monitored and controlled.

Consider the power plant or water plant that supplies your electricity and water. These systems have single-purpose computers embedded within each switch or valve. Each computer monitors system conditions and decides whether to open or close that switch or valve to keep the system running optimally.

They monitor and control systems at a level that humans would find too granular and too tedious to warrant their undivided attention. They also send a constant stream of data upward in the system to provide actionable information to more complex computers that control larger parts of the process. Because they monitor or control physical properties through logic embedded in a computation core, they are broadly described as Cyber-Physical Systems (CPS).

Or, let’s bring this closer to home. Let’s say you have a pacemaker or heart monitor or insulin pump to make up for the shortcomings of your heart or pancreas. In such a case, your body has become part of a CPS, with a mechanical device, guided by an embedded computational device, monitoring and automatically compensating for your organs’ limitations.

Here, too, the internal components are part of a larger system. They report their data to systems controlled by your doctor, who can monitor your condition remotely and adjust your devices if needed.

CPSes are increasingly prevalent in all aspects of modern life. If you drive a car with the latest safety features, they monitor traffic and apply the brakes if they detect a possible collision. CPSes control your appliances, work behind the scenes of your city’s traffic system to monitor flow and time lights to minimize gridlock, and enable entire factories of robots to build a car every minute. Shipping companies use CPSes to optimize transport routes and delivery schedules, soon to be carried out by autonomous ships. IIoT-linked wearables keep workers safe by using real-time biometric data to help avoid workplace fatigue and preempt accidents. Smart robotics, connected and self-driving transportation, autonomous drones, intelligent warehousing, connected industrial machinery, and even food delivery robots roaming our streets – the footprint of CPS (IoT, IIoT, ICS, robotics, etc.) devices and technology is rapidly growing. We are moving beyond simple automation to leverage the profound value of real-time connectivity, decision-making at the devices themselves, and increasing autonomy.

CPSes operate in virtually every aspect of your life – often without you even realizing it.

CPSes enhance your life. But, with their increased dependency on the cyber world, they carry with them multiple cyber-related risks. One category of cyber risks specific to CPSes is the risk of cyber-kinetic attacks. Cyber-kinetic attacks consist of hijacking CPSes – whether in homes, cities, factories, trains, cars or human bodies – and using them to harm people or damage the environment.

Defining Cyber-Physical Systems

One of the best definitions of the term cyber-physical systems was coined in 2006 by Dr. Helen Gill of the National Science Foundation. Dr. Gill defines CPS as:

“Physical, biological, and engineered systems whose operations are integrated, monitored, and/or controlled by a computational core. Components are networked at every scale. Computing is deeply embedded into every physical component, possibly even into materials. The computational core is an embedded system, usually demands real-time response, and is most often distributed”

Or, we might, perhaps, define cyber-physical systems as any systems in which sensors, actuators, and embedded computers (often networked) control physical processes, with feedback loops where physical processes affect computation and vice versa.

Defining Cyber-Physical Systems from the Risk Perspective

From the risk perspective, perhaps a better definition is the one I used at the Cyber-Physical Systems Security Institute (CPSSI) in the late 1990s:

“Cyber-Physical Systems are any physical or biological systems with an embedded computational core in which a cyber attack could adversely affect physical space, potentially impacting well-being, lives or the environment.”

This definition focuses specifically on a critical aspect of this technology: security. Lumping different types of systems under the umbrella terms of CPS would be mostly academic were it not for the benefits to be gained from addressing the security risks they share. ICS, IoT devices, drones, smart grid, autonomous transportation (automobiles, aircraft, ships etc), computer-controlled artificial organs and connected medical implants, wearable technology – these digital systems differ hugely in their design and application, but they have one major trait in common: they can be hijacked to affect damage in the physical world.

Defining Cyber-Kinetic Attacks

This potential for harm makes CPSes particularly dangerous. Unlike strictly mechanical systems, their cyber half also gives them the potential to be hacked remotely by attackers anywhere in the world. Those that control the cyber can then control the physical, with possibly lethal consequences.

Cyber-kinetic attacks, therefore, transcend traditional cybersecurity boundaries to directly impact the physical world putting lives, well-being, or the environment directly at risk. Such attacks extend beyond data breaches and financial losses, reaching into the realm of causing physical damage or endangering lives.

But let me step back. Several terms are used to describe the intersection of cyber and physical realms for malicious purposes. Understanding the nuances between these terms is crucial, as their similarities can lead to confusion. To effectively classify these threats, it’s helpful to categorize them based on the domain from which the threat originates and the domain where its impact is felt.

  • A physical-cyber attack is one that begins in the physical domain and has consequences in the cyber domain. Typically, such an attack targets physical infrastructure to disrupt cyberspace functionalities. For instance, damaging servers or network infrastructure disrupts access to and functionality within the cyber world. This category also includes actions like tampering with sensors to render them unable to transmit accurate data. The hallmark of this attack type is the physical damage to equipment, leading to compromised cyberspace operations. A subset of these attacks might also fall under the category of Intentional Electromagnetic Interference (IEMI) attacks, which target the analog aspects of electronic communications and computer processing, rather than the digital or cyber aspects.
  • Conversely, a cyber-physical attack originates in cyberspace and affects the physical world, particularly impairing cyber-physical systems’ ability to monitor and control physical processes. This broad category encompasses a range of motives and methods, from hackers launching Denial of Service (DOS) attacks on CPS to demonstrate vulnerabilities, to cybercriminals manipulating smart meters to fraudulently reduce electricity bills, or cybercriminals impacting operations in CPS-operating organizations in order to ransom the victim. Goals can vary widely, including financial goals, industrial or political espionage, or hacktivism aimed at coercing targets into compliance with the attackers’ demands. The defining characteristics of cyber-physical attacks are their initiation in cyberspace, targeting of CPS, and impact on the physical operations.
  • Cyber-kinetic attacks are a subset of cyber-physical attacks with a more narrowly defined objective: to inflict tangible, physical damage. For example, state-cyber-warriors or cyber-terrorists hacking into a power plant and causing generators to fail could leave millions of people and businesses without power, with not only massive inconvenience, but also significant economic damage. Other examples include cyber-terrorists attacking connected or autonomous vehicles to cause a crash; cyber-terrorists, cyber-warriors or cyber-spies assassinating people by attacking embedded medical devices; or – the holy grail of cyber-terrorism – causing explosions and/or environmental damage by remotely attacking nuclear power plants, chemical or gas installations, oil pipelines or other physical targets whose failure could cause catastrophic physical damage. These attacks aim to cause physical harm, disrupt critical services, or even lead to loss of life through the exploitation of vulnerabilities in information systems and processes. We are focusing in this article on cyber-kinetic attacks, given their direct impact on physical safety.

A definition I previously suggested is therefore:

“Cyber-Kinetic Attacks target Cyber-Physical Systems and cause direct or indirect physical damage, injury or death, or environmental impact solely through the exploitation of vulnerable information systems and processes.”

Although cyber-kinetic attack is a relatively new term, an apocryphal story suggests that the concept of such an attack was conceived as far back as the 1980s. The story goes that the U.S. Central Intelligence Agency learned in 1982 of Soviet efforts to steal natural gas pipeline control software from a Canadian company. In response, the CIA supposedly introduced defects into the software so that the version the Soviets stole would cause pipeline pressure to build until pipes ruptured. According to the story, this eventually occurred in a Siberian pipeline in an explosion so massive that it could be seen from space. Although the story has never been confirmed by any other source, it shows that the concept of cyber-kinetic attacks was understood long before our world became so ubiquitously cyber-connected.

As far back as 2015, Charlie Miller, a security researcher at Twitter, and Chris Valasek, director of Vehicle Security Research at IOActive, proved the havoc that could be wreaked by hackers commandeering CPSs. In a now-famous exercise for Wired magazine, the duo used remote access to hack into a car driving on the highway. From 10 miles away they were able to control the vehicle’s air conditioning, radio, windscreen wipers. But they were also able to cut the engine and take over the steering.

Now imagine the same scenario extrapolated across a network of driverless cars traveling at over 100 miles an hour in perfect precision. That’s pretty much what one of my teams did many years ago – demonstrated to a car manufacturer how we were able to take control over all of the cars of a particular new model that were connected at the time, anywhere in the world. The potential damage that could be done instantly by malicious cyber attackers who infiltrate the network, or even just one car, is harrowing to consider. That is the nature of cyber-kinetic risk.

The implications of cyber-kinetic risks are profound and far-reaching. Attacks on CPSes can lead to scenarios such as:

  • Critical Infrastructure Disruption: Compromising the control systems of utilities can lead to widespread power outages, water contamination, or transportation chaos.
  • Endangerment of Human Lives: Attacks on connected vehicles or medical devices can directly endanger lives, turning everyday objects into potential threats.
  • Economic and Environmental Damage: Cyber-kinetic attacks on industrial systems can cause significant economic disruption and environmental harm, from factory shutdowns to oil spills.

How serious is the risk?

Such attacks have already occurred, with physical damage inflicted on nuclear power plants, water facilities, oil pipelines, factories, hospitals, transit systems, apartment buildings and more. I’ve been tracking many of them here up until 2017.

Their scattered nature has prevented them from gaining more attention. They are also often kept confidential. Unlike breaches of personal data, which have reporting regulations, most jurisdictions don’t have reporting requirements for cyber-kinetic attacks. They often end up being tracked as regular industrial accidents without the general public being any wiser. My teams have investigated many such non-public incidents that resulted in injuries or fatalities but never made the news.

In my former firm, we surveyed several hundred heads of engineering, safety, and cyber leaders across large CPS-operating organizations. Conducted by an independent third-party organization guaranteeing full anonymity, the survey got a startling 7% of respondents stating that they had, at some point in the past, experienced injury or death of employees as a negative consequence of cyber attacks on their organization, and 6% reported injury or death of members of the general public.

Even though actual, serious cyber-kinetic attacks are rare, these are the types of risks where the likelihood is low, but the impacts are huge and therefore deserve serious consideration.

There is another reason why we should take these attacks seriously. When performing threat hunting within key systems of critical national infrastructure organizations in several countries with ongoing disputes with one of the cyber superpowers, we regularly found CPSes that provide people’s critical needs compromised with malware or backdoors. When my research team assessed those critical CPSes, it was rare not to find the systems already infected and ready to be exploited by adversaries whenever they chose. We’d clean the systems and implement additional security controls, only to find the systems often compromised all over again, now in a more advanced way, one year later when we returned to re-assess.

Cyber-kinetic risks, as demonstrated, have significant impacts. These risks are, in fact, far more common than what is generally reported by the media and understood by the public. With the rapid integration of cyber-physical systems into every facet of our lives, these risks are increasing quickly. It is critical for every organization to develop strategies that mitigate these cyber risks with potential safety consequences.

Cyber-Kinetic Risks: A Distinct Challenge Beyond Traditional Cybersecurity

While traditional cybersecurity risks have long been a concern for IT professionals, the emergence of cyber-kinetic risks introduces a new dimension to the digital threat landscape. These risks are not merely an extension of the cybersecurity challenges we’re accustomed to; they represent a unique category that requires a broader, interdisciplinary approach. Understanding why cyber-kinetic risks should be considered differently from traditional cybersecurity risks is crucial successfully mitigating these threats.

Every aspect of cybersecurity, from vulnerability assessment and management to hardening, monitoring, detection, and incident response, differs when applied to cyber-kinetic risks. Most traditional IT cybersecurity measures are not directly transferable to the context of CPS, as the safety outcomes of cyber-kinetic attacks require a different approach to risk assessment and mitigation.

In this section, I will outline the key differences between cyber-kinetic security and “traditional” cybersecurity. Please note that there exists a huge number of differences between IT cybersecurity and the cybersecurity of Cyber-Physical Systems (CPS), as currently applied to Operational Technology (OT) and IoT systems for protection against more conventional cyber threats. However, I will not get into those distinctions. Instead, my focus will be solely on those aspects where the embedded safety concerns requires an even more distinct approach than currently being considered for OT security.

The Multifunctional Challenge of Cyber-Physical Systems

Addressing the cybersecurity of cyber-physical systems is inherently a multifunctional challenge. It requires a fusion of cybersecurity and IT skills with disciplines such as engineering, automation, process control, and others that deal with the “physical” aspects of cyber-physical systems. The integration of these disciplines is essential for understanding and mitigating the risks associated with the interconnectedness of digital and physical systems.

When considering cyber-kinetic risks, an additional layer of complexity is introduced: safety. This requires the involvement of even more stakeholders, often from a combination of disciplines that may have never worked together before. Disciplines that have different culture, terminology, processes, reporting hierarchy, metrics, etc. The safety aspect requires an in-depth understanding of how cyber threats can translate into physical consequences, making the management of these risks significantly more challenging.

Cyber-Kinetic Incident Response

When it comes to cyber-kinetic attacks, the incident response is drastically different from “traditional” cyber attacks. In IT cyber-attacks, the Computer Emergency Response Team (CERT) / Computer Incident Response Team (CIRT) typically leads the charge, orchestrating containment, eradication, and recovery efforts. These teams are well-versed in digital forensics, malware analysis, and the restoration of IT services and are used to be in charge.

However, the situation shifts dramatically when addressing cyber-kinetic incidents. In such scenarios, the response hierarchy or the Incident Command System changes, with CERT/CIRT roles becoming part of a broader, more complex response framework, and very often ending up somewhere at the bottom of response hierarchy.

The immediate safeguarding of human life and the preservation of the environment is handled by the emergency services. They control the scene at the outset of the incident.

Following the stabilization of immediate safety concerns, national security agencies and critical infrastructure protection entities often step in. Their focus is on assessing the broader implications of the attack, including potential threats to national security and the resilience of critical infrastructure. This phase may involve complex coordination between various governmental and non-governmental organizations, each with a role in safeguarding public welfare and national interests. CERT/CIRT here again might not have any role to play or even visibility.

Once the site is deemed secure from immediate threats, the responsibility transitions to the victim organization’s internal safety and security teams. These teams are tasked with ensuring that any remaining hazards are thoroughly addressed, and the environment is safe for recovery operations.

The focus then shifts to the restoration of impacted physical processes. Reliability engineers and process engineers take control of the incident with the focus on resuming normal operations as much as possible. Even if the physical processes are temporarily controlled manually. Again, CERT/CIRT teams might not have any role to play in this phase.

Finally, CERT/CIRT teams have the opportunity to engage, focusing on identifying the root cause of the cyber aspect of the attack, securing digital systems against future threats, and conducting a thorough digital investigation. However, this step is approached with caution. In some instances, the decision may be made to forego immediate cyber remediation if it poses a risk of further disrupting critical operations.

Responding to cyber-kinetic incidents demands a comprehensive, multidisciplinary approach that extends beyond the digital domain to address the physical, human, and environmental impacts. The response will work only with the effective integration of emergency services, national security efforts, organizational safety protocols, engineering expertise, and cybersecurity knowledge. The problem is – these functions never used to work together before. And they all are used to being in charge in their “traditional” silos. Getting them to learn to work together through detailed Incident Command System (ICS), response playbooks, and realistic and frequent cyber-kinetic incident simulations are prerequisites for effective cyber-kinetic incident response.

Lack of Crisis Decision-Making Information

One of the largest obstacles in managing cyber-kinetic incidents is the absence of reliable, timely information. Following the physical impact of such an incident, the immediate focus on addressing the physical aftermath, and not on validating the potential cyber origin. The lag between the incident’s occurrence and the availability of concrete evidence indicating malicious cyber activity can span weeks, leaving decision-makers in a precarious position.

This delay presents a huge challenge for Crisis Management Teams (CMT) dealing with these scnearios. The introduction of a potential cyber component disrupts established physical crisis response protocols. In case of a malicious cyber-kinetic attack, they may need to proactively shut down or disconnect other operations using the same vulnerable CPSes – something they would never consider in other scenarios. This decision must be made swiftly, but can be tough as it involves weighing potential massive operational impacts against potential further human safety impacts.

During simulations of cyber-kinetic incidents conducted with my clients, it’s common for Gold CMT members to become very frustrated about this particular aspect – making decisions on a scale that could bring the company down (massive operational downtime or allowing further injuries or fatalities) without any reliable information. However, confronting this in a simulated environment is necessary and much better than leaving these challenges for the when a genuine crisis hits.

Media Scrutiny

For obvious reasons, the media will put a much brighter spotlight on organizations suffering from cyber-kinetic attacks than those that experienced traditional data breaches or ransomware.

The unfortunate reality of cyber-kinetic incidents is that reliable information on the root cause of such attacks is hard to come by. It will take time to confirm whether there was a cyber root cause, and even more time to confirm whether it was a malfunction or a malicious attack. The media, however, will demand answers straight away. Scarcity of information will only add fuel to the fire of media scrutiny.

This relentless pursuit of answers by journalists, while understandable, can sometimes rush organizations into premature or inaccurate statements, complicating the crisis further. In this high-stakes environment, the narrative can quickly shift from one of victimhood to vilification, challenging the organization’s reputation and the public’s trust in ways that could be difficult to recover from.

Market and Stakeholder Perception of the Victim

The public and stakeholder perception of victims varies significantly between traditional cyber attacks and cyber-kinetic attacks. In the wake of cyber-kinetic attacks, the perception shifts from sympathy in the case of “traditional” cyber attacks to condemnation when the physical world is impacted. The public and stakeholders are much less forgiving when the stakes involve human lives, health, or environmental well-being.

In traditional cyber attacks, such as data breaches, the victim organization often receives sympathy from stakeholders and the general public. Although the share prices of companies that fall victim to significant data breaches may initially drop, they tend to recover in a decreasingly short time frames. The media and public tend to view these organizations as victims of sophisticated and inevitable cyber threats. With the frequency of such breaches, the public has come to accept them as an unfortunate but unavoidable aspect of the digital age, much like victims of natural disasters, who are also met with widespread sympathy and support.

However, the narrative will shift dramatically in the case of cyber-kinetic attacks, where inadequate cyber controls lead to tangible impacts on lives, well-being, or the environment. In these instances, the impacted organization will not be seen through the lens of victimhood but rather as a failure. The lack of adequate cyber controls in these cases is viewed not just as an oversight but as a grave negligence that led to tangible physical impacts.

This partially explains why the victims so far would have been reluctant to share the information about their cyber-kinetic incidents.

Preparing for this means spending more time and preparation effort on crisis PR, training the executive team on what and how to say, preparing some playbooks and ready-made statements, etc.

Rethinking the CIA Triad for Cyber-Kinetic Risks

This topic often ignites spirited debates, so brace for some passionate discourse in the comments below. My aim isn’t to claim any superior paradigm but rather to encourage practitioners to start thinking beyond the confines of their traditional cybersecurity education.

The cybersecurity of Cyber-Physical Systems (CPS) may require rethinking of many foundational elements of cybersecurity, including the basic CIA triad—Confidentiality, Integrity, and Availability—that has underpinned cybersecurity practices for decades.

  • Confidentiality ensures data is kept secret from unauthorized entities.
  • Integrity guarantees data remains unaltered and trustworthy.
  • Availability ensures systems operate continuously, providing authorized users access to data as needed.

For the purpose of protecting the cyber side of CPSes, we can indeed compare CPS against these concepts, and we will likely find our primary concerns largely lie in the area of integrity, as opposed to confidentiality – the traditional focus of enterprise cybersecurity. The integrity of sensor data or control commands is critical; any compromise here can have dire consequences. Consider the following scenarios:

  • A breach in the confidentiality of an automated insulin pump might reveal a patient’s glucose levels. However, a compromise in data integrity could lead to incorrect insulin dosages, risking hypoglycemia or even death.
  • For an autonomous drone, confidentiality breaches might expose its location and battery status. But if the drone’s geofencing system integrity is compromised, it could be forced into restricted airspace, posing significant risks.
  • Accessing a smart traffic light system could unveil its operational cycles. Yet, altering the system’s integrity by changing these cycles could cause catastrophic accidents.
  • Information about a connected vehicle’s fuel consumption or a driver’s habits might interest a hacker. More alarmingly, tampering with the vehicle’s sensor data or system commands could lead to loss of control, accidents, or worse.

Interestingly, several OT/CPS security frameworks prioritize Availability (A) over Integrity (I) and Confidentiality (C), suggesting an A-I-C hierarchy. However, in the context of cyber-kinetic risks, I argue that Availability should not take precedence. Our primary concern is the protection of human life, assuming operational disruptions due to the data Availability issues are secondary. Moreover, my assumption is also that these days many CPS are designed to fail-safe, meaning a loss of availability should not compromise safety. Thus, I propose an I-A-C hierarchy for cyber-kinetic risk contexts.

Yet, adhering strictly to the CIA, or IAC triad may not fully address CPS security needs. While Integrity and Availability are paramount, additional considerations emerge with systems that interact with or control physical elements.

To encompass these broader concerns, we might look to the Parkerian Hexad, which expands the framework to six elements by adding Possession/Control, Authenticity, and Utility:

  • Possession/Control emphasizes preventing unauthorized system takeovers.
  • Authenticity ensures data originates from legitimate sources.
  • Utility balances security with maintaining device functionality for authorized users.

Another concept gaining traction in OT security discussions is SRP: Safety, Reliability, Productivity, with a primary focus on “Safety.” Of course, with Safety being prioritized, I am already a fan. The difference, however, is that while CIA/IAC focus on the data or cyber aspect of a CPS, SRP offers a broader operational perspective, emphasizing the overall functioning and operational integrity of a whole CPS integrating cyber protection within a larger context of system safety and efficiency. SRP should therefore be seen as complementary to, rather than a replacement for, cyber-focused frameworks like the CIA/IAC triad or Parkerian Hexad.

The Rarity of Required Skills

The unique nature of cyber-kinetic risks, combined with the need for an interdisciplinary approach, means that the skills required to effectively manage these risks are rare in the market. Professionals who possess a deep understanding of both the cyber and physical domains, as well as safety principles, are in high demand but short supply. This scarcity of skills further complicates the challenge of protecting against cyber-kinetic threats.


Cyber-kinetic risks represent a special category of threats that require a distinct approach to risk management. The integration of cybersecurity, engineering, process control, and functional safety disciplines is essential for addressing the multifaceted challenges posed by these risks. As our reliance on cyber-physical systems continues to grow, developing strategies to mitigate cyber-kinetic risks will become increasingly important. Collaboration across diverse fields of expertise is key to safeguarding our interconnected world against the potential physical consequences of cyber threats.

Can we afford to keep ignoring Open RAN security?

5G Open RAN Security

I’m skeptical of ‘futurists’. Work closely enough with the development of technology solutions and you’ll know that the only certain thing about the future is that it’s constantly changing. For example, few ‘futurists’ predicted the Covid-19 outbreak that brought the world to a standstill in 2020. Many, however, had spent hours waxing on about how 5G technology was to change the trajectory of human evolution, telling tales of what would be possible with ultra-high speed, ultra-low latency connectivity. Me included.

Of course, 5G will enable many of these promised use cases, and many others we haven’t even dreamed of yet, but have the prophets been proven true? Has 5G changed the world?

The answer, of course, is not yet. We simply haven’t yet achieved the levels of scale required for 5G to realize its potential, but some aspects of the transition to 5G are going well. Despite a global pandemic, deployment has continued to move at a decent pace with 5G now available in almost 2,000 cities across more than 70 countries. This healthy and continued expansion is made possible by a solid, and constantly evolving, 5G standard.

However, other aspects have moved slower. The cybersecurity provisions of 5G standards have lagged behind in their maturity and fit for purpose, with gaps still remaining to be filled. This is not entirely surprising. Both private and public players face a significant challenge in securing 5G networks, especially with the increased complexity represented by new developments like Open RAN.

As a measure of this challenge, the European Telecommunications Standards Institute (ETSI) only released its first Open RAN standard in September of this year. Even more tellingly, it included no cybersecurity requirements. Open RAN functions are governed by the existing cybersecurity specifications in the 5G standard, but none more.

This is a major concern. Open RAN is likely to become a major part of 5G development in the future and ensuring its security needs to become a priority.

Why the noise about Open RAN?

The Radio Access Network (RAN) is a critical component of any broader mobile network setup. It includes base station equipment, cell towers and radios, which work in unison to convert wireless signals into the various data formats that end users ultimately engage with. The RAN is what connects your devices to other parts of the network, and ensures the wireless signals travelling invisibly through the aether arrive on your device in the form of text, voice or video.

A conventional RAN configuration, as is used in 3G and 4G networks, for example, is built on proprietary hardware and software resources developed by a single vendor. These components are not interoperable – that is, they cannot function in agreement with equipment built by alternative suppliers. This ‘vendor-locked’ arrangement means mobile network operators (MNOs) are limited to the supply schedules and component offerings of their contracted vendor.

Commercially, this arrangement has long favoured the supplier, with operators seeking cost efficiencies and technological agility complaining of their limited options. Security has also been positioned as a major drawback of traditional proprietary infrastructure. This reasoning gained significant traction during the Trump era and drives the Federal Communications Commission’s (FCC’s) ‘rip and replace’ program to do away with network gear from firms like Huawei and ZTE. The security argument against vendor lock-in points to the risks of being tied to suppliers, such as Chinese firms, whose products are suspected of security flaws.

The commercial argument is driving industry change. The O-RAN Alliance, whose specifications underpin ETSI’s standard released in September, is the most influential of a number of bodies campaigning for an “open” network architecture that disaggregates RAN functions, relies on interoperability of network components, and paves the way for MNOs to lower equipment costs and improve network performance through increased competition among network suppliers.

Ostensibly, this diversity of supplier base should encourage greater network security too. A more open RAN architecture should increase transparency across the network, granting operators more freedom and responsiveness in addressing vulnerabilities or incursions in real time. And, where a particular vendor’s products are shown to be compromised, the operator can quickly and easily swap them out for alternatives.

Theoretically, then, market economics should also favour suppliers who are able to deliver superior security. As declared by the DoD, “…this market-based approach represents a sustainable model for accelerating critical 5G innovation while spurring the growth of domestic supply chains based on trusted and secure vendors.”

But in most cases cybersecurity’s relevance to the bottom line is not immediately obvious and commercial motivations stand to win out against security considerations. This friction is not easily apparent when, as in the case of increasing interoperability and supplier diversity, both causes appear to be served by the same course of action.

But, the final test of this union is in the actual selection of those supplier products and services and, beneath that, the reliability and security competence of different vendors. When it comes down to it, can we confidently assume that network operators – which include many smaller local outfits lacking the capital and operational budgets of larger national players – will always choose the most secure option over the cheaper one with more favourable terms?

A key theme here is virtualization. One of the defining characteristics of the move to 5G is the virtualization of network functions previously assigned to hardware. This is not a basic technological development, it is an evolutionary leap. By unmooring network functions from physical hardware we liberate the full potential of integrated technologies like cloudification, edge computing, and AI/ML automation. But this move relies on a shift to a software-driven ecosystem which is inherently more hackable than a hardware-based system that includes software services.

I have previously discussed the significance of virtualization in relation to Open RAN in detail, including the evolution from traditional RAN architecture through centralized (C-RAN) to virtualized (vRAN) and Open RAN (oRAN). The move to a disaggregated and virtualized system offers many operational advantages, which are necessary if we are ever to see the promised benefits of 5G at scale.

But it also increase the attack surface of the network and invites greater complexity in supplier management. The more suppliers there are, the more difficult, time-consuming and expensive it becomes to vet them and their products, while many supply chains cross borders and originate in countries beyond the network operator’s own territory.

Also, the more disaggregated a network is, the more component interfaces there are to act as entry points for malicious attacks. And, when most of these products are either software or software-driven, the challenge increases exponentially, because we need to consider the DNA of the software itself. In a development environment in which so much software is based on open-source code, finding vulnerabilities and attack opportunities becomes considerably more difficult.

While Open RAN only accounts for a portion of the network, it represents a major share of capital investment. This alone should be enough to focus MNO efforts on ensuring Open RAN is a secure system. The increased agility and flexibility promised by oRAN won’t be realised if safety and reliability cannot be achieved. But the challenge is significant. Cybersecurity experts across the world are working at ensuring features like cloudification, virtualization and software supremacy do not open 5G networks to attack, but these are novel technologies and security methods are still evolving. Not only do Open RAN configurations need to contend with these same challenges, which apply to 5G networks more generally, they also have the added pressure of keeping open interfaces, which are unique to Open RAN, safe for the network and, ultimately, the end user.

Most large-scale 5G deployments globally are still likely to implement ‘traditional’ RAN architecture, with very few operators moving assertively towards oRAN in the short term. In the United States, for example, only DISH is deploying Open RAN across its entire network, and even that roll out has been repeatedly constrained by teething problems. So, it appears we still have some time to work out the best way to approach Open RAN security, but this is a new and quickly evolving concept. Development is happening at speed, and at the moment security considerations are not receiving the same amount of attention as commercial promises. The risk that security is left behind is increasing, and the potential fall out could be severe.

Securing Open RAN

By reducing supplier vendor dependency, Open RAN should also reduce cybersecurity risks compared to conventional RAN setups. However, as pointed out by the Network and Information Systems (NIS) Cooperation Group, there are a number of risks that are amplified in Open RAN.

The first issue is one of maturity. Open RAN network design and its concomitant security standards are simply not mature enough yet and rushing into deployment could invite disaster. With the increasing complexity of multiple suppliers and innumerable software sources and combinations, the potential for inadequate security provisions increases.

Furthermore, opening standards for interfaces in the RAN invites a broad diversity of new vendors, thereby increasing competition, which is one of the key commercial incentives for MNOs.  But having more vendors increases supply chain risks, while the quality and security rigour of the components created by these new suppliers is currently unknown. If Open RAN cybersecurity is not more explicitly spelled out in 5G standards, there’s nothing to ensure that new network components will be safe.

In addition to amplified risks, there are numerous potential risks that would be unique to oRAN, the first being a significantly expanded threat surface. One area of focus is the Open Fronthaul, a crucial aspect of oRAN architecture, which, as defined by the O-RAN Alliance, sees the disaggregation of the distributed unit (located in the base station) and the radio unit. Communication between these components will need to happen in real time via interoperable connections, but these real-time interfaces add an extra dimension of potential vulnerability. As suggested by the Cybersecurity and Infrastructure Security Agency (CISA), the Open Fronthaul is specifically vulnerable to DDoS attacks, and the first line of defence is network access control. So, cryptographic security mechanisms for these real-time interfaces become crucial to the integrity of the Open Fronthaul networks, but at the same time these networks “push the boundaries of high-speed performance and the ability of cryptographic security mechanisms to keep up, all while keeping unit deployment and operational costs down.” As a result, “These cryptographic security mechanisms require further industry study and consideration.”

It is in light of concerns around Open Fronthaul that the recent ETSI announcement of its first 5G standard is especially disappointing. That standard is specifically formulated for Open Fronthaul and would have been an ideal opportunity to set the bar for security of fronthaul networks, yet there were no such specifications. The concern, of course, is that this instead sets the tone for a mode of release in which commercial expediency (getting standards to market to allow for development of hardware and software components) outpaces security considerations.

Another development specific to Open RAN is in the form of network automation applications known as rApps and xApps, which further expand access by allowing different vendors to contribute to the RAN app ecosystem. The EU Open RAN security report correctly points out that these new functions will “require additional security controls and measures to be put in place between each and every function to avoid new security threats being introduced.”

These applications will initially be used to manage AI/ML operations in the network, though these AI/ML functions will themselves be new potential attack vectors. AI/ML algorithms are also susceptible to “data poisoning attacks” in which corrupted or misleading data is fed into the system, causing the algorithm to make false assumptions and move into chaotic or unpredictable behaviour. However, securing such algorithms against data poisioning is still a fairly new area of study.


With its disaggregated structure that allows for multi-vendor engagement in a more competitive landscape, Open RAN is an extremely promising area of development in 5G technology. However, by raising the number of suppliers providing an increased number of products and services in a larger number of categories, the complexity of an oRAN network will far exceed that of its predecessors.

Will MNOs be equipped to implement these new infrastructures in a way that keeps networks and their users safe? With the support of standards bodies committed to delivering robust and secure guidelines, there’s no reason this shouldn’t be possible. Until now, industry associations and authorities have been clear and confident about the need to employ best practices in making sure Open RAN networks are secure.

But we have seen little in practice.

Tremendous amounts of energy and resource are being invested in building out 5G standards for global network deployment. The time to include cybersecurity provisions in those standards is now.

Introducing Society 5.0

Securing Society 5.0
Securing Society 5.0

Self-help authors and politicians seem to agree on at least one thing: mindset matters. The shelves of bookstores worldwide are awash with motivational books by evangelical writers hoping to convert readers to their gospel of optimism. The central thesis is simple: success depends on approaching life, especially its challenges, with a positive outlook.

Politicians and leaders have always appreciated the power of mindset, though less of the positive kind, as attested to by a history of propaganda that dates back to at least 500 BC. More recently, as Covid-19 spread across the globe, language in public discourse showed itself to be carefully selected to shape national mindsets. War metaphors, specifically, became the favoured way of talking about the virus that was, despite its many negative consequences, still just a virus, not a sentient foe.

Donald Trump declared himself a “wartime president”, leading the US in a campaign against an “invisible enemy.” UK Prime Minister, Boris Johnson, also named the virus as an “enemy” that was being fought by his “wartime government.” His chancellor, Rishi Sunak, and his Health Secretary, Matt Hancock, kept to the same script, naming the “war against this virus” as the greatest fight “in peacetime” the country had ever faced. Italian Prime Minister, Giuseppe Conte, referenced the speeches of Winston Churchill, describing the pandemic as “our darkest hour.” Even António Guterres, Secretary-General of the United Nations, felt compelled to announce, “We are at war with a virus.”

There is nothing particularly new in all of this – the language of war has long been used as a tool to reliably “express an urgent, negatively valenced emotional tone that captures attention and motivates action.” Yet, in the case of the Covid-19 pandemic, it is useful to contrast popular war-themed rhetoric with a more embracing perspective.

Dr. Yuko Harayama is the Executive Director for international affairs, communication, and diversity at RIKEN, Japan’s largest research organization for basic and applied science. When asked about the impact of the coronavirus emergency, Harayama replied,

After the pandemic, we have to foresee a future where humans are not dominating everything; humans are just one part of nature. We should not be arrogant to say we’ll dominate coronavirus.”

Harayama’s measured response says a lot about the way she sees the interaction between humans and the world around them. It also says a lot about Society 5.0, behind which Harayama was the driving force during her time in the Cabinet Office of Japan, where she was an executive member of the Council for Science, Technology and Innovation.

Society 5.0 is the vision of a future in which humans and machines “co-create” the solutions to societal problems by integrating cyberspace and physical space. First proposed in Japan’s 5th Science and Technology Basic Plan as a future that the country should aspire to, Society 5.0 represents the next step towards a more successful human collective.

Rather than simply using technology to improve our means of production, this plan is intended to create a new social contract and economic model by fully integrating cutting-edge technological innovations into our social fabric. In the words of Shinzo Abe, the Japanese Prime Minister under whose administration the vision was launched, Society 5.0 sets “a new definition for machines.” Leveraging advanced robotics, AI, cloud computing, next generation connectivity, and big data, Society 5.0 is intended to liberate machines of their narrow functions in industry and society. Instead, they will become active problem solvers and evolutionary enablers.

According to researchers at Hitachi-UTokyo Laboratory, a partnership between The University of Tokyo and Hitachi, the realisation of this view will also require us to reframe two kinds of relationships: the relationship between technology and society and the technology-mediated relationship between individuals and society. This is a crucial point because it highlights the human-centric nature of Society 5.0, a quality that neatly distinguishes it from the fourth industrial revolution.

Beyond 4IR

We are in the emergent stages of the fourth industrial revolution (4IR)–a reimagining of production through the digitization of manufacturing.

The first industrial revolution employed steam and water power to improve output. The second used electricity to do the same. The third industrial revolution used computers and automation to accelerate production.

4IR, or Industry 4.0, builds on the power of computerized automation by introducing machine and systems autonomy. Through wireless networks of sensors, receivers, and processors, vast amounts of manufacturing data are collected and processed by artificial intelligence, currently of the “narrow” or “weak” kind.

These autonomous arrangements of physical and virtual computing elements are effectively capable of learning in real-time. They continuously improve production processes, making decisions based on super-fast analysis of live and historical data collected from the production environment.

The first industrial revolution reduced the need for human labour. The second increased efficiency by mechanizing large production lines. The third used computers to automate these processes even further, but still required humans to manage production.

The fourth industrial revolution goes further to make human intervention in production applications almost redundant. Smart factories, for example, are independent cyber-physical systems in which people are necessary only for specialized jobs, machine maintenance, high-level network management, and strategic guidance.

However, society 5.0 is something different from Industry 4.0. In the words of the Japanese Cabinet Office, “This is a society centered on each and every person and not a future controlled and monitored by AI and robots.” It is a human-centred proposition that seeks to use the same relationships between cyberspace and physical space to solve social problems.

The fourth industrial revolution relates specifically to commerce and manufacturing through better use of machines, but the non-commercial consequences of 4IR are often overlooked.

What, for example, will be the societal effects of 4IR?

As AI and automation make many human jobs redundant, what will be the impact on the nature of work, communities and social structures?

What will happen to economies as medical improvements lead to an aging population?

What will happen to the environment as human production and consumption continue to grow?

These are wicked problems, even though they are the result of largely positive trends towards more widespread human wellbeing. And they would not be vexing us were it not for technology.

Of course, this does not make technology bad, or even good–it is agnostic–but it does raise the question: if we used technology to get ourselves into these dilemmas, can we use it to get ourselves out?

The notion of Society 5.0 is an emphatic ‘yes’ to that question. It is a proposal for humanity’s next evolutionary step. According to the Japanese government, this would be the 5th stage of human society. Initially (Society 1.0), we organized ourselves in small groups or tribes of hunter gatherers, living off the natural output of the land. Then, through horticulture and agriculture (Society 2.0), we used tools to harness the growing potential of the earth, giving us more control over our food production. Society 3.0 saw us move into the industrial era, and Society 4.0 represents the information age we are living through now.

Society 5.0 assumes that, through a high degree of convergence between cyberspace and physical space, we can achieve a forward-looking society in which each and every person can lead an active and enjoyable life.

New solutions for new problems

The pace and extent of globalization have meant that new challenges have emerged that were either not anticipated, or at least not expected for some time to come. And, having a more integrated world means having more integrated problems that are more difficult to solve.

Sustaining economic growth while reducing income inequality and environmental degradation; improving the welfare of an aging population while ensuring opportunities for the youth; providing for more people using limited resources; slowing down, stopping, and then reversing the effects of climate change: these are wicked problems, but Society 5.0 represents an integrated approach to tackling them through multiple domains.


An increase in global life expectancy has been one of the great achievements of medical progress over the last two hundred years. According to World Bank data, average life expectancy at birth across all countries increased by more than 30 years between 1960 and 2019 alone. In the late nineteenth and early twentieth centuries, this trend was largely due to improvements in living conditions (especially sanitation), education, and advances in medical treatments like vaccines and antibiotics. These factors helped reduce early to mid-life mortality, but since the later parts of the twentieth century, rising life expectancy has been principally attributed to lower mortality later in life. Quite simply, the average human has been living longer. However, this has not necessarily been positive.

The WHO reports that, in the first two decades of this century, life expectancy around the world rose by an average of 6.6 years. Healthy life expectancy (HALE) also rose by 8% during the same period, though this was not due to reduced years living with disability. Instead, increases in HALE were attributed to declining mortality rates. People have been longer but not living longer well.

This discrepancy places a burden on societies and economies, an effect that is particularly pronounced in richer nations. In the 24 countries classified as high income by the World Bank, people aged 25 to 59 earn more than they consume, while the elderly do the opposite. Inevitably, as a population’s life expectancy increases, the cost of social support rests more heavily on working-age citizens, while pressure on government budgets grows. Quite simply, an ageing population puts economic strain on society as a whole.

It’s not surprising, then, that the original idea for Society 5.0 originated in a country like Japan, where life expectancy is higher than anywhere else on earth and a third of the population is 60 years or older.

However, as medical technology and social support structures across the world improve in quality and affordability, more and more nations will face the challenges of having an aging population. These include increasing medical and social security expenses, and the demands of caring for the elderly.

In Society 5.0, wearable medical devices will allow health and physiological data to be captured, uploaded and analyzed remotely, permitting early (AI-driven) detection and diagnosis of illness. Medication and healthcare services will be delivered by drone and autonomous vehicles, giving elderly people in rural areas equal access to quality healthcare. Robots and AI will assist in giving elderly citizens living support, even offering them the conversation and companionship that is critical to greater mental health.

In combination, these results will lessen the burden on public healthcare systems, lowering the need for hospital visits and improving the accuracy and efficacy of diagnoses and medical prescriptions.

Smart cities and mobility

In 2009, for the first time, the number of people living in urban centres globally surpassed the number living in rural areas. Though a significant moment, this was simply a milestone in a steady rise in urbanisation that saw the world’s urban population increase six-fold from from 751 million in 1950 to 4.2 billion in 2018. By 2030, that number is expected to top 5 billion. By 2050, an estimated 68% of the world’s population will live in cities.

The pressure that this urban growth is placing, and will continue to place, on infrastructure and resources is immense. Smart technologies will be critical to the success of these cities in managing the complex challenges created by having so many people in limited spaces: problems like waste management, energy management, water and power management, connectivity, public safety and security, transport and logistics.

In Society 5.0, the urban cohort of the world’s citizenry will be defined by an open embrace of cyber-physical technologies – by necessity and for pleasure. Cities will no longer be the traditional bricks and mortar environments we have been accustomed too. They will become cyber-physical realms built on data as much as concrete and glass.

This data will be collected and distributed by vast networks of sensors and processors, feeding AI-driven decision-making on the back of next-generation connectivity. In the cities of Society 5.0, no area of human activity will be left untouched by smart technologies.

While other aspects of the Society 5.0 vision still reside in the future, the evolution of smart cities is already well underway. Early adopters in Europe included Barcelona and Amsterdam, with Copenhagen, Dubai, Hamburg, Nice and Singapore quickly following suit. In North America, New York, Chicago, Miami, San Francisco, Kansas City and Montreal are also examples of cities implementing smart city initiatives.

While living in Singapore, Marin was fortunate to work on many of the city’s “Smart Nation” programs, learning first-hand how such projects incorporate technology across transport, health, home, and business to create a network of interconnected digital experiences that enhance citizen’s lives and optimize their work and play.

China has aggressively developed smart cities, which monitor and seek to address common urban challenges like pollution, traffic congestion and widespread energy consumption through connected technologies. The government’s 12th Five-Year Plan announced in 2013 included the development of 103 smart cities, districts and towns.

Less radical and more pragmatic is India’s “Smart City Mission.” Initially investing in 90 cities to develop smart capabilities, this evolving, layered system solves specific issues such as clean water while organically developing smart integrations over time.

In the US, the “Smart City Challenge“ saw more than 78 cities across the country enter the inaugural challenge focused on tackling 21st Century transport issues. Through shared innovation and intelligence the program nurtured ideas for an “integrated, first-of-its-kind smart transportation system that would use data, applications, and technology to help people and goods move more quickly, cheaply, and efficiently.”

On the opposite end of the scale, depopulated rural areas of the future will have fewer public transport options or none at all. In these regions Society 5.0 will see the provision of autonomous public services, including driverless taxis and buses for public transport, drone-based distribution and delivery services, and digital support for mental and physical wellbeing.


As with individuals’ health, social care for public infrastructure and services will become proactive in Society 5.0. This move will be the backbone of civil management in smart cities.

Installations like roads, buildings, tunnels and dams will be monitored by sensors supplying a continuous feed of data. This information will allow preemptive maintenance and efficient deployment of technicians with specialized skills.

As a result, accidents will be minimized, time and resources spent in construction and repair work will be reduced. Safety and productivity will increase.


A declining rural population worldwide is leading to a labor shortage in agriculture, This, in a sector that is under increasing pressure to raise production while working against the challenges of more extreme climate patterns.

In Society 5.0, AI analysis of big data, such as meteorological data, crop-growth data, market conditions, and food trends and needs, will lead to hyper-efficient agricultural management.

These “intelligent” data-based decisions will be carried out by autonomous farming vehicles and machinery. From soil preparation to crop collection to seed planting, robots, drones and driverless farm equipment will take over many traditional farm labor roles.

The world population is expected to reach 9 billion by 2050. Only through AI and machine-optimized agricultural management will we be able to feed so many people.

Disaster prevention and response

As we see more examples of extreme weather around the globe, the future value of predictive climatological and geological information is becoming clearer and clearer.

As Society 5.0 unfolds, data acquired from terrestrial weather radar, satellites, geological sensors, drones and public observation systems will become invaluable. Processed in real-time using AI, this information will deliver those precious minutes or hours’ warning of impending disaster that can save lives.

Widespread access to mobile networks will allow safety and prevention broadcasts to be disseminated directly to end users, while devices can be used to geolocate individuals in trouble.

To those trapped by environmental disasters, relief and rescue materials can be delivered by drones, which will also be able to feed back video footage of victims’ state of wellbeing.


In a world of 9 billion people, much of the competition for resources will effectively be a competition for energy. Optimal energy creation and management will be crucial to a harmonious society.

As energy production moves more towards green alternatives like wind and solar, weather plays a more important role. Analysis of weather data and accurate prediction of weather patterns will a key aspect of reliable electricity manufacturing.

Big data processing by AI will also optimize electricity flows across the grid to meet vacillations in demand and supply. This will be particularly important in smart cities where responsive systems in buildings and public locations will manage energy down to the minute, and most forms of transport will become electric.


Though the Japanese Government was the first to formally use the term “Society 5.0,” we envisage a broader reach than that originally defined. We have borrowed it for this book because it speaks to the inclusivity we anticipate for a world in which the cyber and physical are fully integrated.

To that end, any catalogue of potential domains to be influenced by the advances of Society 5.0 must include an “Other,” simply because there will be no aspect of human endeavour that will go untouched. We could speak here of shipping, international travel, space travel, environmental management, genetics, arts and entertainment, sports – the list is endless.

Convergence with caution

The true power of Society 5.0 will lie in its degree of integration. As Shinzo Abe said, in Society 5.0 “we must cherish connectedness, above all else.” The more the cyber and physical worlds are combined, the greater the benefits we will experience.

However, the same is true of cyber threats. The more technology is incorporated into every corner of our social being, even our physical being, the greater the risk to our personal and collective safety.

Society 5.0 is built on an intricate network of sensors, devices machines and systems–a vast internet of everything. Each of these components broadens the cyber attack surface, but also elevates the stakes in the case of fallout.

When technology is woven into the tapestry of all we do, it is not hard to see the potential dangers. Autonomous vehicles, AI-operated public transport systems, fleets of drones, critical disaster prevention processes–these can all be hacked.

That is true today, but, as we will explore in detail on Part 5 of this book, the difference in Society 5.0 is that all relationships are cyber-kinetic. Virtual events have physical results. People get hurt. Or worse.

Securing Society 5.0 – Overcoming the hidden threats in society’s greatest evolutionary leap

Securing Society 5.0 Introduction
Securing Society 5.0 Introduction

A term first coined by the Japanese government, “Society 5.0” describes “A human-centered society that balances economic advancement with the resolution of social problems by a system that highly integrates cyberspace and physical space.” The fifth evolution of the society, enabled by the fifth generation of cellular networking and cyber-physical systems, imagines technology, things and humans converging to address some of the biggest societal challenges. The concept encompasses Industry 4.0, Fourth Industrial Revolution, Smart-Everything World and other buzzwords of the moment.

In the society of the future the more the cyber and physical worlds are combined, the greater the benefits we will experience. However, the same is true of cyber threats. The more technology is incorporated into every corner of our social being, even our physical being, the greater the risk to our personal and collective safety.

The pandemic has accelerated our progress towards Society 5.0, albeit without corresponding advancements in cybersecurity and privacy. In the second book my son and I are writing we are highlighting the blind spots that might drag us down on our way to humanity’s next evolutionary step and offering potential ways to reconsider cybersecurity and privacy in Society 5.0. From the introduction to Securing Society 5.0 (Upcoming):

Securing Society 5.0

Introduction to Society 5.0

As we move into the third decade of the 21st century, humanity faces challenges of previously unimagined scale and complexity. The world grows smaller every day; all problems are to some extent shared global problems. We have been dramatically reminded of this fact by the recent Covid-19 pandemic, which started as a health emergency but soon evolved into a social and economic one, leaving no nation on earth untouched.

Many parts of the world economy ground to a halt. Despite record sums in fiscal stimulus and monetary interventions aimed at keeping companies open and citizens employed, the damage was sharp and extreme. Global unemployment rose by 33 million in 2020, a number which would have been far higher were it not for the job retention schemes that allowed companies to reduce working hours without closing jobs. Even these measures, though, could not stem the fallout in productivity, with working hours lost in 2020 equivalent to 255 million full-time jobs.

These overall figures do not, however, reveal how uneven the effect of Covid-19 has been across industries. Sectors like aviation, food and hospitality, arts and culture, and construction have been hit hardest, suffering far greater losses than higher-skilled service sectors, like information and communication, finance, and insurance, many of which have actually seen jobs growth.

The fundamental reason for this disparity in impact is quite a simple one: physical proximity. Those industries reliant on human contact, or at least humans working near each other, have been largely paralysed by regulations prohibiting physical interaction. Those industries in which companies and their workforces are able to operate remotely have typically incurred less damage. This does not, however, mean that organizations in those industries were prepared for remote working on the scale we have seen.

According to the World Economic Forum (WEF), until recently, working from home was a luxury for the relatively affluent. Only around 7% of U.S. workers had the option to regularly work from home, most of them “knowledge workers” such as executives, IT managers, financial analysts and accountants. The UK Office for National Statistics estimated the WFH contingent in the United Kingdom in 2019 was approximately 5%.

Though no authoritative figures have been compiled yet, the number of people currently teleworking around the world has multiplied dramatically. Whole organizations have moved online and connect via video conferencing.

In March 2020, Zoom was downloaded 2.13m times around the world in one day, up from 56,000 times a day two months earlier. The company’s share price doubled in the same time period.

Predictions of a future in which people communicate primarily online have been rendered inaccurate by decades. In one giant leap, we have landed in a virtual reality facilitated almost exclusively by digital applications. Yet, communication is only one face of a broader shift catalysed by the recent pandemic. A 2020 McKinsey Global Survey of 900 C-level executives, reveals that companies have accelerated the digitization of their customer and supply-chain interactions and of their internal operations by three to four years. The proportion of digital or digitally-enabled products they offer has leaped forward seven years in a few months.

Much has been said elsewhere about the way in which Covid-19 has accelerated the digital transformation of commercial, industrial, and civic enterprises, but in our consulting work during 2020-21, one of the most striking aspects of this change has been its extension beyond digital. Companies have not only been upgrading their internal processes to digital or developing digital-centric products, they have been assertively integrating cyber and physical technologies to increase competitiveness and remove human dependencies from their value chains.

Recognizing the increased risk of future operations being slowed, interrupted or halted altogether by the outbreak of new viruses, businesses in sectors like manufacturing have brought forward plans for automation and cyber-management of their factories. For these clients, the cloud-based confluence of 5G, AI and Big Data is making autonomous operations a reality: production installations overseen by humans, but driven by digitally-enabled machines.

These examples are the realization of buzzwords like Fourth Industrial Revolution, Industry 4.0, and smart environments, visions of the future that all have one thing in common: cyber-physical systems. Cyber-physical systems represent the convergence of physical, digital, and biological spheres, and they will soon be ubiquitous in all areas of life.

Even before Covid-19 began its spread across the globe, the number of devices expected to be connected to the Internet of Things (IoT) by 2023 was 43 billion. Now, with businesses pivoting to create more cyber-physical products and digital services for an online-resident population, those numbers are probably gross underestimations.

It is because of this exponentially expanding Internet of Things that 5G has been such a controversial topic over the last few years, feeding geopolitical conflict, trade wars and relentless debates in the telecoms industry and beyond. 5G has not even been rolled out in most of the world and nations have already come to regard it as a critical infrastructure. Why? Because it will enable a massive Internet of Things (mIoT), because it is a structure that will unlock the unimaginable potential of cyber-physical reality.

5G will transform lives of many in the UK and across the world by facilitating the Internet of Things,” says the UK Government.

The Government of Canada agrees: “The 5G networks are expected to play a much broader role in our lives by enabling wireless connectivity of an unprecedented variety of devices for an unimaginable number of services and applications.

Australia states, “5G provides responsive digital technology required to support innovations such as robotics and the Internet of Things (IoT),” while the Government of the United States declares:

“5G is a fundamental shift in wireless infrastructure. More like the invention of the Gutenberg press than the move from 3G to 4G, it will move the world into the information age. Everything from automated cars and aircraft to advanced logistics and manufacturing to true AI enhanced network combat. Most communication on the network will move from mobile devices to machine to machine (M2M) traffic.”

These statements are less about 5G itself, and more about what it enables, and they echo the sentiments of almost all sectors of commerce and industry: the future is cyber-physical.

Despite distinct but parallel paths of evolution, humankind and technology have reached a time of unprecedented assimilation in which we and our tools are less and less distinguishable from each other. As with all unions, there are tremendous gains to be won, but there are also challenges.

The benefits of cyber-physical systems (CPS) extend far beyond sexy consumer products like self-parking cars and homes that change the lighting according to your tastes. Humankind faces numerous existential threats, and a global network of cyber-physical devices may hold some of the clues to overcoming these obstacles.

However, technology is no panacea. Humankind’s latest technological revolution has been breathtaking in its pace and impact, but it has not been matched by concomitant progress in society, ethics and neurobiology.

Humankind’s survival and future success do not rely on technology alone, but on its conscious, balanced, and secure incorporation into social, industrial and economic systems.

A term first coined in the Japanese government’s Fifth Science and Technology Basic Plan, “Society 5.0” envisages an amalgamation of cyber and physical spheres to deliver exponential synergy in society’s operations. It describes a time of greater prosperity for all, achieved through the liberation of cyber-physical intelligence to create a “super-smart” society. Social contracts will be rewritten, economic models will be redefined, new solutions to nagging societal problems will be achieved through strategic assimilation of robotics, AI, big data, 5G (and beyond), and as-yet-unseen emergent technologies.

For the purposes of this book, we have expanded the term “Society 5.0,” while retaining its essential spirit. We mean it to include the Fourth Industrial Revolution, Industry 4.0, the Internet of Things (IoT), the Internet of Everything (IoE), and the many alternative concepts that are regularly used to describe the connectivity-driven integration of technology and human daily life. These labels all describe specific systems or trends, while Society 5.0 is a broader term describing an integrated cyber-physical ecosystem, a “system of systems.”

There are already many interpretations of what such a future may look like, ranging from the cynical to the utopian. Our job in this book is not to contribute to that collective pool of imagination, but rather to illuminate some of the practical considerations often overlooked by “futurists” and “tech prophets.”

“Securing Society 5.0” addresses the largely unexamined threats of cyber-physical ubiquity. It begins with an exploration of the context and history of Society 5.0, including its anthropological roots and the multi-systems challenges that have called this vision into being. The book then examines the defining characteristics and assumptions of Society 5.0, as well as the major technologies that will influence its success. Part Four investigates the shifts we can expect to see in the nature of society itself as the boundaries between cyber and physical become increasingly blurred, before Part Five considers the hidden threats of a cyber-physical world, and what can be done to ameliorate them. The book concludes with an affirmation of the need for systemic evolution, as envisaged in Society 5.0, with directions for its safe delivery.

In writing this book, we hope to offer a sober view of technology’s potential to help humanity evolve in a healthy way while drawing attention to the blind spots that may drag us down. We stand on the threshold of a golden age, but one that will only be realized if we understand that what worked for us in the past may not work in the future. What kept us safe yesterday will not keep us safe tomorrow.

Only by appreciating this fact will we be able to access the full potential of humanity’s next evolutionary step.

A Comparison of 5G Core Network Architectures

5G Cloud Architecture

The 5G Core network is a Service Based Architecture. It evolves the traditional appliance based 4G Core Network to support services. It offers more agility and flexibility.

The major building blocks of this architecture include

  • Service-Based Interface: The Service Based Interfaces rely on HTTP/2
  • The 5G Network Functions: As explained by Ericssonis built using IT network principles and cloud native technology. In this new architecture each Network Function (NF) offers one or more services to other NFs via Application Programming Interfaces (API). Each Network Function (NF) is formed by a combination of small pieces of software code called as microservices.” The Network Functions are all “Virtual”.
  • Cloud Native Functionality: The 5G core is Cloud Native, i.e., it leverages microservices, containers, orchestration, CI/CD Pipelines, APIs, and service meshes etc.
  • Control & User Plane Separation (CUPS): This functionality is critical for 5G as it allows operators to separate the control plane that can sit in a centralized location and for the user plane to be placed closer to the application it is supporting.
  • Edge Computing: With CUPS (control and user plane separation) the data plane can be moved closer to Edge for lower latency requirements leading to Edge Computing.
  • Network Slicing: This functionality leverages virtualized functionality to logically connect different physical resources to support a specific service for different business needs.

This paper reviews the 5G Core Network architecture capabilities and current deployments of the major 5G vendors including:

5G MCN Vendor Share
Figure 1: MCN Vendor Share – 3Q19
  1. Ericsson
  2. Huawei
  3. Nokia
  4. ZTE
  5. Cisco

According to Dell’Oro, as of 2019, Ericsson and Huawei share the top two spots in MCN (Mobile Core Network) followed by ZTE and Nokia and then Cisco. This includes market share for both the legacy as well as the 5G Core that is triggered by 5G Standalone (SA) launces.

In 2020 Huawei and ZTE increased their dominance over Nokia and Ericsson as China aggressively launched 5G Standalone ahead of other countries. Overall Huawei is the leading Telecom Equipment vendor followed by Nokia and Ericsson.

Figure 2: Worldwide Telecom Equipment Revenue – 1Q20


The 5G core market is purported to grow at a whopping 72% CAGR to $9.5B by 2025. As per Dell’Oro this market is dominated by Ericsson, Huawei, Nokia with Samsung and ZTE as the challengers.  We review the 5G Core Network Architectures as proposed by different players divided into two categories:

  • Traditional Equipment Vendors: Nokia, Ericsson, Cisco, Huawei, ZTE
  • Disruptive Players: Samsung, Mavenir, Casa systems, Affirmed Networks.

Core Network Architecture Evolution from 4G to 5G

The Core Network Architecture evolution depends on the mobile operator choices. 3GPP has specified different options, shown in the following figure from GSMA. The options are grouped as SA (Standalone) vs NSA (non-Standalone). SA refers when only one radio access technology is used vs NSA refers to the option when both LTE and 5G radio access technologies are used simultaneously:

  • Option 1: The tradition enodeB (eNB) connected to an EPC
  • Option 2: 5G Standalone (SA): 5G NR nodeB (gNB) connected to the 5GC
  • Option 3: A non-Standalone (NSA) eNB is connected to a 4G Core, and gNB is connected to the enodeB – it comes in three variants: Option 3, 3a and 3x with different connectivity options between the gNB and eNB
  • Option 4: A non-Standalone (NSA) deployment, where both LTE and 5G NR radio access technologies are deployed and controlled through only 5GC. The eNB is routed to the 5GC via the gNB. Has options 4, 4a
  • Option 5: A standalone (SA) deployment; an evolved eNB connected to 5GC
  • Option 7: An NSA 5GNR nodeB (gNB) is the master, connected to the 5G Core and eNB as the slave
5G deployment options
Figure 3: 3GPP defined options for 5G deployment

The question arises on why migrate to a 5G core? The following reasons provide the rationale for the migration:

5G Core is Cloud Native

The 5G Core is being built with a cloud Native Architecture with microservices and that can be reused for supporting other Network Functions. The Cloud Native Architecture will be built on CI/CD pipelines. Such an architecture will speed up development and operational efficiency by deploying a DevOps approach

5G Core enables Network Slicing

Network slicing is enabled by the cloud native architecture. Multiple logical functions can be defined on the same physical architecture. It enables a mobile operator to support new services and business models for a variety of services like Massive IoT, Industrial IoT and Evolved Mobile Broadband. The 5G use cases enabled by a 5GC include augmented reality, factory automation, mission critical communications.

5G Core supports Edge Computing

The scenarios for Edge Computing including local breakout of traffic. As is explained in the reference, “the reduction in latency, increase in service reliability and traffic and services isolation will contribute to an overall enhancement in the end-user experience. The list of capabilities goes on, but here are a few others:

  • Service exposure and traffic steering functionalities provide additional tools for service differentiation
  • Enhanced QoS model; more flexible than in 4G will allow multiple services (QoS flows) per PDU Session
  • Security is improved with enhanced key handling and a unified authentication model
  • Service differentiation per geographical e.g., control access to FWA services or other localized services

5G Core Comparison

As a part of this paper we compare the support of the 5G vendors

Vendor Cloud Native Readiness Network Slices Readiness Edge Computing  4G to 5G Migration Customers
Ericsson Zero Touch, Cl/CD – KDDI 5G use cases Deployment Strategies Supports Migration KDDI Japan

127 Customers

Huawei Containerized Architecture Deterministic Networking 5G MEC Solution Supports Migration 90 Customers
Nokia Cloud Native Functionality 5G Network Slices Ready 5G Multiaccess Edge Universal Core 195 Customers
Samsung Cloud Native 5G Core United but Divided Samsung and IBM team up 5G SA Architecture Less than 10
ZTE Cloud Native 5G Core simplified Network Slicing Multiaccess Edge 5G Common Core 55 Customers
Cisco Cloud Native Packet Core 5G Network Slicing 5G Edge Computing Packet Core Only 40 Customers


In the following section we further discuss aspect of the of 5G Core network.

5G Core Network by Ericsson

Ericsson Dual-Mode Cloud Core Solution support EPC and 5GC functionality on a single platform.

Ericsson Dual-Mode Cloud Core Solution
Figure 4: Ericsson Dual-Mode Cloud Core Solution
Advantage of 5G Core and 5G NR SA
Figure 5: Advantage of 5G Core and 5G NR SA according to Ericsson

Major Customers who have launched Ericsson 5G Core

The following customers have launched an Ericsson 5G Core as of the writing of this article:

  • Rogers Canada
  • Singtel Singapore
  • China Mobile.
  • China Telecom.
  • BT network in the UK,
  • Telefónica Deutschland
  • SmarTone Hong Kong

Ericsson claims the world’s first in 5G Core and NR SA and as per GlobalData, is a leader in 5G Core. “The solution has gained significant market momentum, which currently includes 64+ 5G contracts, 33+ live Non-Standalone (NSA) deployments, and 100+ Standalone (SA) trials in the planning or execution stages.”

5G Core Network by Huawei

Huawei has highlighted the importance of 5G Deterministic Network to provide a differentiated and deterministic experience to customers. “Deterministic Networking” builds on Network Slicing and Mobile Edge Computing.

Huawei 5G Core with Deterministic Network
Figure 6: Huawei 5G Core with Deterministic Network

Huawei’s commercial 5G Core launches include

Huawei talks about 5G deterministic networking (5GDN) that enables5G use cases including 5GDN+smart devices, 5GDN+machine vision, 5GDN+AR man-machine collaboration, and 5GDN+AI+smart transportation/energy.

Huawei 5GDN Sample
Figure 7: Huawei 5GDN Sample

These use cases are possible because 5G DN SLAs guarantee reliability, service availability, etc. In the Industrial Internet with stricter requirements, IEEE and IETF have defined the TSN standards to study deterministic communication development in industrial automation, vehicle management, and other fields.

Huawei 5G DN SLAs
Figure 8: Huawei 5G DN SLAs

5G Core Network by Nokia

Nokia’s Core Network Architectural View also depicts the migration to 5G SA architecture

Nokia Universal Adaptive Core
Figure 9: Nokia Universal Adaptive Core

Nokia 5G Commercial Launches / Deals include

As Nokia explains, “5G is not just a technology upgrade. To unleash its potential requires a rethink of how the network is designed and managed” and “Nokia Universal Adaptive Core is:

  • Done right: it is cloud-native and infrastructure-agnostic by design. Deploy it on any cloud – private or public, centralized or distributed, with an optimized performance footprint for any deployment model.
  • Done now: it simplifies the complexity with the latest technology to boost the top line and lower costs. Open and programmable, it creates an innovation engine for a strategic business advantage – today.
  • Made real: it meets stringent reliability & quality requirements, because it is created and delivered by Nokia with its broad portfolio and global experience, including hundreds of core deployments (Cloud Packet Core, VoLTE, SDM, Policy, Charging, Signaling, etc.)
Nokia Universal Adaptive Core
Figure 10: Nokia Universal Adaptive Core

5G Core from ZTE

ZTE has been aggressively testing 5G SA with Orange, launched with 5G SA MTN Uganda. ZTE has a 5G E2E Slicing architecture and has been working Industrial Automation Opportunities with 5G technology.

ZTE 5G E2E Slicing
Figure 11: ZTE 5G E2E Slicing

ZTE has rolled out 5G SA core for China Mobile. Three China Mobile Operators will rollout 1M+ gNBs in 2021.

ZTE offers a vision of what a successful 5G Core deployment looks like in this graphic that includes connected house, connected things, connected city, connected people, connected health, connected transportation:

ZTE 5G core vision
Figure 12: ZTE 5G core vision

At Mobile World Congress in 2019,  ZTE presented the “Enhanced 5G Core, Enabling 2B New Business”.

ZTE Common Core
Figure 13: ZTE Common Core

Cisco 5G Core

Cisco has a presence in the 4G packet core with its acquisition of Starent in 2009. It continues to build on that acquisition for piece of the 5G Core business. Cisco has a very strong IP networking and security portfolio that it adds on to its existing offering to position itself as a key 5G security player. The following figure talks about the 5G Core Cloud Native Core with Network Slicing, and Mobile Edge Computing  and the importance of an end-to-end security layer for a 5G Network. The security aspects covered include:

  • the connectivity layer,
  • DNS protection layer,
  • Application security,
  • NGFW and DDoS protection,
  • segmentation and isolation
  • malware protection
Cisco 5G Core
Figure 14: Cisco 5G Core

Cisco 5G Core Customers

Disruptive Players

As per GlobalData [Link updated Feb 2022] the disruptors in the mobile core space are Affirmed Unity Cloud (acquired by Microsoft), Samsung 5G Core, Casa Systems Axyom 5G Core and Mavenir 5G Core. A quick overview as per GlobalData:

GlobalData 5G Mobile Core Disruptors
Figure 15: GlobalData 5G Mobile Core Disruptors

Affirmed Unity Cloud

Affirmed Unity Cloud is being deployed by: Inventec, CHT, AT&T, DNA, Milicom and Netmore, showing early customer momentum. Microsoft’s acquisition can be positive from a funding perspective but could dilute its laser focus on mobile core solutions. Affirmed, as part of Microsoft’s Cloud business unit, may be challenged to maintain a cloud-neutral stance regarding third party clouds.

5G Core by Samsung

Samsung has demonstrated market momentum and operational experience – via penetration in Korean telco operators deploying early 5G standalone (SA) networks. Samsung is well positioned in O-RAN to deliver end-to-end solutions, based on open RAN standards. Samsung’s open-source PaaS plus its Samsung Cloud Orchestrator (SCO) provides an effective automation platform. Samsung’s limitations include limited marketing presence outside of the Korean telco market. It may take some time to transition from trials to significant deployments. Samsung has a whitepaper on the 5G Cloud Native Core on a 5G Migration Strategy.

5G Core by Samsung
Figure 16: 5G Core by Samsung

The white paper also reviews the 4G to 5G migration options.

Samsung 5G Core - 4G to 5G migration options
Figure 17: Samsung 5G Core – 4G to 5G migration options

Samsung whitepaper lays out the evolution path towards 5G NSA + SA + WiFi in the years to come.

Samsung 5G Core - Evolution path towards 5G NSA + SA + WiFi
Figure 18: Samsung 5G Core – Evolution path towards 5G NSA + SA + WiFi

Samsung’s Cloud Native 5G Core is planned for Korea Telecom and being trialed in Czech Republic with Deutsch Telecom.

Mavenir 5G Core

Mavenir strengths include that it is integrated with ONAP and ETSI based MANO solutions which appeals to operators for management and orchestration. Mavenir is highly visible in the Open RAN Policy Coalition to bring open and interoperable solutions to the RAN and has established engagements with operators such as Dish Networks and Vodafone IDea, providing it with a basis to deploy its 5GC and ORAN solutions. Mavenir utilizes cloud-native technologies to interwork with legacy protocols. Mavenir’s limitation is that it has not named operators who are using its 5G core in trials or commercial deployments.

From a LightReading articleMavenir has enjoyed significant mobile core network wins in Europe, India and Japan. Top operators, including Turkcell, Telefónica and Deutsche Telekom, alongside upstarts like Rakuten Mobile in Japan and Dish Network in the US, have purchased the company’s offerings”.

Casa 5G Core

Casa has not publicly announced 5G engagements with service providers, It notes engagement PoCs and trials.

Gartner’s Magic Quadrant for 5G Infrastructure Providers

Gartner recently updated its magic quadrant for 5G Vendors that shows the competitive landscape end-to-end. The capabilities of the 5G infrastructure include:

  • Radio access network equipment, radio units (RU), base band units (BBU) for 5G new radio and 4G LTE:
  • Passive antennas, RU, AAU, vBBU, BBU, DU, CU, vDU, vCU, small cell

Core network equipment, including 5G next-generation core and evolved packet core (EPC):

Gartner Magic Quadrant for 5G Infrastructure Providers
Figure 19: Gartner Magic Quadrant for 5G Infrastructure Providers


This paper compares the major 5G Core Network vendors, the features and their customers. The paper describers the leaders including Huawei, Ericsson followed by Nokia, ZTE and Cisco. Then we compare some of the disruptors on the 5G Core Network including Affirmed, Mavenir etc.

In 2021 there will a major move towards 5G SA to realize the special 5G use case that possible with a legacy 4G core which will cause an increase in investment. These vendors are poised to be the winners in this race.

Open RAN May Be the Future of 5G, but Can We Keep It Secure?

Open RAN Security

It’s been a year of contradictions for the telecommunications industry.

Like most sectors, it has been heavily impacted by the consequences of the Covid-19 pandemic, with a slowdown in global 5G roll-outs being a notable result. Geopolitical conflicts have continued to muddy the market, with governments playing a more active role than ever in setting telecoms-centred policy.

At the same time, however, the air is thick with promise and opportunity. Over the last nine months, entire organizations have transitioned to remote working and high-bandwidth video communication. Corporations have accelerated digital transformation initiatives. Online shopping has soared. The appetite for autonomous manufacturing and other aspects of Industry 4.0 has grown.

The telecoms industry has proven resilient and cemented its status as critical national infrastructure. This recognition has raised the already-elevated stakes for governments who see mobile networks as key to national security. And it has made even more urgent the debate about the fastest and safest way to evolve the telecoms ecosystem.

Over the last few years, much of the focus has been on the emergence of 5G, but as this process has evolved a fierce debate has developed around the best way for network operators to implement 5G while remaining sustainable and relevant in a rapidly shifting landscape. Open RAN has been central to these disputes, receiving massive attention from vendors, operators, and policymakers.

This is understandable, the potential benefits of open radio access networks certainly are alluring. But, as with 5G itself, the security of open RAN configurations will need to be considered carefully if we are to harness the technology’s full potential.

Virtual or open?

Virtualized radio access networks (vRAN) and open RAN are both hot topics in the mobile industry for different, but complementary, reasons. Though the two approaches often work in unison, they serve different purposes.

vRAN has its origins in network functions virtualization (NFV) which shifts network architecture from hardware-based to software-based. Similarly, in virtualized radio access networks software is decoupled from hardware and radio access network functions are run on commercial off-the-shelf (COTS) servers.

In both cases, service providers are principally trying to save time and money, firstly by speeding up the deployment of new network services, and secondly by reducing operating costs and capital expenses.

Though vRAN offers rewards in greater efficiency and lower costs, it does not necessarily alter the current infrastructure supply chain. Almost all existing vendors are working on virtualizing their existing products.

Open RAN, on the other hand, represents a dramatic departure from a restricted vendor base. Advocates maintain that it offers telcos a cost-cutting alternative to traditional management of the radio access network, one of the costliest parts of the infrastructure.

Conventional network interfaces do not support interoperability between different suppliers, with the result that operators are locked into closed arrangements with single vendors. Proprietary hardware and software are tightly coupled and closed to adaptation.

Open RAN sees a relaxation of these restrictions. Though such networks generally include virtualization, they are defined by their goal of opening up interfaces within and between the different elements in the radio access network: radio unit (RU), distributed unit (DU), and centralized unit (CU).

An example of the challenges that open RAN is trying to solve can be found in the interface linking radios and signal-processing equipment. Open RAN proponents regard this fronthaul interface, known as CPRI (common public radio interface), as incomplete. Currently, the only way for an operator to deal with this issue is to buy radios and signal-processing technology from the same vendor, usually one of the monolithic RAN suppliers.

In a more open system built on interoperability, that service provider would not be restricted in their choice of hardware or software supplier. They would have greater freedom in how they resolved technical concerns, being able to use one supplier’s radios with another’s processors.

The O-RAN Alliance, a specification group defining next-generation RAN infrastructures, has defined 11 interfaces for open RAN, covering the fronthaul (RU to DU), the midhaul (DU to CU), and the backhaul (connecting the RAN to the core).

These give operators the freedom to mix and match components from a growing number of suppliers, thereby inviting more diversity, competition and innovation into the supply chain.

Why open RAN?

In short, open RAN should offer telcos a more cost-effective and adaptable solution than traditional radio access networks. That’s the commercial reason. However, as trade wars have dragged on and the US-led campaign against Huawei and ZTE has gained momentum, open RAN has taken on political importance.

In the US, for example, it has been identified as a way to circumvent the need for Chinese network hardware, ostensibly eliminating much-publicized backdoor threats. However, a move to open RAN would also buy freedom from reliance on other international suppliers, notably Finnish Nokia and Swedish Ericsson. It is here that political and commercial motives meet.

Conventional radio access network arrangements see operators locked into agreements with a few big vendors who maintain ownership of RAN processes through proprietary equipment and services. It’s what’s been called an “oligopolistic vendor landscape” in which operators have little control, limited insight into RAN security and operations, and a paucity of choice.

While this has always been frustrating for telcos, the crises of the last year have laid bare the risks of persisting with a closed supply chain. Disruptions caused by Covid-19 have exposed a clear need to build supply chain resilience and security through greater supplier diversity. And, in trying times, it has become especially clear how much innovation is limited by restrictions on the telecoms supply chain.

These points underlie a growing wave of open RAN advocacy that envisages a brave new world of greater RAN efficiency, intelligence and versatility. According to the O-RAN Alliance, the radio access networks industry is moving towards “open, intelligent, virtualized and fully interoperable RAN.”

Industry groups like the O-RAN Alliance, the Facebook-initiated Telecom Infra Project (TIP), and the recently-formed Open RAN Policy Coalition are supported by a broad spectrum of stakeholders, including major vendors like Nokia and Ericsson. This appears to spell an acceleration in open RAN adoption.

ABI Research estimates that open RAN will outstrip traditional RAN within the decade, reaching a total market of approximately $30 billion in 2030, compared to $20 billion in the traditional RAN market.

These are not wild projections. Instead, they seem predicated on an already high level of open RAN activity. In Japan, Rakuten Mobile has launched open RAN-based 4G commercial services in urban areas and is currently building its 5G network to O-RAN specifications. Another greenfield operator, DISH, is preparing a significant open RAN network build in the US.

Meanwhile, suggestions that open RAN is only fit for new developments are being put to the test by a growing number of established operators. Telefónica, Deutsche Telekom, Vodafone, Orange, and Turkcell are all working on open RAN deployments.

There are a number of anticipated benefits driving these shifts.

The most obvious is that open RAN widens the supply chain, which is music to free market ears. More suppliers mean more competition at different layers in the hardware and software supply chains, translating into lower OpEx and CapEx for telecom operators.

Interoperability means telcos can ensure that they are making use of best-of-breed components with a reduced chance of vendor lock-in. This flexibility also ensures more progressive network updates and faster ecosystem evolution.

Virtualization and disaggregating hardware from software create a more agile network with lower deployment times and a better ability to scale at pace. New features can be added more quickly for specific use cases, while operators can provide enterprise-level services to support industry 4.0.

Open vRAN also permits edge-centric network architecture. The only site installation setup required is a radio plus power which, when coupled with mini data centres built closer to subscribers, translates into a flexible and scalable footprint that can support low latency applications – just one example of the potency of connection between open RAN and 5G.

Open RAN and 5G

Virtualized RAN may prove critical if 5G networks are to realize their projected performance standards. Cloud-based network functions will not be sufficient – all aspects of the 5G architecture will need to be virtualized in order to fully access 5G’s potential.

In vRAN, functions of the baseband unit (BBU) are enabled virtually through virtual machines (VMs) on centralized servers, while controller functions can be moved closer to the edge of the network. With these expanded options, operators can exercise greater (and more cost-efficient) control over their radio resources.

By separating network functions from the underlying hardware, vRAN enables an agile and dynamic RAN ecosystem characterized by streamlined resource utilization and more responsive deployment of new network services. This will be crucial to the operation of a smooth 5G network.

The O-RAN Alliance paints the picture of a RAN ecosystem based on interoperability and intelligence. It is the second principle, intelligence, that is especially pertinent to 5G networks, which will traffic massive amounts of data created by the internet of things (IoT), high-definition video, AR and VR.

5G will also see the deployment and management of countless virtual applications and their relationships. This will be beyond human capacities; the network will need to be intelligent. Though this kind of intelligence may be satisfied through virtualized networks, it is possibly through the accelerated innovation of open radio access networks that the 5G network will be able to evolve fastest.

For operators deploying 5G on legacy networks, open RAN is a burning question. As shown by Rakuten and DISH, the decision is relatively simple for greenfield deployments – open RAN supports a future-ready, scalable and upgradable software-driven network.

But for brownfield deployments, the considerations are more complex. Should open RAN only be initiated for 5G networks, or across all legacy Gs? What will be the long term impacts on CapEx and OpEx, as well as the operator’s total cost of operation? For many service providers the commitment to 5G may provide an incentive to consider open RAN across all network generations.


Though cost is the primary driver of the open RAN proposition, the debate has also rested on security. And rightly so. With such a strong potential for alignment between 5G and open RAN, the security of more open radio access networks is critical to national security.

This argument has featured strongly in political rhetoric and statements from pro-open RAN organisations. In the US, filings to the National Telecommunications and Information Administration (NTIA) by the Open RAN Policy Coalition and open RAN vendor, Mavenir, have suggested that open RAN is imperative to securing 5G.

Skeptics say such players are motivated by the enormous commercial opportunities that would become available in the widespread adoption of open radio access networks. But the security argument is a strong one.

In closed RAN, operators rely on vendors to maintain security and manage threats like back doors. The ability to respond to these threats is also determined by the efficacy of the vendor’s proprietary technology. The inflexibility of the supply chain limits telcos’ level of RAN insight and responsiveness.

Theoretically, the vendor diversity of a more open RAN could create the conditions for more responsive and dynamic network security. If threats or vulnerabilities are identified, the operator can move quickly to swap out the offending component without having to undertake a costly and extensive rip and replace, of the kind currently being applied to Huawei hardware in the US.

Ericsson has publicly questioned this line of thinking, arguing that “The introduction of new and additional touch points in O-RAN architecture, along with the decoupling of hardware and software, has the potential to expand the threat and attack surface of the network in numerous ways.” The vendor also maintains that the virtualization of network services could contribute to security challenges.

These claims have been rejected by CTOs for Rakuten and Telefónica, for example, who’ve reiterated the belief that open, non-proprietary networks will provide greater network security options. From the operators’ point of view, having 100% end-to-end visibility of the network is advantageous in monitoring security and pre-empting breaches.


Ironically, the greater freedom that defines open RAN could offer a route to tighter operator control, improved accountability and stronger security. The success of this approach will rest on strong standards supported by rigorous 3rd party testing – having the option to swap or upgrade components from multiple vendors is useless if those components aren’t safe.

However, as with 5G, the reality of an expanded attack surface in open RAN is a real concern. Operators appear confident that they will be able to take this challenge on, but their bullish mood remains to be tested.

The spirit of the open RAN movement is a positive one that should lead to a more democratized, innovative, lower cost and, hopefully, safer 5G-driven ecosystem. But the stakes are high and the path is new. We need to balance pioneering zeal with healthy caution if we are to create secure networks that will usher in a new age of global connectivity.

Cybersecurity and Safety in the 5G-Enabled Smart-Everything World

5G Cybersecurity Safety
5G Cybersecurity Safety

Neil Harbisson calls himself a cyborg. Without the antenna implanted in his skull, he would not be able to see colour of any kind. Born with achromatopsia, a condition of total colourblindness that affects 1 in every 30 000 people, Harbisson’s physical faculties are augmented by cyber technology to grant him access to a life of greater meaning and satisfaction.

As technological evolution leads to concomitant advances in medical science, we are seeing more and more examples of humans who are integrating devices and sensors into their biological makeup. For some, like those part of the growing “transhumanist” movement, this is a means of artistic expression or exploration of human potential. For others, it is a solution to a medical problem. Either way, it represents the most vivid and personal example of what may be called a cyber-physical system (CPS).

Harbisson campaigns for greater debate around the identity and rights of people with tech-adapted bodies. As in any discussion of CPSs, however, a more urgent part of the conversation should be security.

In March 2019, an alert from the US Department of Homeland Security and the FDA warned medical professionals and patients that a broad range of implanted devices, such as defibrillators and heart monitors, were vulnerable to hacking that could cause product malfunction.

White-hackers had proven these concerns before, but the DHS announcement was chilling confirmation of the threats to human life that accompany the convergence of the cyber and the physical.

Of course, these dangers are not only seen at the level of the private individual. Greater, more widespread risk is found in the cyber-physical systems that will soon be ubiquitous, crucial to the successful operation of industry and society. Adoption of these networks is being driven by access to the internet of things (IoT) or, more accurately in cases of biological integration, the internet of everything (IoE), and is about to be accelerated with the rollout of 5G. Unfortunately, however, so are the risks.

What Is A Cyber-Physical System (CPS)?

CPS is a broad, umbrella term for technologies that connect our physical world with the cyber world. It describes situations in which we find a fundamental intersection of computation, communications and physical processes without suggesting any particular implementation or application.

In addition to IoT, the cyber-physical systems term also includes Industrial Control Systems (ICS) – those setups that manage large-scale civil and industrial operations such as smart factories, water supply and power production and distribution, as well as technologies such as the Industrial Internet of Things (IIoT), robotics, drones, connected and autonomous transportation, building management systems, connected environmental controls and a myriad of other things. In essence, these are software-enabled collections of sensors, processors, and control components that automate entire, or large parts of, human operations. And they are already all around us.

Definitions of CPSs vary and many are excellent, but one that is particularly relevant to the topic is a definition I coined for the Cyber-Physical Systems Security Institute (CPSSI) in 1998: “Cyber-physical systems are physical or biological systems with an embedded computational core in which a cyber attack could adversely affect physical space, potentially impacting well-being, lives or the environment.” This definition goes beyond a technical assessment of a system’s makeup to recognize its potential impact on the world around that system. It identifies the inherent threat of cyber attacks and the dangers they inevitably pose to human life.

What Could Go Wrong?

The common appreciation of threats innate to cyber-physical systems is evolving more slowly than the technology within those systems, and more slowly than the thinking of those who wish to use this technology to cause harm.

The installed base of Internet of Things (IoT) connected devices currently stands around 30 billion, but is expected to grow to 75.44 billion worldwide by 2025, generating 79.4 zettabytes of data, according to IDC (That’s almost four times the amount of data that’s been created in history).

The use of these devices in our personal lives – everything from smart phones to smart appliances in smart homes – is already taken for granted in developed nations. Though private individuals are becoming savvier about their exposure to uninvited surveillance through these devices, most concerns are still centered around privacy and data security. Few people consider the possibility of technological tools and their components being captured for employment against them in tactile ways.

The case of vulnerable heart equipment shared earlier offers one example of how a cyber-physical attack could be lethal to individuals. Hackers have already proved that it is possible to hijack a moving vehicle remotely, raising obvious safety concerns for the driver, but also fellow drivers on the road. Now, imagine that same concern extrapolated across a network of self-driving vehicles all travelling at high speed –a scenario which, as we’ll see shortly, becomes a reality with the introduction of 5G.

This growing number of devices and their management applications connected to the IoT represents an exponentially expanding “attack surface” available to hackers and cyber-terrorists.

Unfortunately, regulations governing security of these devices and applications are underdeveloped, non-uniform and difficult to enforce across borders,an especially pertinent issue when equipment components are produced in one region, assembled in another and then sold in a third or more.The absence of these regulatory protocols leaves a huge gap as the vast majority of IoT devices are delivered without baked-in security. Even when companies do aim to make their products secure, these endeavours are usually hampered by a lack of expertise and constant pressure to be first-to-market.

This all translates into a perfect storm of cyber-physical threats in the private and social spheres, but greater dangers extend to a national, even international, level where the scale of impact is highest.

Nation-state attacks against cyber-physical systems are becoming routine. The Stuxnet malware incursion used to disrupt uranium enrichment in the Iranian plant at Natanz in 2010 saw the birth of cyber-kinetic weaponry. Since then, similar attacks have been numerous, with targets including military, civil and industrial operations.

In 2013, hackers thought to be working for a nation-state gained control of a small dam in the US, giving them the power to release water onto the communities below (had the sluice gates not been manually disabled).

The Dragonfly/Crouching Yeti espionage campaigns, thought to have taken place from 2011 to 2014, were attacks on targets in the aviation and defense industries in the US and Canada, as well as various energy industry targets in the US, Spain, France, Italy, Germany, Turkey and Poland. Similar tactics could be seen in the Ukraine in 2015, with the BlackEnergy malware causing significant power outages.

In 2017, the US electricity grid was attacked, emphasizing what experts have known for decades: critical systems such as national energy are constantly vulnerable to breach, with potentially devastating consequences for hospitals and clinics, industry, transport and civil supply services.

The Center for Strategic and International Studies (CSIS) regularly updates its list of significant cyber incidents, with a focus on cyber attacks on government agencies, defense and high-tech companies, or economic crimes with losses of more than a million dollars. More than 20 such major events have been recorded in the last two months alone, with most of those attacks having an impact on cyber-physical systems. Until 2017, I used to track cyber-kinetic incidents – those that have caused impacts in the real, physical world. I stopped because the number of such attacks increased beyond my capacity to track.

The attack surface is growing. We are already seeing a post-COVID-19 drive toward greater automation of manufacturing operations and supply chains as businesses try to mitigate the risk of reliance on human labour. These developments rely on the creation of CPSs that require increasingly sophisticated cybersecurity.

Most of these CPSs are built with 5G in mind. This budding technology is set to revolutionize industry and society, facilitating the establishment of highly integrated and largely autonomous production and distribution systems. But 5G is a two-sided coin. With its tremendous potential comes tremendous risk.

When Cyber Becomes Physical: Securing the 5G Bridge

5G has been discussed extensively in almost every industry. It is in its infancy, already showing impressive results, but yet to see widespread availability. It is set to redefine the possibilities of CPSs as well as the security requirements of those systems. But the questions linking 5G and CPSs go back some time.

On one side of the coin, the concerns. As far back as 2012, US Defense Secretary Leon Panetta warned the Business Executives for National Security of the dangers of attacks on national systems: “The most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at one time, in combination with a physical attack on our country. Attackers could also seek to disable or degrade critical military systems and communication networks. The collective result of these kinds of attacks could be a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life. In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability.”

The term “cyber Pearl Harbor” was originally credited to Richard A. Clarke, former US national coordinator for counterterrorism, in 2002. But it was even further back that another Clarke clearly saw the other side of the 5G coin: cyber-physical systems that could transcend time and space.

In 1968, Stanley Kubrick invited writer Arthur C. Clarke to collaborate in the creation of the groundbreaking epic, 2001: A Space Odyssey. The film launched Clarke to the status of pop culture icon and indisputable futurist, though his uniquely prescient abilities were already well-established by then.

Of the many predictions Clarke made in his career, perhaps the most well-known was this one from 1964, in which the author declares: “I’m perfectly serious when I suggest that one day we may have brain surgeons in Edinburgh operating on patients in New Zealand.

As it turned out, the surgeon and the patient were both in China. The world’s first remote brain surgery was performed last year by Dr. Ling Zhipei, who conducted the operation by manipulating instruments in Beijing from his location in Sanya City, 3000 kilometers away.

Though this historic event had been expected for some time, the fact that Clarke predicted it more than 55 years ago is astonishing. What’s even more impressive, though, is the detail of the writer’s foresight. Not only did he see remote surgery coming, but he also saw the complications that would hamper its success. In his 1975 novel, Imperial Earth, Clarke addresses the problem of an even slightly laggy network: “‘Hawaii’s almost exactly on the other side of the world–which means you have to work through two comsats in series. During tele-surgery, that extra time delay can be critical.’ So even on Earth, thought Duncan, the slowness of radio waves can be a problem. A half-second lag would not matter in conversation; but between a surgeon’s hand and eye, it might be fatal.

Though he wouldn’t have known it then, what the writer had identified was one of the key distinctions between 4G and 5G networks.

To take nothing away from Dr Zhipei’s skills as a surgeon, his pioneering achievement would not have been possible without the computer, powered by a 5G network. 5G eliminates the lag and remote-control delay typical on 4G networks. But, that is not simply because it is an upgraded version of 4G. 5G is something entirely new. It is a momentous leap in potential. It has made science fiction science fact.

Though many rub their hands in glee at the prospect of super-fast movie downloads and instantly responsive gaming, the most notable impact of this technology will be through the CPSs it facilitates. It is there that we will see technology finally having the enduring societal impact it has promised for so long. But the halcyon image of humans living carefree in a hyper-connected world is also misguided.

When systems are cyber-kinetic, high speed, high efficiency, AI-driven decision making and systems autonomy are great when things are running well. But when they aren’t, people can get hurt. Or worse.

A New Age of Cyber…

Another soothsayer of sci-fi is William Gibson, venerated author of Neuromancer, coiner of the term, “cyberspace” and regarded by many as a prophet of the digital age. In a recent Financial Times interview, Gibson states, “The online/offline distinction is going to be fully generational soon. Only old people will think of being on or off.

The digital mystic is expressing a recurring theme that underpins the evangelical spirit of Neil Harbisson and other proponents of the Singularity–human and machine are moving closer and closer to becoming one. Though we are not yet at the stage of full cyber-bio assimilation, the functional integration of technology into our daily lives is already widely apparent through the IoT.

Thanks to consistently cheaper computer chips and the ubiquity of wireless networks, the IoT is expanding unabated. In a 5G world, the IoT will grow exponentially to a massive internet of things (mIoT) that includes sub-domains such as the industrial internet of things (IIoT) and critical internet of things (cIoT). The connection capacity of 5G networks will be breathtaking. For the first time, smart cities will be genuinely possible: all aspects of our lives – personal, professional, social – connected in a continuous stream of data creation and interpretation.

Our homes will be “intuitively” responsive to our every whim and taste, our offices will maximize energy efficiency and convenience, our social services will be preemptive and evolutionary.

Fleets of autonomous vehicles directed by self-managed and self-optimizing traffic control systems, public surveillance interfaces capable of refined facial recognition, civil management operations ensuring that water, energy and waste processes run increasingly smoothly – these are the anticipated fruits of a 5G world.

There are a couple of reasons for this. First, 5G is fast. Lightning fast. Its theoretical top speed (20 Gbps) is up to 200 times faster than 4G. 5G’s speed is what makes it possible to download Ultra HD movies in a matter of seconds.

Second, 5G operates with unbelievably low latency (the time it takes for a system to receive a response to a request). The average human reaction time to a stimulus is 250 milliseconds (ms). Most humans perceive 100ms as instantaneous. 5G’s reaction time is between 1 and 2ms. 5G’s super-low latency is what makes real-time instant gaming, remote surgery and driverless cars a reality.

5G is able to produce these sensational results because it is not like anything that has come before. Though the term “5G” is an abbreviation of “5th Generation,” this nomenclature is deceiving. It suggests that 5G is simply an advanced form of 4G, just as 4G was a step up from 3G.

This is not the case.

Unlike previous generations, 5G is not a physical network. It is an all-software cloud-based configuration operated through distributed digital routers. It is a decentralized system that optimizes processing speed and power by relocating operations to the fringe.

Resting in the digital ether, built on software and managed largely by AI, 5G represents the first widespread transcendence of physical computing and communication. Perhaps ironically, then, it is in the physical realm where 5G’s greatest dangers lie. Though the technology itself is agnostic, it does invite us to marry our physical lives with the cyber realm, and for all the promises in that union, there are many threats too.

…Needs A New Age of Security

There is little doubt that cyber-physical technologies are encroaching into every aspect of our lives and are evolving toward higher degrees of autonomy and adaptability.

With the explosion of CPSs connected through the upcoming 5G with its distributed structure, incredible speed and negligible latency, the reality is starting not only to match, but to exceed the expectations of science fiction writers and futurists of past generations.

But there is an inherent trade-off in this equation. In return for greater convenience we are increasingly losing the control over the related cyber risks.

Unlike 3G and 4G networks, which are more centralized, 5G’s edge computing decentralizes processing, moving it away from the “core” of the network to the data source. This is partly what makes 5G’s sub-second latency possible, but it also restricts cyber hygiene and makes the network harder to police. With thousands, or millions of devices on the “edge” of any organization’s network, all making decisions at different levels of the network, all potentially serving as attack vectors for the whole organization, cybersecurity approaches of the past are becoming obsolete.

With cyber risks transcending the traditional concerns of financial and reputational impact and becoming the risks to lives, well-being or the environment, traditional cybersecurity and cyber-risk management approaches and organizational structures must be rethought.

Consumers have already proven their appetite for IoT devices. 5G will enable them to access more at lower cost. Manufacturers will continue to meet this expansive need, until we have exponential demand curves meeting exponential supply curves. Billions of devices with multiple application types–the attack vectors become limitless.

As discussed, the security of these devices is unregulated, inconsistent and unreliable. Products developed with short-term profit focus are being designed as iterative models, always released as a minimum commercially viable product. They have no defense against cyber attacks. Protection is almost impossible.

Hackers will always find a way, and with billions of entry points into the 5G network, that could spell catastrophe. We simply can’t learn fast enough. As William Gibson suggests, there will be a never-ending process of adoption and adaptation as the “street finds its own uses for things.”

The outcomes are frightening enough when one thinks of cyber attackers infiltrating our private networks, but what about the broader implications spelled out in Panetta’s speech?

When hackers or cyber terrorists manage to compromise the systems that keep a smart city, or smart factory, or smart port, or a country functioning, the consequences are large scale and a threat to physical life. When water supply, power supply, traffic management, waste removal or connectivity are disrupted, humans suffer.

Defending ourselves against these possibilities is not a negative stance, nor is it a dampener on human progress, as some idealists would have us believe. The security of cyber-physical systems and the 5G that connects them is possibly one of the most urgent responsibilities we face in the coming decade.

A failure to enlist governments, regulators, private enterprises and consumers in a coordinated approach to the cyber-secure implementation of the smart-everything world could be devastating. Not even Arthur C. Clarke could predict the results.

(This article was originally published in ThinkTwenty20 magazine)

Smart Home / Smart Building Connectivity Options and Their Cybersecurity

Smart Home Wireless Connectivity

In a recent session on smart building cybersecurity, a student cheekily asked me “How did we ever connect anything before 5G?” At that moment I realized I might have been overdoing my 5G cheerleading recently. To atone, here are the key performance and cybersecurity attributes of the most commonly used connectivity technologies in smart home / smart building use cases… And 5G.

If you thought that the “traditional” home life is under heavy attack from digitization of media and constant communication, wait until you learn about the Internet of Things (IoT) and Smart Homes.

Our most personal spaces – our homes – are rapidly getting digitized and connected. Hundreds of IoT devices – sensors, actuators, smart speakers, smart toothbrushes, and smart everything are being implemented in every home. All trying to create an environment that caters to our every whim, predicts our needs, personalizes our physical space, monitors our health, conserves energy, etc. In doing so all constantly communicating with each other, with our mobile phones, and with a myriad of solutions located somewhere in “clouds”. All creating new cybersecurity and privacy risks.

Indeed, the most representative indicator of technology impact on daily life is the development of wireless communications as the enabler for all these transformations. After the emergence of radio and TV, it was the appearance of the 1st generation of cellular communications technology in 1980s that introduced analog mobile voice communication service and accelerated the transformation. In the next decade 2G offered digital communications and paved the way to the 3G—cellular technology from the beginning of the 21st century that provided IP support and wireless broadcast transmissions. Today the most widespread cellular technology is 4G (as the first all IP cellular technology) and the world is briskly preparing for deployment of its successor—5G.

Simultaneously with the development of cellular technologies, other wireless technologies shaped the market and enabled simple, ubiquitous, device-to-device communication at short ranges. In this article we’ll explore wireless connectivity options for smart homes / smart buildings and introduce main cybersecurity attributes of each.

Wireless technologies and smart home – smart building products

Even though IoT solutions are becoming an indispensable part of everyday life, just 0.06% of the things with Internet connection potential are online at the moment. This unexplored landscape represents foundations for further evolution and innovation of IoT solutions and new services.

Smart home is the most popular IoT use case currently. Smart homes popularity is probably driven by the fastest growing age group of new homeowners – the Millennials. Having grown up with technology, they often find it more important than other traditional new home features. Millennials are more attracted by smart homes and smart buildings solutions, having confidence in technology, supporting its further innovation and development, and having knowledge to widely accepted new services.

Amazon, Google, Apple, Samsung are the most dominant companies in the smart home market, offering all kinds of products, from smart thermostats to smart lighting devices. The rise of energy or other utilities production and distribution costs, decreasing cost of technologies and massive production, ongoing government policies, campaigns for energy consumption savings, increasing awareness of the carbon footprint consequences for the environment are great motivation for increasing popularity of smart home devices.

Smart lighting systems, like Hue from Philips, can detect presence of people and adjust lighting as needed. Smart light bulbs are supported with auto-regulation based on sunlight intensity.

Nest from Nest Labs Inc. is a representative example of a smart thermostat. It comes with embedded Wi-Fi, allowing users to schedule, monitor and remotely control home temperature. Smart thermostats can also report about energy consumption or remind users about maintenance issues, filters changes, etc.

Smart locks are perfect support for users to allow or deny access to their premises. With smart security cameras, real time home monitoring becomes available 24 hours a day.  Smart motion sensors, supported with many features and setting options, can also make a difference between residents, visitors, pets and unauthorized visitors. They can notify authorities about suspicious activities and activate day or night cameras for recording or even provide monitoring that can help seniors to remain at home comfortably. These safety features are extendable even to pet care.

Smart homes also include use cases such as smart TVs, smart washing machines and dryers in the laundry rooms or different kitchen appliances like smart coffee makers, smart toasters, smart refrigerators that monitor expiration dates, make shopping lists and even create recipes based on currently available ingredients.

One of the most important devices in smart homes is a smart home hub. It represents the central point of the smart home system capable for wireless communications and data processing.  It combines all separate applications into a single comprehensive application capable of controlling the smart home.  Some available smart home hub solutions are Amazon Echo, Google Home, Insteon Hub Pro, Samsung SmartThings, Wink Hub, etc. Artificial intelligence (AI) technology is implemented in smart homes as well, such as in voice-activated systems like Amazon Echo or Google Home that are illustrated in Figure 4.

Smart home hub with embedded AI - Amazon Echo and Google
Figure 1: Smart home hub with embedded AI – Amazon Echo and Google

They have embedded virtual assistants capable of learning users’ behavior and personalizing the smart home patterns and context.

Generally, IoT solutions apply to smart buildings as a next logical step. Majority of technologies applicable to smart homes are implemented in smart buildings such as lighting systems, security and access systems, identity management or heating and air conditioning systems. Smart buildings generally increase the quality of everyday life by enhancing digital experience, tenants’ satisfaction and staff business efficiency, enabling real-time information, improving life organization and work productivity.

Review of wireless technologies and their applicability for smart home / smart building use cases

The primary task of wireless communication technologies is to provide connectivity for automation. Wireless communication technologies differ in specific capabilities which make them more or less suitable for particular use cases.

One of the first wireless communication protocols developed for home automation support and communication among electronic devices was X10 released in 1975. It provided wireless communication at 120 kHz via digital bursts between programmable outlets or switches. This precursor of modern wireless technologies in the beginning had some drawbacks and disadvantages compared to present-day solutions. It was a simplex one direction communication, because home devices did not have the capability to generate backlink response. Wireless communication in both directions was later enabled via X10 protocol, but it was not a cost-effective solution. Moreover, there was a serious problem of communication reliability because of a signal loss caused by circuits that were wired on different polarities.

In the meantime, thanks to the continuous development of different wireless communications and their convergence with cellular communications driven by the adoption of IoT technologies, home automation continued growing.

Today’s wide availability of wireless technologies (like Bluetooth, ZigBee, RFID or NFC) at a reasonable price is a catalyst for rapid development and implementation of a myriad of smart home IoT use cases.

Performance of wireless technologies
Figure 2: Performance of wireless technologies

Wireless communication technologies work on different frequencies, use different modulations, differ in ranges, have different resistance to obstacles and interference, they have different power consumption and different power supply solutions, support different mechanisms for security and communication reliability, etc. All these features influence suitability for particular use cases.

Let’s briefly describe some representative wireless communication technologies like Bluetooth, Zigbee, Wi-Fi, RFID and NFC with their strengths, challenges and applicability for smart homes and smart buildings.

For more wireless protocols, check out my list of IoT wireless protocols.

IoT Protocols Speed Range

BLE (Bluetooth)

Bluetooth is a short-range wireless communications technology based on the IEEE 802.15.1 protocol. It works in a crowded license-free 2.4 GHz frequency band and shares this resource with many other technologies.

Bluetooth is the optimal solution for establishing small wireless networks called Piconets, by connecting two Bluetooth devices. One of these nodes is Master that can be connected via Bluetooth link to 7 other Bluetooth devices—Slave nodes in Personal Area Network (PAN). Typical data rates are 1-3 Mbps.

The newest versions of Bluetooth is known as Bluetooth Low Energy (BLE) or Bluetooth smart.

It is important to note that Bluetooth and BLE are not compatible technologies. For example, channel bandwidth in Bluetooth technology is 1MHz and in BLE is 2MHz, number of channels in Bluetooth is 79, while BLE supports 40 channels. They also differ in waveforms, transmission power, network organization etc. Bluetooth Versions 4.1/4.2/5.0 support both BLE and Bluetooth standards, but if the master device is a BLE device, the slave must also be a BLE device.

In the most recent Bluetooth Version 5.0 new wave-forms and coding techniques are implemented to achieve longer ranges of 50m or more, less power consumption, lower latency, better robustness and support for a higher number of subscribers in a single Bluetooth network.

At its inception the Bluetooth technology was used for data streaming or file exchange between mobile phones, PCs, printers, headsets, joysticks, mice, keyboards, stereo audio or in the automotive industry.

These days BLE technology became an indispensable protocol used in mobile phones, PCs and other types of devices applicable in gaming, sports, wellness, industrial, medical, home and automation electronics. It is an important wireless technology for smart homes and smart buildings because of the achieved ranges, throughput (2 Mbps), reliability, security performances, low power transmission and low power consumption. BLE provides wireless connectivity that enables home automation via the control of lights—smart bulbs and outlets, smoke detectors, cameras and other security systems, thermostats, video door bells, smart digital locks, hubs and controllers, different assistant devices, universal remotes, gaming consoles, TVs, etc.

In smart buildings, this wireless technology enables automation of some complex systems, as presented in Figure 2, such as: Heating, Ventilation and Air Conditioning (HVAC), lighting, security and indoor positioning. BLE technology deployed in smart buildings enables optimal space utilization, lowers operating and maintenance costs by condition monitoring via different sensors, contributes to energy savings, enhances the tenants, staff or visitor experiences, etc.

BLE smart home systems
Figure 3: BLE smart home systems

BLE is important for both residential and business buildings. It changes the outlook of the offices by formatting the smart meeting spaces or enabling the sensor-based occupancy mapping, improves workflow efficiency, reduces expenditures, increases revenues and employee satisfaction. In specific smart building types—smart healthcare facilities or smart hospitals, BLE is crucial for patient care and operational efficiency improvements.

In retail industry, coupled with beacon technology, it supports enhanced customer services like in-building or in-store navigation, personalized promotions and specific customer oriented content delivery. Some BLE limitations for smart home and smart building use cases would be: suitability for short range controls only, interference with other wireless technologies (Wi-Fi, Zigbee, etc.) that are using license free 2.4GHz frequency range, optimal for short-burst wireless communication, lower throughput compared to some other wireless technologies, lack of generic IP connectivity etc.


Zigbee is wireless PAN (Personal Area Network) technology developed from IEEE 802.15.4 wireless standard and supported by the Zigbee Alliance. IEEE 802.15.4 standard defines the physical and data link layers with all details about the robust radio communication and medium access control. Zigbee Alliance provides content standardization of the transmitted messages from network layer to application layer. It is a non-profit association, responsible for open global Zigbee standards development. Companies like Google, Amazon, Qualcomm, Samsung, Silicon Labs, Philips, Huawei, Toshiba etc. are members of Zigbee Alliance.

The Zigbee wireless communications technology operates in unlicensed frequency bands including 2.4 GHz, 900 MHz and 868 MHz, within 100m range. It enables up to 250 Kbps throughput in the 2.4 GHz frequency band and 40 Kbps/20 Kbps in the 900/868 MHz frequency bands. In the 2.4 GHz frequency band the Zigbee technology is organized in 16 channels, shifted in 5MHz steps. This technology supports theoretically up to 65000 nodes organized in a single wireless network. There are three types of nodes – logical devices in a Zigbee network:

  • Zigbee Coordinator – is a device responsible for establishing, executing, administering and managing the overall Zigbee network, its security, subscribers list, etc. There is only one coordinator in Zigbee network.
  • Zigbee Router – is an intermediate node responsible for routing packets between end devices or between end devices and the coordinator. In one Zigbee network there could be several routers.
  • Zigbee End Device – represents a sensor or a node that monitors and collects required data. Unlike routers or coordinators, these nodes are usually battery operated. Hence, they could be put to sleep for a certain period to minimize battery draining and conserve energy when there is no activity to be monitored. End devices can neither route traffic nor permit other nodes to join the network.

Zigbee technology supports three types of network topologies—star, mesh and hybrid mash.

  • In a star network, one hub, the coordinator is the central point of all communications, limiting the network coverage with its range and processing power. As the most important node in a Zigbee star topology network, it represents a single point of failure.
  • In the mesh network all end nodes are router nodes at the same time, including the coordinator after the network initialization, making this topology robust and without a single point of failure (presented in Figure 3).
  • Hybrid mesh topology combines the first two types—in this topology there can be several star networks and their routers can communicate as described in a mesh network.

We must consider the choice of topology in the network planning phase, taking into account its purpose, available power supply solutions, range and throughput requirements, schedule for end nodes (sensors) activity, costs and other factors important for specific use cases.

In the endless process of technology evolution, the Zigbee Alliance continues improving Zigbee standard. The latest version of Zigbee standard has enabled interoperability among the wide range of smart devices from different manufacturers and provides access for end-users to innovative products and services that will work together seamlessly.

Today Zigbee 3.0 is one of the most common wireless standards implemented in IoT devices. It significantly affects smart homes and smart buildings development because of the low power consumption, long battery life, built–in support for mesh networking and IP, provided communication security and reliability, cross-band communication across 2.4GHz and sub-GHz frequency bands, etc. Zigbee became one of the most crucial technologies and a global standard for home automation. It helps creation of smart home, by enabling appliances control, improvements in everyday comfort, security and energy management.

As the Zigbee 3.0 devices have energy harvesting support and long battery life, we generally describe this technology as the low-power Wi-Fi.

Its applicability in smart homes and smart buildings enabled remote control of different equipment like smart plugs or motion sensors, light switches, thermostats, door locks and systems like security, HVAC and energy or water consumption.

Worldwide compatibility is enabled between the Zigbee 3.0 devices which improves inherited interoperability challenges. At the same time, operating and maintenance costs are decreased, making it a win-win solution for both—end users (staff, tenants or visitors) and providers.

Zigbee is the standard of wireless technology choice for smart home and smart building applications, but some of its disadvantages are recognized as well, such as short range communication, data throughput that is optimized for bursts of sensor transmissions but not for streaming, lack of advanced error correction mechanisms, sometimes more complex troubleshooting, star topology single point of failure, etc.


The Wi-Fi represents wireless technology that includes the IEEE 802.11 family of standards (IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, IEEE 802.11n, IEEE 802.11ac, etc.). Within 50m range, it operates in 2.4 GHz and 5GHz frequency bands.

This technology was developed for wireless networking of computer devices and is commonly called WLAN (Wireless Local Area Network), where the communication is realized between wireless routers typically connected to the Internet and other wireless nodes within its range.

In compliance with performances of specific IEEE 802.11 standards, different data rates are enabled and their theoretical throughput is 11 Mbps (IEEE 802.11b), 54 Mbps (IEEE 802.11a and IEEE 802.11g), 100 Mbps (IEEE 802.11n) or 300 Mbps (IEEE 802.11ac).

In the overcrowded 2.4 GHz frequency band, there are 14 channels dedicated for the Wi-Fi technology. In 5 GHz frequency band, RF channel distribution for Wi-Fi is correlated with national legislation and RF bands allocation plans.

A new Wi-Fi HaLow (IEEE 802.11ah) standard is a technological successor of the current IEEE 802.11ac wireless protocol. It works at 900 MHz frequency band in the USA and significantly improves wireless coverage and energy efficiency as one of the most important features for smart homes, smart buildings and other IoT use cases.

Among other available choices, this technology is used in smart homes and smart buildings for use cases with high throughput audio/video streaming requests, centralized management applications, video monitoring and security systems, etc. Networking of multiple devices such as cameras, lights and switches, monitors, sensors and many others is enabled with this technology.

One of the major Wi-Fi benefits is its prevalence in almost all digital devices today and capability to provide high-capacity wireless links. From a security perspective, activation and implementation of supported encryption mechanisms provide acceptable protection, like Wi-Fi Protected Access (WPA) or WPA2. Wi-Fi technology enables generic IP compatibility, easy installation and operation procedures, possibility to add or remove the devices to or from a network with no particular management efforts and impacts to network functionality, efficient troubleshooting, etc.

This technology can be implemented as a back-end network for offloading aggregated data from a central IoT hub to the cloud, which is a very important feature applicable to smart homes and smart buildings.

Some Wi-Fi drawbacks for smart home and smart building use cases are power consumption, higher infrastructure price, susceptibility to obstacles that limits the range, susceptibility to RF jamming—important for smart home or smart building security systems, available throughput is shared between connected devices, susceptibility to interference from the many devices that operate at the same frequency—including Wi-Fi and other wireless technologies devices like cordless phones, microwaves, etc.

Radio-Frequency Identification (RFID)

Radio-Frequency Identification (RFID) is a technology commonly used for identification, status administration and management of different objects. It is important for people identification, as it is commonly deployed in latest biometric passports.

It operates in several frequency bands like Low frequency band from 125 kHz to 134 kHz, High frequency band with 13.56MHz working frequency, Ultra-high frequency band with 433 MHz working frequency and 860 – 960 MHz sub-band.

In Ultra-high frequency bands there are two types of RFID systems—Active and Passive.

  • Active RFID system operates on 433 MHz radio frequency and on 2.4GHz from Extremely High- Frequency Range. It supports range from 30 to 100+ meters.
  • Passive RFID system operates on 860 – 960 MHz frequency and supports up to 25m range.

Commonly, a RFID system has three major components: RFID tag, RFID reader and RFID application software.

  • RFID tags can be active (with microchip, antenna, sensors and power supply) or passive (without power supply).
  • RFID reader is another hardware component that identifies a RFID tag and transmits its status to the RFID software application.
  • RFID software applications (often mobile applications) monitor and administer RFID tags. They usually exchange information with RFID readers via different beacon technologies or Bluetooth.

RFID technology is very important for different IoT applications including smart homes and smart building. According to the applied frequency ranges, some advantages and limitations of RFID systems are given in Table 1.

RFID system type Advantages Limitations Applicability
Low frequency band
  • Unique applicability compared to other RFID systems
  • Global standardization support
  • Very short range
  • 10cm
  • Limited memory of RFID devices
  • Low throughput
  • High production costs
Animal tracking, access control, applications with high volumes of liquids and metals.
High frequency band
  • Support for NFC global protocols and standards
  • Higher capacity of the memory
  • Short range – 30cm
  • Low throughput
DVD kiosks, library books, personal ID cards, gaming chips, etc.
Active RFID systems
  • Longer range.
  • Lower infrastructure costs compared to Passive RFID
  • High memory capacity
  • Higher throughput
  • High tag cost
  • Restrictions due to battery power supply
  • Complex software solutions
  • Susceptibility to interference from metal and liquids
  • Lack of global standardization support
Vehicle tracking, auto manufacturing, mining, construction, asset tracking.
Passive RFID systems
  • Long read range
  • Low tag cost
  • Variety of tag sizes and shapes
  • Global standards support
  • High throughput
  • High infrastructure cost
  • Moderate memory capacity
  • Susceptibility to interference from metal and liquids
Supply chain tracking, manufacturing, pharmaceuticals, electronic tolling, inventory tracking, race timing, asset tracking, etc.


RFID tags are implemented as an interface between the IoT ecosystem and the subscribers. This technology potential is significant because of its low cost and low power features.

Smart clothes are a representative example of RFID technology deployment in a smart home. Garments with embedded RFID tags could share information with smart home appliances, to help us improve life quality. Smart bins could help to sort clothing items into logical groups, while balancing the load size. Smart washing machines in smart homes or buildings could read the embedded RFID tags on smart clothes and set the optimal wash cycle in compliance with provided instructions. Smart cleaning/laundry services provided in smart buildings can establish real-time communication with the building tenants, keeping them informed about the status of requested service.

RFID is also important for indoor location applications development and Angle of Arrival (AOA) technology. AOA technology implies the optimization of the mobile tag signals arrival angle from at least two adjacent sources, establishing a real-time location system with centimeters accuracy. In the context of localization systems and indoor applicability, this is a significant improvement.

RFID technology enables new consumer applications and services for smart homes and buildings like smart shelves, smart mirrors, self check-in or check-out, restricted area access control, etc.

Some important RFID technology advantages for smart home and building applications are low cost, low power consumption, great implementation potential, perspective for development of different user friendly software (mobile) applications, etc. RFID technology limitations are susceptibility to interference caused by different objects or eavesdropping and DDoS attacks, lack of standardization support, signal collision, etc.

Near field communications (NFC)

NFC is a short range two-way wireless communication technology that enables simple and secure communication between electronic devices embedded with NFC microchip. NFC technology operates in 13.56 megahertz and supports 106, 212, or 424 Kbps throughput. There are three available modes of NFC communication:

  • Read/write (e.g. for reading tags in NFC posters)
  • Card emulation (e.g. for making payments)
  • Peer-to-peer (e.g. for file transfers)

There is no need for pairing code between devices, because once in range they instantly start communication and prompt the user. NFC technology is power efficient – much more than other wireless technologies. The communication range of NFC is approximately 10 centimeters and it could be doubled with specific antennas. The short range makes this technology secure. Only allowing near field communications makes this communication technology optimal for secure transactions, such as contactless payments. Some examples of NFC applicability include:

  • Ticket confirmation for sports events, concerts, at theaters, cinemas;
  • Welfare performances improvement – syncing workout data from a fitness machines with personal user device;
  • Personalized content sharing – viewing special offers on your phone in museums, shopping malls and stores;
  • Loaders of translated content in different services, like menus in the restaurants;
  • Check-in and check-out in hotels, airports, etc.;
  • Security systems – unlocking an NFC-enabled door locks, etc.

NFC technology provides further support for smart home and smart building evolution. In the bedroom an NFC tag can be used for monitoring TV, wireless system, alarm, lighting or other devices via the smartphone. In the kitchen NFC tags could be placed on refrigerator and oven making them smart as presented in Figure 3., or they could be used to modify the ambient according to your needs (turning on and off some lights, music, etc.)

NFC support for smart kitchen
Figure 4: NFC support for smart kitchen

NFC tags can transform a smartphone or other personal digital device embedded with NFC chipset, into a universal remote capable of performing any action. Compared to RFID technology, every NFC device has embedded NFC reader and NFC tag capabilities. The potential for NFC technology applicability in smart homes and buildings is endless.

NFC advantages for smart homes and buildings applicability are simplicity, security, capability to connect unconnected devices via NFC tags or bridge other incompatible wireless technologies, low power consumption, widespread technology in almost all electronic devices, etc.

The main limitations that have to be considered for NFC applicability in smart home and smart building use cases are: very short distance, lower throughput compared to other wireless technologies, it is not completely risk-free technology – due to the fact that mobile based hacking tools are evolving and became common today.

Built-in cybersecurity features of wireless technologies (Bluetooth, Zigbee, Wi-Fi, RFID and NFC)

Traditionally, wireless networks are self-contained, homogenous and do not provide interoperability between different wireless technologies. There is no single wireless technology optimal for all use cases, capable of supporting all coverage, throughput, mobility, etc. requirements. As these technologies are wireless and susceptible to security issues, security protection is one of top priorities and the most challenging features in wireless networking. Rapid development and increasing importance of all wireless technologies became crucial for the fourth industrial revolution (IoT). Communications infrastructure is more complex than ever before. This trend will continue.

Hence, the general conclusion is that the principal task of wireless communication technologies should be to provide secure connectivity. In this chapter I’ll present some representative security features and challenges of above-mentioned wireless technologies.

BLE (Bluetooth) Cybersecurity

Several security modes are recognized in Bluetooth technology. Each version of Bluetooth standard supports some of them. These modes differ based on the point of security initiation in Bluetooth devices. Bluetooth devices must operate in one of four available modes:

  • Bluetooth security mode 1 – it is an insecure mode. It is easy to establish wireless connectivity in this mode, but the security is an issue. Bluetooth security mode 1 applicability is in short range devices and only supported up to Bluetooth v2.0 + EDR (Enhanced Data Rate) standard version.
  • Bluetooth security mode 2 – a centralized security manager is responsible for access to specific services and devices in this mode, by implementation of the authorization procedure. All Bluetooth devices can support this security mode. However, v2.1 + EDR devices support it only for backward compatibility.
  • Bluetooth security mode 3 – in this link level-enforced security mode, the Bluetooth device initiates security procedures before establishment of physical link. It uses authentication and encryption for all connections to and from the device. Bluetooth Security Mode 3 is only supported in Bluetooth devices with v2.0 + EDR or earlier versions.
  • Bluetooth security mode 4 – in this mode security procedures are initiated after link setup. Secure Simple Pairing uses Elliptic Curve Diffie Hellman (ECDH) techniques for key exchange and link key generation. This mode was introduced at Bluetooth v2.1 + EDR.

Following five basic security services are implemented in Bluetooth technology:

  • Authentication – verifies the identity of devices that are exchanging data, based on their Bluetooth address.
  • Confidentiality – ensures that only authorized devices can access and view transmitted data. It is important for preventing compromise of information, for example caused by eavesdropping.
  • Authorization – ensures that Bluetooth devices are authorized to use the service.
  • Message Integrity – verifies that a message sent is a message received, without any changes in between its source and destination.
  • Pairing/Bonding – creates and stores shared secret keys important for a trusted device pair establishment.

Supported security mechanisms developed together with standard versions. In compliance with the Bluetooth Specification Version 5.0, two security modes are implemented in BLE: Security mode 1 and Security mode 2. Within each of them, there are different security layers. BLE security mode 1 has 4 layers:

  • No security (without authentication and without encryption).
  • Unauthenticated pairing with encryption (AES-CMAC encryption or AES-128 -is implemented in this layer, during communications when the devices are unpaired).
  • Authenticated pairing with encryption.
  • Authenticated BLE secure connections pairing with encryption (each time after the pairing is initiated Elliptic Curve Diffie-Helman key agreement protocol is used for key exchange BLE secure connections).

BLE security mode 2 is supported with 2 layers:

  • Unauthenticated pairing with data signing.
  • Authenticated pairing with data signing.

Security manager protocol, built in the session layer of the OSI reference model, is responsible for pairing, signing between nodes, encryption, key administration, key management, security services management and all other security features in a BLE network. Bluetooth has some security vulnerabilities, as does any other wireless technologies. Its implementation has to be planned taking into account possible security threats. Some representative security challenges of BLE (Bluetooth) technology are:

  • Passive eavesdropping and Man in the Middle (MITM) attacks or identity tracking apply to Bluetooth technology. The interception of radio waves between a smartphone and smart lock can be realized by a different kind of sniffers. Their price range today is 50-100 USD.
  • Bluejacking involves the sending of a vCard message via Bluetooth to other Bluetooth users within the short ranges – typically 10 meters. The risk is that the recipient will not realize what the message is and it is possible to open messages automatically, assuming that they are sent from someone known from the contact list.
  • Bluebugging is the Bluetooth security issue that allows unauthorized remote access to a phone and usage of its features. It may include placing calls and sending text messages. In the meantime, the owner does not realize that his phone has been taken over. Depending on the attacker’s creativity, denial of service (DoS) attacks and resource misappropriation are consequences of this security issue, too.
  • Car Whispering is a hacking technique that implies the usage of specific software to send and receive audio and other files to and from a Bluetooth enabled car stereo system, to invade privacy or listen conversation. It could be applied in the same manner to a Bluetooth enabled systems in smart homes or smart buildings.
  • Bluesnipping is a hacking technique capable to extend the range of unauthorized Bluetooth communication system monitoring and provide malicious coverage within a mile distance. It is realized with a specific hardware – a Bluesnipping gun that is made with a few hardware pieces like folding stock, Yagi antenna and Linux terminal.

These vulnerabilities can cause unauthorized access to sensitive information, unauthorized use of Bluetooth devices and other systems or networks to which the Bluetooth devices are connected. In order to protect a network from security vulnerabilities, it is always useful to be careful with third-party applications and install applications only from trusted sources. Recommendation is to deploy a home network firewall that will protect and encrypt all incoming and outgoing data.

Zigbee Cybersecurity

The Zigbee Alliance and its members are continuously improving security performances of Zigbee technology, to achieve optimal balance between deployment, exploitation and security requirements in wireless machine to machine communication.

Zigbee is considered to be a relatively secure wireless communication protocol, with security architecture built in accordance with the IEEE 802.15.4 standard. To meet the security needs, Zigbee provides a standardized set of security specifications based on a 128-bit AES algorithm and compatible to wireless 802.15.4 standard.

Security mechanisms include authentication, authorized access to network devices, integrity protection and encryption with key establishment and transportation. Device authentication is the procedure of confirming a new device that joins the network as authentic. The new device must be able to receive a network key and set proper attributes within a given timeframe to be considered authenticated. Device authentication is performed by the Trust Center. Integrity protection is realized on the frame level using message integrity checks (MIC) to protect the transmitted frames and ensure they are not accessed and manipulated. A 128-bits symmetric-key cryptography is implemented in Zigbee’s security architecture. Zigbee technology supports 3 different types of keys for different purposes:

  • Master key must be obtained by pre-installation, secure key transport or user-entered data such as PIN or password. It is used for link keys derivation and establishment.
  • Network key is used for network establishment and broadcast network communication. This key provides network level security.
  • Link key is used for encryption point-to-point communication at the application level. It is different for each pair of devices in the network that are working in point-to-point mode. Link keys are used to minimize the security risks of Master key distribution. This key provides APL level security and the messages between devices are protected with both – the Network key and the Link key.

There are two types of security models in Zigbee networks. They mainly differ according to the implemented mechanisms, i.e. how new devices are admitted into the network and how they protect the messages in the network – Centralized security network and Distributed security network.

In the Centralized security model only Zigbee Coordinator with Trust Center credentials can establish centralized networks. Nodes join the network, receive the network key and establish a unique link key with the Trust Center.

In the Distributed security model, there is neither Zigbee Coordinator with Trust Center credentials nor Master keys. All the nodes in the network are pre-configured with the Link key, before entering the network and using the same network key for message encryption.

Zigbee technology supports different key management and transportation mechanisms, such as pre-installation (realized by manufacturer), key establishment—a method of generating Link keys based on the Master key, and key transport—when the network device makes a request to the Trust Centre for a key.

Security attacks and unauthorized usage are possible, as Zigbee technology applies to remote control and monitoring of sensitive resources, infrastructure or home security. Some important security issues in Zigbee networks would be:

  1. Replay and injection attacks. In the first phase, specific tools for Zigbee network discovery transmit beacon request frames and analyze responded information about available nodes in the network. This entire process finds Zigbee devices working on dedicated working channels, sends and receives beacon request and response frames over that single channel. Next phase is capturing the packets, analyzing them, then replaying the same packets and making it look as if they came from the originating node to cause a change in the device’s behavior, determined by the replayed packets. The network will treat the malicious traffic as regular traffic.
  2. Wormhole attacks exploit the mechanisms to discover routes of on-demand routing protocols and apply to Zigbee networks. A malicious user that receives packets at one point in the network then replays these packets in other areas to interfere with the overall network functionality. The attacker can control the data that flows through the malicious tunnel and launch other attacks, especially if network nodes are far enough from each other.
  3. Misplacement of some low-cost Zigbee devices with limited protection capabilities – for example, without tamper-resistance (such as temperature sensors and light switches), makes them vulnerable for unauthorized access to privileged information like keys, network identification, working channels etc.
  4. Zigbee uses the same security level in all network devices for the purpose of achieving and maintaining the device interoperability. This could lead to some security risks.
  5. Eavesdropping applies to Zigbee networks, especially to ones supported by OTA firmware upgrade capability. This kind of attack is very hard to discover.
  6. DDoS attacks at the MAC layer are a realistic scenario. If an attacker floods a radio channel with frames, the network will be forced to deny any communication between devices, because Zigbee uses CSMA/CA mechanism and devices always check if a channel is busy before transmission if it is running in non-beacon mode.
  7. Without integrity protection provided by MIC, a rogue device could modify a transmitted frame and the modification may not be detected by the recipient.
  8. A denial-of-service (DoS) attack causes a node to reject all received messages. In a Zigbee network, DoS attack can be done by altering routing tables to redirect all or some of the network traffic to a malicious device (sinkhole attack). It is achieved by purposely sending messages to build artificial routing paths or to implement loops to the routing process of legitimate nodes. As a consequence, transmission of packets among devices is hampered.
  9. DoS attacks could be realized too, by using jamming techniques to trick the user for initiation of a factory reset and preventing the devices from communicating. It could be also realized by sending a “reset to factory default” command to the device and waiting on the device to look for another Zigbee network to connect.
  10. Upon leaving the network, a node can still access the communication, since it still possesses the master and link keys. If we analyze an example of a smart home or smart building where Zigbee devices are used for opening doors or improving energy efficiency, it is not impossible that one or many of the devices are lost or stolen. For that reason, if the keys stored on the devices are not properly revoked, someone might take advantage of the situation and exploit this weakness. Therefore, this type of attacks together with network physical security should not be underestimated and must be taken seriously.

In order to meet the increased security requirements for smart home and smart building use cases, the Zigbee Alliance is permanently engaged in security improvements (new algorithms and functions research and development, security protocols and hardware and software support requirements, networks and system organization and settings, regulatory topics and standards establishment).

Wi-Fi Security

The Wi-Fi Alliance enables the implementation of different security solutions across Wi-Fi networks through the Wi-Fi Protected Access (WPA) family of technologies. Simultaneously with Wi-Fi technology, deployable for personal and enterprise networks, security capabilities evolve too.

Today there are several available levels of security applicable to Wi-Fi networks implemented in WPA protocols, like WPA3 – Personal, WPA3 – Enterprise, WPA2, Open Wi-Fi and Wi-Fi enhanced open.

WPA3 security protocol

WPA3 is the latest generation of Wi-Fi security protocol. It is a successor of successful and widespread WPA2 protocol.

WPA3 adds new security features to deliver more robust authentication, enable increased cryptographic strength for highly sensitive information exchange and support resiliency of mission critical networks.

Once implemented, WPA3 protocol represents best security practices in Wi-Fi networks, while disabling obsolete security protocols and requiring usage of Protected Management Frames (PMF) at the same time. It includes additional features specifically to Personal or Enterprise networks and maintains interoperability with WPA2 protocol.

WPA3 is currently an optional certification for Wi-Fi certified devices that will become mandatory in compliance with the market needs and growth.

WPA3-Personal protocol enabled better protections to individual users by providing more robust password-based authentication. This capability is enabled through Simultaneous Authentication of Equals (SAE), which replaces Pre-Shared Key (PSK) in WPA2-Personal protocol. Some of its advantages are natural password selection (allows easy to remember passwords), protection of data traffic even if a password is compromised after the data was transmitted and easy to use.

WPA3-Enterprise protocol is developed specifically for enterprises, governments and financial institutions, offering an optional mode that uses 192-bit minimum-strength security protocols and cryptographic tools for better protection of sensitive data. It is supported  with authenticated encryption (256-bit Galois/Counter Mode Protocol  – GCMP-256), key derivation and confirmation (384-bit Hashed Message Authentication Mode with Secure Hash Algorithm – HMAC-SHA384), key establishment and authentication (Elliptic Curve Diffie-Hellman – ECDH exchange and Elliptic Curve Digital Signature Algorithm – ECDSA,  using a 384-bit elliptic curve) and robust management frame protection (256-bit Broadcast/Multicast Integrity Protocol with Galois Message Authentication Code – BIP-GMAC-256).

WPA2 security protocol

WPA2 protocol provides security and privacy to Wi-Fi networks since 2006. It is a well-known successor of an obsolete WPA security protocol. The major improvement in comparison with WPA is deployment of stronger AES encryption algorithms in WPA2 protocol.

During 2018, to meet security requirements in evolving networking environments, Wi-Fi Alliance augmented existing WPA2 protocol through configuration, authentication and encryption enhancement. By these enhancements, susceptibility to network misconfiguration is reduced and security of managed networks with centralized authentication services is supported.

Open Wi-Fi networks

In some use cases, open Wi-Fi networks are the only available option. It is important to be aware of the risks that open networks present. To address these risks, Wi-Fi Alliance has developed a Wi-Fi Enhanced Open as a solution for users of open Wi-Fi networks.

Compared to traditional open networks with no protection, Wi-Fi Enhanced Open certification provides unauthenticated data encryption to subscribers. It is based on Opportunistic Wireless Encryption (OWE) method defined in the Internet Engineering Task Force (IETF) RFC8110 specification and the Wi‑Fi Alliance Opportunistic Wireless Encryption Specification. Wi-Fi Enhanced Open enables data encryption that maintains the open networks ease of use and benefits network providers because of simple network maintenance and management.

The intensive evolution of security features in Wi-Fi technology makes it very deployable in the IoT domain and specifically to smart home and smart building use cases. Like other wireless technologies, it has some security challenges too. If we take into account the number of devices embedded with Wi-Fi chips, this becomes even more important. Some representative Wi-Fi security challenges are:

  • Jamming susceptibility – a Wi-Fi signal can be easily jammed today. In smart homes or smart building, this attracts additional attention. If a home security system is based on Wi-Fi technology, intruders could effectively block the Wi-Fi signal and disable the alarm system.
  • Because of the single point of failure (wireless router or Access Point), DoS attacks are potential risks for smart homes or smart building Wi-Fi networks. If the Access Point is out of service, there is no service availability and complete wireless network is malfunctioning.
  • Eavesdropping is performed by simply getting within range of a target Wi-Fi network, then listening and capturing data. This information can be used for a number of unauthorized activities including attempting to break existing security settings and analyzing non-secured traffic. It is almost impossible to reliably prevent this category of attacks because of the nature of a wireless network. It is always important to set the complex parameters in security mechanisms.
  • Evil Twins or Rogue Wi-Fi Hotspots are one of the most common ways for obtaining sensitive information from Wi-Fi networks. It represents a fake Wi-Fi access point that imitates the legitimate one. In this scenario, an SSID is state similar to original Access Point and any information disclosed while connected to Rogue Wi-Fi Hotspot could be misused.
  • Packet Sniffers – by using a packet sniffer, it is possible to identify, intercept, and monitor web traffic over unsecured Wi-Fi networks and capture personal information such as login credentials to bank accounts and corporate email accounts.
  • File-Sharing – if enabled on devices, it can be used for unauthorized access to a device connected to the Access Point or Wi-Fi hotspot and malware drop.
  • Malware and Ransomware susceptibility of public Wi-Fi hotspots that could be a part of smart building. Without the protection of AV software and web filters, malware can be silently downloaded.
  • A generic IP nature of Wi-Fi networks makes them a perfect surrounding for the testing of the new hackers’ tools and for improvements of the existing ones.

To maintain worldwide interoperability and secure communications between devices from different manufacturers, Wi-Fi alliance permanently improves the security solutions implemented in Wi-Fi technology, provides product certifications, forward and backward compatibility. This approach is very important for Wi-Fi support to different IoT use cases and particularly for smart homes and smart buildings evolution.

RFID Security

RFID technology is becoming increasingly popular for smart homes, smart buildings and other IoT use cases. RFID is considered to be the successor of the barcode technology.

If any of the security mechanisms in RFID is not implemented properly or not operational, the security is broken. Particularly in smart homes and smart building use cases, it may result in unauthorized access to personal data, or even personal tracking.

Like other wireless technologies, RFID is exposed to security threats and the most typical RFID security challenges are:

  • Interference susceptibility is caused by environmental factors such as radio noise and collision caused by metal and liquids. The interference affects the RF propagation and eventually leads to error in localization services, propagation, ranges, service availability etc.
  • Tag isolation is technically the simplest attack, and the most represented. It includes the jamming of tag communications and blocking data that has to be transferred to the reader.
  • Tag cloning includes eavesdropping, the extraction of the unique identifier (UID) and/or the RFID content and their insertion into another tag. Tag cloning is commonly used for unauthorized access to restricted areas or even for changing – decreasing the price of certain goods in supermarkets.
  • Relay/Amplification attacks consist in unauthorized amplification of the RFID signal by using a relay and extending the range of the RFID tag beyond the borders of its coverage zone.
  • Denial of Service (DoS) attacks include the scenario when a tag is flooded with a large amount of information from a malicious source and cannot process the operational signals sent by real tags. Other techniques are based on jamming – emitting radio noise at the RFID system operating frequency.
  • Remote tag destruction is realized by RFID zappers able to send energy remotely. This electro-magnetic field can be very high and capable of burning certain components of the tag. Remote tag destruction is possible if the kill password in some tags is misused – first by passive eavesdropping in order to open the kill password and then applying it intentionally to disable the tags.
  • Man-in-the-Middle (MitM) attacks, SQL injection, virus/malware and commands injections are possible by placing an active malicious device between a tag and the reader to intercept or alter the communications between both elements and endanger the readers functioning.
  • RFID skimming includes the deployment of unauthorized portable terminals, to make fraudulent charges on payment cards.

To provide a secure wireless network, described security challenges have to be taken into account when creating smart home or smart building systems based on RFID wireless technology.

NFC Security

NFC wireless technology enables all objects to connect to the Internet. Its applicability in the IoT domain, to smart home and smart building use cases is crucial, especially if taken into account the fact that all modern personal devices (cellphones, tablets and notebooks) are embedded with NFC chips and their mutual compatibility is achieved.

One of the security mechanisms implemented in NFC is Digital Signature (defined in the NFC Forum Signature RTD 2.0) with asymmetric key exchange. The Digital Signature is a part of the NFC Data Exchange Format (NDEF) message, which includes also a Certificate Chain and a Root Certificate. Each NFC device has a private and a public key. Developed by HID – NFC tag manufacturer, another security mechanism is a Trusted Tag. It fully complies with NFC Forum Tag Type 4 and works with any NFC Forum compatible devices. The Trusted tag is protected from cloning and embedded with cryptographic code generated by every “tap” or click on NFC button. This cryptographic code protects the content of the transmitted information.

NFC technology operates in limited range and includes additional protection like PIN or biometric locks that enable secure data exchange.

Similar to other wireless technologies, NFC is susceptible to some security challenges. Some illustrative examples are:

  • General theft of property or losing a device is hard to avoid. The best defense from this threat is to ensure phones, tablets and other personal devices from unauthorized logging and usage.
  • Eavesdropping and interception attacks apply to NFC technology.
  • Man in the middle attack is possible if there is a malicious device positioned between two NFC devices or in their short range that receives and alters the exchanged information. They can be prevented by remaining aware of unusual devices that are attached or positioned nearby to transactions premises. It is important to ensure that NFC transactions are realized only in official and authorized places.

5G for smart home / smart buildings

Deployment of 5G cellular communication technology establishes a new ecosystem with great potential. These potentials are based on the creation of the most advanced and the most critical communications infrastructure ever, capable of supporting new service possibilities, including efficient information exchange in an IoT context. A new ecosystem outlines are shaped by the availability of 5G technology features such as:

  • High speed (1-20 Gbps) data throughput capable of effectively processing augmented and virtual reality (AR/VR) systems, 3D video streaming with 4K /8K resolutions screens, online gaming and other services, etc.
  • Ultra-low latency (<1ms) that is of crucial importance for real time services such as telemedicine and healthcare, AR/VR, intelligent transportation, smart homes and industry automation.
  • Millimeter-Wave radio communications with new waveforms and massive MIMO (Multiple In Multiple Out) applicability with beam-forming and beam management, due to frequency range – wavelength, size of antenna and spacing characteristics.
  • Massive connectivity and dense coverage for vehicles, mobile subscribers, enterprises, IoT etc.
  • Very low energy consumption with extremely long battery life (up to 10 years), necessary for IoT M2M (Machine to Machine) communications.

To enable these capabilities, a completely new air interface capable of supporting heterogeneous access networks in different frequency bands and variable bandwidths is provided for 5G networks. Supported by small cells network structure, it ensures ultra-low latency, great indoor and outdoor coverage, localization and service availability. Cloud Radio Access Network (CRAN) model implemented in 5G technology enables split access architecture and deployment of network virtualization. In this new radio access model, a “central” edge cloud location is responsible for some access network functionality, while other functions are realized in the remote locations, enabling the separation of the front and back-haul in the transport network.

Implementation of adaptable software-based architecture technologies especially applicable to the first three layers of OSI reference model – Software Defined Radio (SDR), Software Defined Access (SDA) and Software Defined Networks (SDN) is enabled in 5G networks together with packet core network upgrades. The implementation of these technologies enables Network slicing as a unique 5G attribute. Network slicing manages and processes the creation of multiple virtual networks within shared physical infrastructure and is expected to be a crucial feature that will empower the deployment of different 5G use cases.

Expectations are that 5G will expand boundaries in all domains of modern life such as travelling, driving, production efficiency improvements, smart systems deployment such as smart cities with smart homes, buildings, hospitals, factories, public safety and services management etc. – all areas of human activity.

AI, IoT and 5G technology are intertwined. 5G technology is responsible to provide a network surrounding capable of supporting widespread use of AI and IoT applications and services. AI significantly improves the network management and services availability. Through integration and advancement of these technologies 5G telecom carriers are in position to improve network planning, capacity expansion forecast, coverage auto-optimization, network slicing, CRAN and dynamic cloud network resource scheduling.

AI is recognized as a game changer that will lead the transformation from the current carriers’ management model based on human capabilities to the self-driven automatic network operation and maintenance management mode. At the same time, availability of IoT and AI applications and services is directly correlated with construction of new 5G infrastructure and networks deployment.

When considering smart buildings and smart homes use cases, automation saves time and costs. Automation processing is moved to a higher level with 5G technology.

By supporting massive connectivity, 5G enables the deployment of smart home devices that work automatically, with no additional settings. For instance, by connecting the specific utilities meters to a central network, it is possible for suppliers of energy or other utilities to monitor, detect and respond if any unusual changes in consumption occur in smart landscapes like buildings, homes and cities.

Improvement in security systems performances is expected due to lower latency with high throughput and network reliability that is provided by 5G technology.

Taking into account predictions that over 80% of traffic will be originated by indoor subscribers, indoor coverage becomes extremely important. The small cells structure of 5G networks improves the indoor coverage, compared to other cellular communication technologies and, at the same time influences the evolution of different HD enterprise services, home VR, holographic communication, telemedicine and other new services applicable to smart homes and buildings.

5G security

5G networks are designed not only to enable information exchange between people, but to also connect machines. The security and privacy are a major concern that spans far beyond 5G as the technology with the most complex infrastructure. It is important to be aware that 5G networks will support millions of low-cost sensors that affect the security, too. Considerations in 5G security and privacy developed new trust models, service delivery models, evolved threat environments, and privacy concerns.

To support all new relations between distinct entities in the 5G ecosystem, new trust models have to be established.

The increase of security requirements in areas such as authentication between distinct elements of a complex set, accountability and non-repudiation is expected.

New categories of devices will shape the trust models and extend the wide range of different security requirements applicable to many use cases such as industry automation control devices, smart home devices with associated services, next-generation of personal devices like tablets and smartphones, etc.

New identity management solutions play an important role in defining new trust models, too.

Cloud technology, AI and network virtualization applicability in 5G networks influence the shaping of the new service delivery models. Decoupling software and hardware, separation of the front and back haul in the transport network, third-party applications deployment in the clouds together with some native telecommunications services impact the demands on virtualization with strong isolation properties and force the new security system organization and deployment.

Simultaneously with new performances, new threats and challenges are rising. So are the privacy concerns.

Generally, the level of 5G security is not defined by the number of specified security mechanisms. A multi-stakeholder approach that involves operators, vendors, regulators, policy makers and representatives of 5G subscribers (from different ecosystem segments) is fundamental to the security baseline of trustworthy, cost-efficient and manageable 5G networks. In such a complex landscape standardization is of crucial importance for everyone – enterprises, public safety, industrial automation, smart homes and buildings, etc. Standards defined by entities such as the ISO (International Organization for Standardization), the IEC (International Electro-technical Commission) and the CSA (Cloud Security Alliance) will also impact the technology evolution, applicability, and customers’ services availability. To provide safe and secure wireless connectivity worldwide, new comprehensive security policies have to be created and implemented in 5G technology.

5G security challenges

Similar to other wireless communications, 5G is susceptible to security challenges. 5G even more so.

There are several specific facts that are determining unique 5G susceptibility in security context, such as:

  • Network components that are virtualized and potentially deployed on the NFVI (Network Function Virtualization Infrastructure) and cloud components provide dynamic configurations of 5G architecture and need more dynamic and flexible security solutions.
  • Complex control of Network slicing – as a completely virtual type of networking deployed through all entities of 5G network.
  • Radio access network is vulnerable to all common wireless network security threats such as rogue nodes, modification, altering or injecting user plane traffic, MEC server vulnerability and DoS attacks.
  • AI applicability to 5G networks generates the new cybersecurity challenges, such as AI “black boxes”, the inability to test AI for intentional backdoors, or adversarial learning, which is remote reprogramming of the neural network algorithms.
  • Since the 5G network is managed by different software – its protection and reduction of API (Application Programming Interface) and other software vulnerabilities within the network became the priority, together with external roaming threats.
  • 5G implements edge computing that represents the potential for new security threats. It moves processing from the core and places it at the edges of the network – spatially distributed closer to high-density data sources to 5G.
  • The expansion of bandwidth in 5G creates more complex air interface and security challenges like eavesdropping, RF jamming, MitM attacks, complex resources administration and monitoring, etc.
  • Vulnerability is increased by attaching billions of smart but often low-cost and hackable devices to an IoT networks and other types of subscriber devices that can suffer from malware, MitM attacks, DDoS (Distributed Denial of Service) and other botnet types of attacks, lack of device tampering protection, snooping and sniffing attacks, etc.
  • Protection of subscribers’ personal privacy is a very important component of 5G security that includes access to location information (location based services), data and personal information privacy (personal health information, identity management or employee personal information available for enterprises).
  • Quantum technology is expected to break almost all encryption solutions available today. This issue has to be resolved on time, by upgrading encryption models to quantum resilient ones. For example SK Telecom, South Korea’s largest mobile operator has already developed Quantum Key Distribution (QKD) technology for its 5G network.

Without further standardization, regulation and strong proactive measures, 5G networks offer the widest and the most attractive attack surface and remain vulnerable to cyber-attacks.

Conclusion – wireless technologies and IoT perspective

It is impossible to deploy a functional IoT ecosystem without the support of wireless technologies. They provide the communications between the billions of devices, network and applications servers, cloud infrastructure, machines and sensors, subscribers, new applications and services, etc.

The latest cellular communications technology – 5G is recognized as a game changer that will support different heterogeneous wireless technologies, open new perspectives for AI and augmented reality applicability, provide necessary infrastructure that will enable secure and safe deployment for smart homes, smart buildings and smart cities or any other IoT use cases.

5G, as the communications technology with the widest applicability for different IoT use cases, is expected to become the most critical of critical infrastructures ever.

Enabled by 5G, the potential of smart homes, smart buildings, and smart cities will explode. With the wide applicability and ubiquity, the arrival of 5G will further expand the demand for smart home devices, impact their development, lead to more competitive pricing and make them more available in everyday life.

It is essential to pay close attention to the integration and configuration of wireless devices, in compliance with system needs and to achieve secure communication in different IoT use cases. Regardless of the security protocols applied in the wireless – cellular technologies and security solutions implemented across the different layers of OSI reference model, we must also keep the focus on user attention as one of the most important details that significantly contributes to overall system safety and security, especially for smart homes and smart building use cases.  

IoT Wireless Protocols – Speed & Range – Spreadsheet

IoT Protocols Speed Range

IoT Wireless Protocols - Speed & Range

wdt_ID Wireless technology / standard Data Rate Approximate Range
1 5G Low-band 5G (600 - 700 MHz) giving download speeds a little higher than 4G at the moment: 30-250 Mbps. Mid-band 5G (2.5-3.7 GHz) currently allowing speeds of 100-900 Mbps. High-band 5G (25 - 39 GHz and higher frequencies up to 80GHz) achieves, at the mom Range is correlated with frequency bands - low band 5G has similar range to 4G (tens of kilometers), Mid-band 5G has several km range. High-band 5G has hundreds of meters up to 1.5 km range.
2 ANT+ Alliance 12.8 Kbit/s - 60kbit/s ≈ 30m
3 Bluetooth ≈ 2Mbps ≈ 50m
4 BLE (Bluetooth Low Energy) or Bluetooth Smart (Bluetooth 5, 4.2) <1Mbps ≈ (n x 100kbps) ≈ 100m
5 GSM/GPRS/EDGE (2G), UMTS/HSPA (3G), LTE (4G) Typical download: 35-170kps (GPRS), 120-384kbps (EDGE), 384Kbps-2Mbps (UMTS), 600kbps-10Mbps (HSPA), 3-10Mbps (LTE) ≈ 35km max for GSM and ≈ 200km max for HSPA
6 IEEE 802.15.4 ≈ 20 kbps and 40 kbps (BPSK ), ≈ 250 kbps (O-QPSK with DSSS) ≈ 100m
7 ISA100.11a ≈ 250 kbps ≈ 100m
8 6LoWPAN ≈ 250 kbps ≈ 100m
9 LoRaWAN ≈ 0.3-50 kbps ≈ 15km
10 EC-GSM-IoT 70 kbps (GSMK), 240 kbps (8PSK) ≈ 15km
11 LTE-MTC Cat 0 ≈ 1 Mbps Range is variable and depends on frequency bands, propagation conditions etc. typically it is ≈ 10km
12 LTE-M (Cat M1, Cat M2 ) - eMTC LTE-M Cat M1 ≈ 1 Mbps LTE-M Cat M2 ≈ 4 Mbps DL / ≈ 7 Mbps UL Range is variable and depends on frequency bands, propagation conditions etc. typically it is ≈ 10km
13 NB-IoT - Narrowband-IoT (LTE Cat NB1 and LTE Cat NB2) LTE Cat NB1 ≈ 66 kbps (multi-tone) and ≈ 16.9 Kbit/s (single-tone) LTE Cat NB2 ≈ 159kbps Range is variable and depends on frequency bands, propagation conditions etc. typically it is better than LTE-M coverage.
14 Neul up to 100kbps ≈ 10km
15 NFC 106kbps, 212kbps, 424kbps ≈ 10cm
16 RPMA (Random Phase Multiple Access) 100kb ≈ 70km
17 IEEE 802.11a/b/g/n/ac Different data rates are enabled in IEEE 802.11 family of standards and their theoretical throughput is 11 Mbps ( IEEE 802.11b), 54 Mbps (IEEE 802.11a and IEEE 802.11g), 100 Mbps (IEEE 802.11n) or 300 Mbps (IEEE 802.11ac). ≈ 50m
18 IEEE 802.11ah (Wi-Fi HaLow ) 347Mbps ≈ 900m
19 IEEE 802.16 (WiMax) 40Mbit/s - mobile, 1 Gbit/s - fixed ≈ 50km
20 HART 250 kbps ≈ 200m
21 Z-Wave 40kbps (915MHz) and 20kbps (868MHz) 30-100m
22 ZigBee 250 kbps (2.4GHz) 40kbps (915MHz) 20kbps (868MHz) 30-100m
23 Thread 250kbps ≈ 30m
24 DigiMesh 250 kbps (2.4) 40kbps (915) 20kbps (868) ≈ 100m
25 MiWi 20kbps ≈ 300m
26 EnOcean 125kbps ≈ 30m (outdoor 300m)
27 Weightless (W, N, P) ≈ 600bps-100kbps ≈ 2km (P), 5km (W, N)
28 mcThings 50kbps ≈ 200m
29 LoRa 50kbps ≈ 30km
30 SIGFOX 600bps ≈ 40km
31 DECT ULE 1Mbps ≈ 300m
32 Insteon 38400bps - via RF 13165bps - via powerlines ≈ 50m
33 RFID 4kbps - 640kbps (depending on the active or passive type of device and frequency range). 0.01m-10m (depending on the frequency range)
34 WAVIoT (NB-Fi - Narrowband Fidelity) 10-100bps ≈ 50km
35 DASH7 Alliance Protocol (D7A or D7AP) 167kbps ≈ 2km
36 Wi-SUN 300kbps ≈ 1000m
37 Wavenis 9.6kbps (433 & 868MHz) / 19.2kbps (915MHz) ≈ 1000m
38 MiOTY 407 bps ≈ 20km
Wireless technology / standard Data Rate Approximate Range

IoT Wireless Protocols – Spreadsheet

IoT Protocols Speed Range

IoT Wireless Protocols

wdt_ID Wireless technology / standard Organization that manages the technology / standard URL of the organization URL of the standard specification Frequency Approximate Range Data Rate Power Draw Topology Requires hub or gateway Proprietary or Open Intended Use Security Common use Comments
1 5G 3GPP https://www.3gpp.org/ https://www.3gpp.org/dynareport/SpecList.htm?release=Rel-15&tech=4 Low-band 5G 600 - 700 MHz /Mid-band 5G 2.5-3.7 GHz / High-band 5G 25 - 39 GHz and higher frequencies up to 80GHz Range is correlated with frequency bands - low band 5G has similar range to 4G (tens of kilometers), Mid-band 5G has several km range. High-band 5G has hundreds of meters up to 1.5 km range. Low-band 5G (600 - 700 MHz) giving download speeds a little higher than 4G at the moment: 30-250 Mbps. Mid-band 5G (2.5-3.7 GHz) currently allowing speeds of 100-900 Mbps. High-band 5G (25 - 39 GHz and higher frequencies up to 80GHz) achieves, at the mom Low Star No Open Personal, Single building, Campus, LAN, Software defined WAN (SD WAN) Encryption is evolved from 4G. It is more complex and based on multi-layer & multi-criteria approach. Generally, the level of 5G security is not defined by the number of specified security mechanisms. A multi-stakeholder approach that involves operator Expectations are that 5G will expand boundaries in all domains of modern life such as travelling, driving, production efficiency improvements, smart systems deployment such as smart cities with smart homes, buildings, hospitals, factories, public safety, The first phase of 5G specifications is defined in 3GPP Release 15. 5G is equipped with new air interface that supports heterogeneous access networks and handles variable bandwidths. Packet core network upgrades are also implemented, where traditional and
2 ANT+ Alliance Garmin http://www.garmin.com/en-US https://www.thisisant.com/ 2.4GHz ≈ 30m 12.8 Kbit/s - 60kbit/s Low Peer to peer, Star, Mesh, broadcast, ANT - FS, shared cluster. Yes Open Single Building ANT supports an 8-byte (64-bit) network key and 128-bit AES encryption for ANT master and slave channels. If further security is required, authentication and encryption can be implemented through the application level. ANT devices may use the public net ANT in residential, commercial and industrial sensing, control applications. ANT + predominantly in health and wellness - blood pressure monitoring, fitness, cycling, running, continuous glucose monitoring, emergency response alerts, audio control, hear ANT is a purpose-built ultra-low-power wireless networking protocol operating at 2.4GHz. ANT+ is an implementation of ANT and is an ecosystem of interoperable products built on device profiles. ANT devices may use any RF frequency from 2400MHz to 2524MHz
3 Bluetooth Bluetooth SIG, Inc. https://www.bluetooth.com/ https://www.bluetooth.com/specifications/ http://www.bluetooth.org/docman/handlers/DownloadDoc.ashx?doc_id=40560 2.4GHz ≈ 50m ≈ 2Mbps Medium Scatternet Yes Open Single building Several security modes are recognized in Bluetooth technology, and generally each version of Bluetooth standard supports some of them. These modes are mutually different according to the point of security initiation in Bluetooth devices. Bluetooth devices Bluetooth technology is used for data streaming or file exchange between mobile phones, PCs, printers, headsets, joysticks, mice, keyboards, stereo audio or in the automotive industry. Bluetooth is wireless communications technology based on the IEEE 802.15.1 protocol. Bluetooth technology is supported by 1 master & up to 7 slave nodes, while the number of slave nodes is not limited by specification in BLE networks. In the most recent
4 BLE (Bluetooth Low Energy) or Bluetooth Smart (Bluetooth 5, 4.2) Bluetooth SIG, Inc. https://www.bluetooth.com/ https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx?doc_id=421043 2.4GHz ≈ 100m <1Mbps ≈ (n x 100kbps) Low Scatternet Yes Open Single building In compliance with the Bluetooth Specification Version 5.0, two Security modes are implemented in BLE: Security mode 1 and Security mode 2. BLE security mode 1 has 4 layers: 1) No security (without authentication and without encryption). 2) Unauthenticat BLE technology is nowadays an indispensable part of mobile phones, PCs and other types of devices applicable in gaming, sports, wellness, industrial, medical, home and automation electronics. BLE provides wireless connectivity that enables home automatio It is important to notice that Bluetooth and BLE are not compatible technologies. For example, channel bandwidth in Bluetooth technology is 1MHz and in BLE is 2MHz, number of channels in Bluetooth is 79, while BLE is supported by 40 channels. Moreover, th
5 GSM/GPRS/EDGE (2G), UMTS/HSPA (3G), LTE (4G) 3GPP https://www.3gpp.org/ https://www.3gpp.org/specifications/releases 700/800/8508900/1800/1900/2100/2300/2500/2600MHz ≈ 35km max for GSM and ≈ 200km max for HSPA Typical download: 35-170kps (GPRS), 120-384kbps (EDGE), 384Kbps-2Mbps (UMTS), 600kbps-10Mbps (HSPA), 3-10Mbps (LTE) High Cellular No Open Personal, Single building, Campus, Authentication algorithms were not very strong in 2G networks and were based on master security key . In 3G wireless standard (3GPP based) , the authentication mechanism was enhanced to become a two-way process. In addition, 128-bit encryption and integri 2G offered digital communications. 3G has been generic data cellular mobile technology that provided broadband transmissions. 4G is the first all IP cellular data communication technology with dominant data transfer services and IoT support capabilitie Expectations are that the IoT ecosystem and its evolution support will be the most important criteria for further development of cellular mobile technologies.
6 IEEE 802.15.4 IEEE https://www.ieee.org// https://standards.ieee.org/standard/802_15_4s-2018.html 2.4GHz ≈ 100m ≈ 20 kbps and 40 kbps (BPSK ), ≈ 250 kbps (O-QPSK with DSSS) Low Star, Mesh, peer-to-peer Yes Open Single Building The IEEE 802.15.4 standard protects information at the Medium Access Control (MAC) sublayer of the OSI Reference Model. The implemented cryptographic mechanism in this standard is based on the symmetric-key cryptography and uses keys that are provided by Typical use cases are smart homes and buildings i.e. home security, lighting control, air conditioning and heating systems; industrial automation; automotive sensing; education; consumer electronic devices and personal computer accessories. The IEEE 802.15.4 standard defines the interconnection protocol for the low-rate wireless personal area networks (LR-WPANs). This standard provides short range wireless communications between battery - powered nodes. The power consumption in IEEE 802.15.
7 ISA100.11a ISA https://www.isa.org https://www.isa.org/pdfs/2008-seminar/ISA100_Overview_Oct_2008/ 2.4 GHz ≈ 100m ≈ 250 kbps Low Star, Mesh Yes Proprietary Single Building ISA 100.11a standard is embedded with integrity checks and optional encryption at data link layer of the OSI reference model. Moreover, security mechanisms are provided in transport layer. too. 128 bits keys are used in both transport and data link layers The most important use cases are reliable monitoring and alerting, asset management, predictive maintenance and condition monitoring, open - loop control and closed loop control industrial applications. ISA 100.11a low data rate connectivity is supported with increased security and system management levels. In compliance with best practices, optimal number of nodes in the network is 50-100.
8 6LoWPAN IETF https://www.ietf.org/ https://tools.ietf.org/html/rfc8138 2.4 GHz ≈ 100m ≈ 250 kbps Low Mesh Yes Open Single Building 6LoWPAN has implemented AES-128 link layer security - which is defined in IEEE 802.15.4 protocol. This security mechanism provides link authentication and encryption. Additional security features are enabled by the transport layer security mechanisms ove There are many applications where 6LoWPAN is being used: automation, industrial monitoring, smart grids (enable smart meters and other devices to build a micro mesh network), smart homes and smart buildings. 6LoWPAN (IPv6 over Low-Power Wireless Personal Area Networks), is a low power wireless mesh network. It is specified in IETF standard RFC 8138. Every node in the 6LoWPAN network is embedded with its own IPv6 address. This allows the node (typically sensor
9 LoRaWAN LoRa Alliance https://www.lora-alliance.org https://lora-alliance.org/resource-hub/lorawanr-specification-v11 433 MHz, 868 MHz (Europe), 915 MHz (Australia and North America) and 923 MHz (Asia) ≈ 15km ≈ 0.3-50 kbps Low Star of Stars Yes Open WAN The fundamental properties that are supported in LoRaWAN security are mutual authentication, integrity protection and confidentiality. Mutual authentication is established between a LoRaWAN end-device and the LoRaWAN network as part of the network join p Some representative LoRaWAN use cases are smart homes and buildings, smart city applications and utility companies , smart metering, agriculture, civil infrastructures and industrial facilities as well. LoRaWAN is a Low Power Wide Area Network (LPWAN) technology. It provides wireless, low-cost and secure bi-directional communication for Internet of Things (IoT) applications. LoRaWAN is optimized for long range communication, low power consumption and is
10 EC-GSM-IoT 3GPP / GSMA https://www.3gpp.org/ http://www.gsma.com/iot/extended-coverage-gsm-internet-of-things-ec-gsm-iot/ 850-900 MHz (GSM bands) ≈ 15km 70 kbps (GSMK), 240 kbps (8PSK) Low Star No Proprietary - The EC-GSM- IoT Group is Open to GSMA Members and Associate Members, however all members must positively contribute to the Group's high-level objectives, including promoting EC-GSM- IoT technology and encouraging new service and applicati WAN The EC-GSM-IoT has improved security, compared to the existing GSM/GPRS networks - offers integrity protection, mutual authentication and implements stronger ciphering algorithms. Battery life of up to 10 years can be supported for a wide range of use cases. Coverage extension beyond GSM enables coverage of challenging indoor and outdoor locations or remote areas in which sensors are deployed for agriculture or infrastructure monit Extended coverage GSM IoT (EC-GSM-IoT) is a standard-based Low Power Wide Area technology specified by 3GPP Rel. 13. It is based on eGPRS and designed as a high capacity, long range, low energy and low complexity cellular system for IoT communications. Th
11 LTE-MTC Cat 0 3GPP https://www.3gpp.org/ https://www.3gpp.org/ftp/Information/WORK_PLAN/Description_Releases/ LTE technology frequency bands are used LTE-MTC Cat 0 (700MHz, 800 MHz, 900MHz, 1700MHz, 1800MHz, 1900MHz, 2300MHz, 2400MHz, 2500MHz, 2700MHz). Range is variable and depends on frequency bands, propagation conditions etc. typically it is ≈ 10km ≈ 1 Mbps Low Star No Open WAN System and security management is more complex in LTE-MTC compared to LTE, as there are massive numbers of devices in LTE MTC network. At the same time, the request defined in 3GPP TS 22.368 is "LTE MTC optimizations shall not degrade security compared LTE MTC can be applicable to various use cases including industrial automation and control, intelligent transportation, automatic meter reading, smart electricity distribution and management, smart homes/offices/shops, smart lighting, smart industrial pla LTE-MTC Cat 0 (LTE machine type communications) is determined in 3GPP Rel. 12 specification.
12 LTE-M (Cat M1, Cat M2 ) - eMTC 3GPP https://www.3gpp.org/ https://www.3gpp.org/ftp/Information/WORK_PLAN/Description_Releases/ LTE technology frequency bands are used for LTE-M Cat M1 and Cat M2 (400MHz 450MHz, 600MHz, 700MHz, 800MHz, 900MHz, 1400MHz, 1500MHz, 1700MHz, 1800MHz, 1900MHz, 2100MHz, 2300MHz, 2400MHz, 2500MHz, 2600MHz, 2700 MHz). Range is variable and depends on frequency bands, propagation conditions etc. typically it is ≈ 10km LTE-M Cat M1 ≈ 1 Mbps LTE-M Cat M2 ≈ 4 Mbps DL / ≈ 7 Mbps UL Low Star No Open WAN LTE-M technology offers SIM-based security features requiring device authentication to connect to the network. Although it shares the LTE security standards, security system and management is more complex in LTE-M (eMTC) due to massive connectivity that LTE M (eMTC) technology supports many use cases, like smart cities, smart agriculture, logistics and transportation, industry and manufacturing automation. LTE-M Cat M1 is specified by 3GPP Rel.13 and LTE-M Cat M2 is specified by 3GPP Rel.14. Voice over LTE (VoLTE) is usable on LTE- eMTC communications. Two new features are enabled in eMTC, like extended Discontinuous Reception (eDRX), and Power Saving Mo
13 NB-IoT - Narrowband-IoT (LTE Cat NB1 and LTE Cat NB2) 3GPP https://www.3gpp.org/ https://www.3gpp.org/ftp/Information/WORK_PLAN/Description_Releases/ https://www.3gpp.org/news-events/1785-nb_iot_complete In-band LTE carrier, or within LTE guard bands, or standalone in re-farmed GSM spectrum - 700, 800 or 900 MHz. The 3GPP Release 14 introduced five new FDD frequency bands for NB-IoT: 11 (central frequencies - UL 1437.9 MHz, DL 1485.9 MHz), 21 (central Range is variable and depends on frequency bands, propagation conditions etc. typically it is better than LTE-M coverage. LTE Cat NB1 ≈ 66 kbps (multi-tone) and ≈ 16.9 Kbit/s (single-tone) LTE Cat NB2 ≈ 159kbps Low Star No Open WAN Multilayer security is applied in NB-IoT- network level and application level security, including support for user identity confidentiality, entity authentication, data integrity, and mobile device identification. Some NB - IoT use cases are smart metering (electricity, gas and water), facility management services, security systems, connected personal appliances measuring health parameters tracking of persons, animals or objects, smart city and industrial appliance NB-IoT is is determined in 3GPP Rel. 13 specification (LTE Cat NB1) and 3GPP Rel. 14 specification (LTE Cat NB2). NB-IoT has good indoor coverage and supports a massive number of low throughput end devices - sensors. It has low delay sensitivity, low d
14 Neul Neul http://www.neul.com/neul/ http://www.neul.com/neul/ 900MHz (ISM), 458MHz (UK), 470-790MHz (White Space) ≈ 10km up to 100kbps Low Star Yes Open WAN The wireless communications links between the gateway (base station) and the network nodes are encrypted. The Neul communications technology is a wide-area wireless networking technology designed for the IoT and created to compete against existing cellular communications technologies solutions, applicable to smart metering, facility management services, se Neul leverages very small slices of the TV White Space spectrum to deliver high scalability, high coverage, low power and low-cost wireless networks. Systems are based on the Iceni chip, which communicates using the white space radio to access the high-qu
15 NFC NFC http://nfc-forum.org/ https://nfc-forum.org/our-work/specification-releases/specifications/nfc-forum-technical-specifications/ 13.56MHz (ISM) ≈ 10cm 106kbps, 212kbps, 424kbps Low Point to point No Proprietary Single Building One of the security mechanisms implemented in NFC is Digital Signature (defined in the NFC Forum Signature RTD 2.0) with asymmetric key exchange [RD]. The Digital Signature is a part of the NFC Data Exchange Format (NDEF) message, which includes also a Ce Some representative NFC use cases are ticket confirmation for sports events, concerts, at theaters, cinemas; welfare performances improvement - syncing workout data from a fitness machines with personal user device; personalized content sharing - viewing NFC is a short range two-way wireless communication technology that enables simple and secure communication between electronic devices embedded with NFC microchip. There are three available modes of NFC communication: - Read/write (e.g. for reading tags i
16 RPMA (Random Phase Multiple Access) Ingenu https://www.ingenu.com/technology/rpma/ https://www.ingenu.com/technology/rpma/how-rpma-works/ 2.4 GHz ≈ 70km 100kb Low Star Yes Proprietary WAN Security in RPMA wireless technology is built on 128 b AES. It offers security features such as: mutual authentication, message integrity and replay protection, message confidentiality, device anonymity, authentic firmware upgrades and secure multicasts. RPMA is applicable for many use cases such as asset tracking, agriculture, oil fields automation, environmental monitoring, smart city, fleet management and logistics, industrial automation, connected cars, etc. Before IoT, Ingenu (previously OnRamp) was selling metering infrastructure that collected low power information from electricity meters. Ingenu has created random phase multiple access (RPMA), which uses Direct Sequence Spread Spectrum (DSSS) and is simil
17 IEEE 802.11a/b/g/n/ac Wi-Fi Alliance https://www.wi-fi.org/ https://www.wi-fi.org/discover-wi-fi/specifications 2.4GHZ/5GHz ≈ 50m Different data rates are enabled in IEEE 802.11 family of standards and their theoretical throughput is 11 Mbps ( IEEE 802.11b), 54 Mbps (IEEE 802.11a and IEEE 802.11g), 100 Mbps (IEEE 802.11n) or 300 Mbps (IEEE 802.11ac). High Star No Open Single Building The Wi-Fi Alliance enables the implementation of different security solutions across Wi-Fi networks through the Wi-Fi Protected Access (WPA) family of technologies. Simultaneously with Wi-Fi technology, deployable for personal and enterprise networks, sec Typical Wi Fi use cases are use cases are audio/video streaming applications, centralized management applications, video monitoring ad security systems, etc. Networking of multiple devices such as cameras, lights and switches, monitors, sensors and many o The Wi-Fi represents wireless technology that includes the IEEE 802.11 family of standards (IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, IEEE 802.11n, IEEE 802.11ac, etc.). Within the 50m range, it operates in 2.4 GHz and 5GHz frequency bands. This technol
18 IEEE 802.11ah (Wi-Fi HaLow ) IEEE https://www.ieee.org https://standards.ieee.org/standard/802_11ah-2016.html 900MHz ≈ 900m 347Mbps Low Star No Open Single Building, campus, WAN Security is typically based on WPA 3 protocol with available personal and enterprise solutions. Some representative IEEE 802.11ah use cases are health care, outdoor activities, smart metering, environmental sensing, home security, smart homes and buildings, power management, industrial automation, etc. A Wi-Fi HaLow (IEEE 802.11ah) standard works at 900 MHz frequency band in the USA and significantly improves wireless coverage and energy efficiency as one of the most important features for IoT use cases. Wi-Fi HaLow devices have instant internet access
19 IEEE 802.16 (WiMax) IEEE https://www.ieee.org http://wimaxforum.org/TechSpec 2.3 GHz, 3.5 GHz, 5.8GHz ≈ 50km 40Mbit/s - mobile, 1 Gbit/s - fixed High PMP No Open MAN Different security solutions are enabled in WiMax networks, like Advanced Encryption Standard (AES) with 128-bit key: Rivest, Shamir and Adelman (RSA) with 1024-bit key and Triple Digital Encryption Standard (3-DES).Both Advanced Encryption Standard (AES) WiMax applicability is recognized in wireless MAN deployment, provisioning of Internet connectivity and generic user applications, environmental monitoring, smart cities , telemedicine etc. IEEE 802.16 technology has been put forward to overcome the drawbacks of WLANs and mobile networks. It provides different QoS scheduling for supporting heterogeneous traffic including legacy voice traffic, VoIP (Voice over IP), voice and video streams and
20 HART HART Communication Foundation https://fieldcommgroup.org/ https://fieldcommgroup.org/technologies/hart/hart-technology-detail 2.4 GHz ≈ 200m 250 kbps Low Star & Mesh Yes Proprietary Single Building Communications are always encrypted in a HART network. The network uses a 128-bit AES encryption system. The security manager in the WirelessHART gateway administers three parameters: Network ID, Join key and Session key. In addition to individual sessi Typical HART use cases are process industry monitoring (automotive production process, chemical segments, food and beverage, power generation); process optimization , safety enhancements , environment and health monitoring, maintenance optimization, etc. “HART” is an acronym for Highway Addressable Remote Transducer. The HART Protocol uses Frequency Shift Keying (FSK) standard to superimpose digital communication signals at a low level on top of the 4-20mA. This enables two-way field communication to take
21 Z-Wave Z-wave alliance http://www.z-wave.com/ https://z-wavealliance.org/z-wave-specification/ 915MHz (USA) 868MHz (EU) 30-100m 40kbps (915MHz) and 20kbps (868MHz) Low Mesh Yes Proprietary Single Building Z-wave provides packet encryption, integrity protection and device authentication services. End-to-end security is provided on application level (communication using command classes). It has in-band network key exchange and AES symmetric block cipher algo It is a wireless communications protocol used primarily for home automation. Important Z-wave use cases are smart homes and buildings, smart offices, smart sensors, smart wall switches, smart bulbs, thermostats, windows, locks and security systems, swimm Z-Wave protocol was developed by Sigma Designs, Inc. and determined by ITU G.9959 recommendation. Like other protocols and systems developed for the home and office automation , a Z-Wave system can be controlled via the Internet from a smart phone, tablet
22 ZigBee ZigBee Alliance http://www.ZigBee.org/ https://zigbeealliance.org/wp-content/uploads/2019/11/docs-05-3474-21-0csg-zigbee-specification.pdf 2.4GHz, 915MHz (US), 868 MHz (EU) 30-100m 250 kbps (2.4GHz) 40kbps (915MHz) 20kbps (868MHz) Low Mesh Yes Open Single Building ZigBee is considered to be a secure wireless communication protocol, with security architecture built in accordance with IEEE 802.15.4 standard. Security mechanisms include authentication – authorized access to network devices, integrity protection and en Some representative ZigBee use cases are correlated with smart homes and smart buildings applications, like different smart home gateways, sensors and alarms that are monitoring almost everything - from temperature, humidity, or lighting and movement, sma ZigBee is wireless PAN (Personal Area Network) technology evolved from IEEE 802.15.4 wireless standard and supported by the ZigBee Alliance. IEEE 802.15.4 standard defines the physical and data link layer with all details about the robust radio communicat
23 Thread Thread Group (Google, Samsung, etc.) https://www.threadgroup.org/ https://portal.threadgroup.org/DesktopModules/Inventures_Document/FileDownload.aspx?ContentID=3014 2.4GHz ≈ 30m 250kbps Low Mesh Yes Open Single Building Thread utilizes a network-wide key that is used at the Media Access Layer (MAC) for encryption. This key is used for standard IEEE 802.15.4 authentication and encryption. IEEE 802.15.4 security protects the Thread network from over-the-air attacks origina Thread provides wireless connectivity for home automation via the control of lights – smart bulbs and outlets, smoke detectors, cameras and other security systems, thermostats, utilities measurements, smart digital locks, hubs and controllers, different Thread was designed with the Internet’s proven, open standards to create an Internet Protocol version 6 (IPv6) based mesh network, with 6LoWPAN as its foundation. Thread can securely connect up to 250 devices in a wireless mesh network .
24 DigiMesh DigiMesh https://www.digi.com https://www.digi.com/resources/documentation/digidocs/pdfs/90001506.pdf 2.4GHz/900 MHz (USA)/868 MHz (EU) ≈ 100m 250 kbps (2.4) 40kbps (915) 20kbps (868) Low Mesh Yes Proprietary Single Building or WAN DigiMesh security features are 128-bit AES encryption and 256-bit AES - available on some products, such as XBee3 and XTend. One command (KZ) sets a password that prevents intruders from sending or receiving unsecured remote AT commands. For added securi Some representative DigiMesh use cases are monitoring in food safety, facility and pharmacy domains, supply chains applicability, transportation and logistics, environmental monitoring etc. DigiMesh is a proprietary peer-to-peer wireless networking topology developed by Digi International. The protocol allows for time synchronized sleeping nodes/routers and battery powered operations with low-power consumption.
25 MiWi Microchip Technology http://www.microchip.com/ http://www.microchip.com/design-centers/wireless-connectivity/embedded-wireless/802-15-4/miwi-protocol 2.4GHz, 700MHz/800MHz/900MHz ≈ 300m 20kbps Low Mesh or Star Yes Proprietary Single Building The MiWi protocol follows the MAC security definition specified in IEEE 802.15.4 and is based on 128-bit AES model. MiWi security mechanisms can be categorized into three groups: • AES-CTR mode encrypts MiWi protocol payload. • AES-CBC-MAC mode ensures th MiWi is designed for low-power, cost-constrained networks, such as industrial monitoring and control, home and building automation, remote control, wireless sensors, lighting control, HVAC systems and automated meter reading. MiWi uses small, low-power digital radios based on the IEEE 802.15.4 standard. Although the MiWi software can all be downloaded for free from its official website, it is a proprietary solution that requires use only with Microchip microcontrollers. It was
26 EnOcean EnOcean https://www.enocean.com/en/ https://www.enocean-alliance.org/specifications/ 902 MHz/928.35 MHz/868.3 MHz/315 MHz ≈ 30m (outdoor 300m) 125kbps "Battery Free" Mesh Yes Proprietary Single Building The unique 32-bit identification number (ID) of the standard Enocean modules cannot be changed or copied - it is the protection against duplication. This authentication method already offers field-proven secure and reliable communication in building auto The EnOcean wireless standard (ISO/ IEC 14543-3-1X) in sub 1GHz is optimized for use in buildings, as a radio range of 30m indoors is possible. Enocean representative use cases are smart lighting, temperature and air quality monitoring, positioning and s The EnOcean wireless standard is geared to wireless sensors and wireless sensor networks with ultra-low power consumption. It also includes sensor networks that utilize energy harvesting technology to draw energy from their surroundings – for example from
27 Weightless (W, N, P) Weightless Special Interest Group http://www.weightless.org/ http://www.weightless.org/about/weightless-specification 138MHz, 433MHz, 470MHz, 780MHz, 868MHz, 915MHz, 923MHz ≈ 2km (P), 5km (W, N) ≈ 600bps-100kbps Low (N), medium (W, P) Star Yes Open WAN In Weightless standard AES-128/256 encryption and authentication of both the terminal and the network guarantees integrity whilst temporary device identifiers offer anonymity for maximum security and privacy. OTA security key negotiation or replacement is Typical Weightless use cases are smart metering, vehicle tracking, asset tracking, smart cars – vehicle diagnostics and upgrades, health monitoring, traffic sensors, smart appliances, rural broadband, smart ePayment infrastructure, industrial machine mon The Weightless Special Interest Group (SIG) offers three different protocols— Weightless-N, Weightless-W, and Weightless-P. Weightless-W open standard is designed to operate in the TV white space (TVWS) spectrum. Weightless-W represents a model the Neul
28 mcThings mcThings https://www.mcthings.com/ https://www.mcthings.com/platform/ 2.4GHz ≈ 200m 50kbps Low Star Yes Proprietary Single Building mcThings technology is embedded with 128 bits AES encryption algorithm. Some representative mcThings use cases are asset tracking, industrial automation, maintenance optimization, location monitoring, security systems (theft and loss prevention), status monitoring, agriculture and food industry automation, environmental moni mcThings is a good solution for use-cases that have sets of sensors in some urban areas (neighboring buildings). The technology is power efficient and requires minimal maintenance efforts. Network is expandable with bridges, and sensors have long-life bat
29 LoRa LoRa Alliance https://www.lora-alliance.org/ https://lora-alliance.org/resource-hub/lorawanr-specification-v11 License-free sub-gigahertz radio frequency bands like 433 MHz, 868 MHz, 915 MHz, 923 MHz . ≈ 30km 50kbps Low Star Yes Open WAN Based on security for IEEE 802.15.4 wireless networks, AES encryption with the key exchange is implemented in LoRa. In higher OSI levels built over the LoRa PHY layer, two layers of security are utilized - one for the network and one for the application Typical LoRa use cases are power metering , water flow, gas or similar quantitative monitoring; logistics and transportation monitoring; smart home, office and smart city appliances; environmental sensing like air pollution, flooding, avalanche, forest f LoRa provides wireless, low-cost and secure bi-directional communication for Internet of Things (IoT) applications. LoRa is optimized for long range communication, low power consumption and is designed to support large networks deployment. LoRa is built
30 SIGFOX SigFox https://www.sigfox.com/en https://build.sigfox.com/sigfox-device-radio-specifications The Sigfox technology globally works within the ranges from 862 to 928 MHz ≈ 40km 600bps Low Star Yes Proprietary WAN Security first comes within devices During the manufacturing process, each Sigfox Ready device is provisioned with a symmetrical authentication key. Security is also supported by radio technology. The SigFox technology encryption is designed in collabo SIGFOX applicability potential is great. Some representative use cases are supply chain & logistics automation, manufacturing automation, smart cities, smart buildings and smart utilities & energy management and monitoring, smart agriculture etc. SIGFOX protocol is a patented and closed technology. While it's hardware is open, the network however isn’t and customers must be subscribed to it. Note that while there are strict limitations of SIGFOX in terms of throughput and utilization, it is intend
31 DECT ULE ETSI https://www.ulealliance.org/organization https://www.etsi.org/deliver/etsi_ts/102900_102999/10293901/01.01.01_60/ts_10293901v010101p.pdf 1880MHz - 1900MHz ≈ 300m 1Mbps Low Star Yes Open Single building DECT ULE devices use a combination of general DECT security procedures and ULE specific security procedures. General DECT security procedures are device registration (subscription), device and base authentication, key generation (including keys for ULE us DECT ULE is new technology developed for different IoT use cases like home, office and industrial automation, control and monitoring systems, medical care and security systems. DECT Ultra Low Energy (ULE) is a new technology based on DECT and intended for Machine-to-Machine communications such as Home and Industrial automation. DECT ULE standard has advantages of long distance range, no interference and large data rate/bandwidth
32 Insteon Smartlabs https://www.insteon.com/ https://www.insteon.com/technology#ourtechnology 915MHz ( USA) 869.85 MHz (EU) 921.00 MHz (Australia) ≈ 50m 38400bps - via RF 13165bps - via powerlines Low or battery free (plug-in) Mesh Yes Propriatary Single building Insteon network security is maintained via linking control to ensure that users cannot create links that would allow them to control a neighbors’ Insteon devices, and via encryption within extended Insteon messages for applications such as door locks and INSTEON is optimized for home and office automation and allows networking of different devices like light switches, thermostats, home audio, remote controls, leak sensors, pumps, motion sensors, alarms, HVAC systems, security sensors or different remote c INSTEON allows home automation devices to communicate through power lines, radio frequencies or a combination of both. All INSTEON devices are known as peers. This is because any device can transmit, receive, or repeat the messages from other devices. In
33 RFID RFID https://www.iso.org/standard/73599.html (Example) A number of organizations have set standards for RFID, including the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), ASTM International, etc. RFID standards include: ISO 11784/11785, ISO 14223, I 125 KHz to 134 kHz, 13.56MHz, 433 MHz, 860MHz - 960MHz. 0.01m-10m (depending on the frequency range) 4kbps - 640kbps (depending on the active or passive type of device and frequency range). Low point to point Yes Open Single building The implementation of security mechanisms in RFID technology is based on confidentiality, integrity, and availability. Confidentiality is the information protection from unauthorized access. Integrity is related to data protection from modification and de Radio-Frequency Identification (RFID) is a technology commonly used for identification, status administration and management of different objects. Moreover, this technology is very important for people identification, as it is deployed in the latest biome Commonly, a RFID system has three main components: RFID tag, RFID reader and RFID application software. RFID tags can be active (with microchip, antenna, sensors and power supply) or passive (without power supply). RFID reader is another hardware componen
34 WAVIoT (NB-Fi - Narrowband Fidelity) WAVIoT https://waviot.com/ https://www.cnx-software.com/2016/01/20/waviot-lpwan-technology-powers-low-cost-smart-water-and-electricity-meters/ 315MHz, 433MHz, 470MHz, 868MHz, 915MHz ≈ 50km 10-100bps Low Star Yes Open WAN All WAVIoT data is encrypted bidirectionally from the device to the server using an XTEA 256 bit key block cipher. Typical WAViOT use cases are smart cities, smart buildings, smart metering, utilities monitoring and metering like water, power - electricity, gas, heat, etc. NB-Fi (Narrowband Fidelity) is a narrow band protocol which communicates on the sub 1GHz ISM sub bands. DBPSK is used as the modulation scheme in the physical layer. WAVIoT gateways can provide -154 dBm of receiver sensitivity, and cover over 1 million no
35 DASH7 Alliance Protocol (D7A or D7AP) DASH7 Alliance https://dash7-alliance.org/ https://dash7-alliance.org/download-specification/ 433MHz ≈ 2km 167kbps Low Star Yes Open WAN Similarly to 802.15.4, AES-CBC is used for authentication and AES-CCM for authentication and encryption. Some representative DASH7 use cases are access control, smart energy, location based services, mobile advertising, industry automation, logistics, building access, mobile payments, ticketing, etc. D7A complies with the ISO/IEC 18000-7 standard. ISO/IEC 18000-7 is an open standard for the license-free 433 MHz ISM band air-interface for wireless communications. The 433 MHz frequency provides D7A with long propagation distance and better penetration.
36 Wi-SUN IETF https://ietf.org/ https://tools.ietf.org/id/draft-heile-lpwan-wisun-overview-00.html 470-510MHz, 779-787MHz, 920.5-924.5MHz (China), 863-870MHz, 870-876MHz (EU), 920-928MHz (USA, Canada and Japan) ≈ 1000m 300kbps Low Star, Mesh Yes Open WAN The Wi-SUN security is specified by implementation of the x.509 certificate-based, public-key infrastructure to authenticate devices, as well as Advanced Encryption Standard (AES) encryption and message integrity check. Devices protect their digital cr Some typical Wi-Sun use cases are smart metering, smart cities, smart buildings, industrial automation, environmental sensing, etc. The term Wi-Sun is the short form of Wireless Smart Utility Network. Wi-Sun technology is a successful derivation of IEEE 802.15.4 wireless standard that supports IPv6 protocol.
37 Wavenis Coronis Systems http://www.coronis.com http://www-coronis-com.dyn.elster.com/downloads/Wavenis_Data_Sheet_A4_CS5.pdf 433MHz, 868MHz, 915MHz ≈ 1000m 9.6kbps (433 & 868MHz) / 19.2kbps (915MHz) Low Tree, Star Yes Open WAN Wavenis technology is supported by 128-bit AES encryption. Some Wavenis use cases are different metering solutions (gas, electricity, water, etc.) applicable to environmental monitoring, smart cities, utilities companies etc. Wavenis is a wireless technology created by Coronis in the year 2000. It is developed for ultra low power and long range Wireless Sensor Networks(WSNs). It has become popular due to promotion by Wavenis Open Standard Alliance.
38 MiOTY Fraunhofer Institute for Integrated Circuits & BTI Ltd. Toronto https://www.iis.fraunhofer.de/en/pr/2018/20181016_LV_Mioty.html https://behrtech.com/mioty/ 915Mhz (USA),868Mhz (EU) ≈ 20km 407 bps Low Star Yes Open WAN MiOTY technology implements 128-bit AES encryption. Some MiOTY use cases are optimized maintenance models, inventory optimization for parts, asset management and tracking, condition and environmental monitoring, smart metering, augmented reality innovative applications, product R&D, improved customer suppo MIOTY is a low-power, wide-area network (LPWAN) protocol that is purpose-built for massive industrial and commercial IoT deployments. Fraunhofer’s patented Telegram Splitting – the core of the MIOTY protocol, is designed to provide the scalability and ov
Wireless technology / standard Organization that manages the technology / standard URL of the organization URL of the standard specification Frequency Approximate Range Data Rate Power Draw Topology Requires hub or gateway Proprietary or Open Intended Use Security Common use Comments

Opportunity and Cybersecurity in the Age of 5G

5G Opportunity and Cybersecurity

The human will to innovate is seemingly relentless. The history of our species is one of continual development, with the last 350 years, in particular, representing staggering technological progress.

The first industrial revolution mechanized production using natural elements like water. The second revolution used electricity to enable mass production; the third used electronics and information technology to automate production. The fourth industrial revolution unfolding all around us is characterized by an exponential growth in data production and the merging of the physical and digital.

Cyber-physical systems (CSPs) like the internet of things (IoT) and industrial control systems (ICS) are capable of reading and influencing physical and biological domains. They are the first wave of super-integrated realities that will see objects, systems, and humans connected in seamless and constant communication.

5G will be fundamental to this world; it is difficult to overstate this emergent technology’s importance. Though it is technically the next stage in the development of wireless networks, the 5th Generation of cellular is also nothing like its preceding four generations. As a symbol of what is to come, it straddles the physical and virtual realms, resting on physical infrastructure but operating completely in the cloud.

This evolutionary leap into the digital ether will redefine the nature and potential of communications networks. Suddenly, radical applications like autonomous vehicle operation and remote surgery and drone-operated warfare move from the conceptual to the practical.

In just the next few years we will see 5G unlock new possibilities in almost every industry, from healthcare to public safety to domestic leisure to travel, childcare, shipping, manufacturing and even warfare.

5G will change everything.

But in order for the shift to proceed safely, we will need to rethink how we approach cybersecurity. 5G is not the same as 4G or 3G. What worked in the past will not work in the future.

Two sides of the same network

Significant data breaches have been a genuine cyber threat for some time, but recently these attacks have moved into the cloud. With 5G these dangers increase in complexity, scale, and magnitude.

The reasons for this are the same as those that make 5G so powerful.

5G is very very fast. With a theoretical top speed of 20 Gbps it is up to 200 times faster than 4G. 5G also has breathtakingly low latency (the time it takes for a system to receive a response to a request). The average human reaction time to a stimulus is 250 milliseconds (ms). Most humans perceive 100ms as instantaneous. 5G’s reaction time is 1ms.

5G is able to produce these sensational results because it is an all-software cloud-based network operated through distributed digital routers. It is a decentralized system that optimizes processing speed and power by relocating operations to the fringe.

This is a revolutionary system with almost limitless possibilities, but it is also vulnerable.

Because software is inherently hackable a network, like 5G, built on software engineering is by definition open to hacking. Also, many of these software functions will be operated by AI, which is itself prone to hijacking. Take control of the AI and you take control of everything it operates.

Imagine the repercussions of a cyber attack in civic environments where AI is likely to look after traffic management and fleets of self-driving cars.

3G and 4G networks are more centralized, making it easier to conduct cyber hygiene. 5G’s edge computing decentralizes processing, moving it away from the ‘core’ of the network to the data source. This is partly what makes 5G’s sub-second latency possible, but it also makes the network harder to police.

The potential attack surface available to cyber-criminals also expands drastically under 5G. It’s connection capacity – up to one million devices per square kilometer – relies on a dense infrastructure which creates many times more network entry points for hackers.

Network slicing, another highly-anticipated feature of 5G networks, is in its infancy. We still have much to learn and understand about this ability to create multiple virtual networks on top of a common shared physical infrastructure. It is already clear, however, that cybersecurity will be a new challenge as each virtual network slice could demand unique security capabilities.

But the security risks related to 5G are not only embedded in the network, they are also born from what 5G enables.

Everything is connected

The internet of things (IoT) already connects billions of devices, chips, and sensors, everything from smart cars to children’s toys. In a 5G world, the IoT will grow exponentially to a massive internet of things (mIoT) that includes sub-domains such as the industrial internet of things (IIoT) and civic internet of things (cIoT).

The recent tech war between the US and China has centered on the purported vulnerability of Chinese companies’ technology. Products from firms like Huawei stand accused of having ‘back doors’ built into them to allow foreign agents to hack into devices and spy on their owners.

Whether this is true of Huawei or not, it is credible scenario. Even basic devices can, without our knowledge, be turned into microphones or cameras by someone who gains remote access. But infringements of personal privacy are relatively small concerns when measuring the potential fallout from the 5G mIoT.

Through 5G, smart cities will become truly possible for the first time: billions of devices with multiple application types. The attack vectors become limitless. Furthermore, products developed with short-term profit-focus are being designed as iterative models, always released as a minimum commercially-viable product. They have no baked-in protection against hackers. Security is almost impossible.

When hackers or cyber terrorists manage to compromise the systems that keep a smart city or smart factory or smart port functioning, the consequences are large-scale and a threat to physical life. When water supply, power supply, traffic management, waste removal or connectivity are disrupted, humans suffer.

Cybersecurity cooperation

5G is poised to become the most critical of critical infrastructures. Though consumer benefits like real-time gaming and lightning-fast movie downloads currently occupy the attention of the media, the real value of 5G will be felt in much bigger systems. Healthcare, transport, food and agriculture, energy, defense – each of these sectors will be revolutionized by 5G.

However, without sufficient consideration paid to cybersecurity, 5G networks could deliver as much pain as they deliver pleasure. Security cannot be an afterthought – it needs to be built into 5G from the ground up or we risk too much exposure to incursions by cyber attackers.

The US National Security Telecommunications Advisory Committee (NSTAC) recently told President Trump that, “The cybersecurity threat now poses an existential threat to the future of the nation.”

Implementing this level of security will require collaboration and organization. In most western countries, licenses to deploy 5G are granted to numerous operators. With diversity comes less alignment.

For 5G to deliver on its promises we will need to see improvements in public policy, corporate alliances, and potentially more public-private partnerships. Governments and businesses will need to work together to establish policies and operational agreements that protect free-market capitalism while guaranteeing the safety of our citizens.

Technology is changing at an exponential rate. Cybercriminals and cyber terrorists know this and take advantage of it. When 5G comes online the battlefield opens up. We need to act now in an agile and co-ordinated fashion if we hope to make the coming decades the prosperous ones the world deserves.

The Quantum Computing Threat and 5G Security

Quantum Computer 5G Security
Quantum Computer 5G Security

Recently, in the science journal Nature, Google claimed ‘quantum supremacy’ saying that its quantum computer is the first to perform a calculation that would be practically impossible for a classical machine. This quantum computing breakthrough brings us closer to the arrival of functional quantum systems which will have a profound effect on today’s security infrastructure. How will quantum computing affect the security of 5G technologies currently being developed and deployed?

Last spring we suggested that the emergence of quantum internet connectivity and computation, expected sometime in the next decade, poses numerous new cryptography and cybersecurity challenges for 5G security.

MIT offers an explainer on the nascent status of powerful quantum computers, how they work, and where they might provide practical value first. While quantum computers are not expected to replace classical supercomputers for most tasks and problems, they will leverage the “almost-mystical” phenomena of quantum mechanics to produce amazing advances in fields such as materials science and pharmaceuticals.

The secret sauce of quantum computing, which even Einstein called “spooky,” is the ability to generate and manipulate quantum bits of data or qubits. Certain computational tasks can be executed exponentially faster on a quantum processor using qubits, than on a classical computer with 1s and 0s. A qubit can attain a third state of superimposition of 1s and 0s simultaneously, encode data into quantum mechanical properties by “entangling” pairs of qubits, manipulate that data and perform huge complex calculations very quickly. The fundamental challenge is to build a sufficiently high capacity processor capable of running quantum algorithms in an exponentially larger computational space.

The Breadth of the Quantum Threat to Cybersecurity and 5G Security

It is anticipated that quantum computers will be capable of breaking 99% of the encryption used to protect today’s enterprises, financial systems and governments. Primarily this comes from the incredible multiple processing capabilities which enable quantum computers to use algorithm’s and mathematical formulae such as Shor’s algorithm to break down extant cryptographic protocols.

The security of hundreds of billions of dollars in e-commerce transactions is at stake. This security vulnerability also applies to data stored on a digital blockchain. Even more importantly, the integrity of communication controlling critical infrastructure cyber-physical systems could be threatened with resulting impacts potentially threatening lives, well-being and the environment. Encryption in wide use today is unbreakable only because of the massive amounts of time, measured in hundreds or thousands of years, that it would take existing supercomputers to break the underlying mathematical codes.

A May 2019 study by a Google researcher in California and one at the KTH Royal Institute of Technology in Sweden, shows that quantum technology will catch up with today’s encryption standards faster than expected and should greatly concern any public or private organization that needs to store data securely for 25 years or more.

The impending arrival of quantum code breaking capability means that nation states and their military operations, as well as business enterprises, will need to upgrade to quantum-resistant hardware and cryptography to safeguard their data before full-scale quantum computers become available.

Securing classical encryption protocols against quantum technology-equipped adversaries requires a whole new level of effort and care. At the same time, quantum devices already available can also be used to improve cybersecurity by achieving tasks such as very secure secret key expansion.

While quantum computing is likely within the next decade or so, deployment of 5G-network infrastructure is much more imminent and 5G equipment has a service life that extends well beyond the arrival of quantum computing putting 5G security at risk. Telecommunications companies now building 5G infrastructure, along with related mobile IoT systems, rail transit digitization projects, smart manufacturing processes, and smart cities, are all currently investing in technology with expected service lives measured in decades. So, all of that equipment must be quantum resistant to remain secure well into the future. The more insecurities are left in the foundational architecture of 5G the more expensive and time-consuming it will be to plug up the quantum-related security vulnerability gaps in the future.

Additionally, industrial and civic Internet of Things (IoT) networks, increasingly being connected through 5G, have exponentially larger attack vectors and will be highly vulnerable unless they are designed to be quantum safe. That means that civilian government agencies and IT and communications stakeholders need to address the risks now and upgrade to some form of quantum resistant encryption. Doug Finke, a quantum industry analyst, has warned of the need to upgrade 10-20 billion devices with quantum resistant encryption, given that most of today’s online encryption will be vulnerable to quantum enabled hacking. One example of a telco that’s proactive on post-quantum infrastructure is SKTelecom, South Korea’s largest mobile operator, which has already developed Quantum Key Distribution (QKD) technology for its 5G network. It has also partnered with Telefonica, BT, Toshiba and ID Quantique to create a global quantum key ecosystem. The fact that some of the most advanced competitors in the field such as SKTelecom have already developed such measures should be yet another serious warning sign to those who haven’t considered the issue yet.

Another challenge is that the security of historical data, and even data generated in 2019-2020 or later, could be broken retroactively whenever quantum computers power up. If somebody intercepts encrypted messages today, they could decrypt them using quantum computing down the road. In fact, unknown bad actors may be downloading encrypted data in a “harvest now, decrypt later” scheme that could compromise military weapons systems, and personally identifiable information (PII) like SSNs and personal health records. Secure private data storage is pretty cheap, so such schemes are totally realistic. Today’s harvesters in fact, could be stockpiling databases for sale in the future to the highest bidder among adversarial nation states and terrorists or other criminal organizations.

So if you are building infrastructure today, such as the 5G infrastructure, and promising secure messaging, quantum computing is another security threat to think about. You may want to consider using hybrid classical and quantum resistant encryption that would force hackers to break both types of cryptography before they could gain access to protected data.

Current Advances in Quantum Computing

These threats are becoming more real and urgent with breakthroughs happening in quantum laboratories. Recently, in the science journal Nature, Google claimed ‘quantum supremacy’ as it showed off its Sycamore chip, that can work like a quantum computer should, performing a calculation in a few minutes that it says would take the fastest classical computer 10,000 years. Google’s Alphabet CEO Sundar Pichai boasted about the multiple layers of systems engineering that required, saying “its as complicated as it gets from an engineering perspective.” He’s excited about being ‘only one creative algorithm away’ as the Nature paper describes it, from valuable near term applications that will help us understand the chemistry and physics of nature better by simulating molecules and molecular processes. Potential uses cases include designing better batteries, more effective medicines and responses to climate change.

IBM, which has its own 53-qubit processor, disputed Google’s claim of quantum supremacy and asserts that a simulation of the task performed by Google can actually be done in 2.5 days on a classical computer such as the one at Oak Ridge National Laboratories in Tennessee, so technically that threshold of ‘supremacy’ has not yet been reached. IBM didn’t actually run simulations, but based its own estimate on a theoretical model. Irrespective of these claims from IBM, the practical reality is that lowering the time needed for a supercomputer from 2.5 days to a few minutes or hours doesn’t change the cryptographical security issue – it merely limits its scope to bigger and more important targets.

A computer science professor at the University of Texas, Austin published an editorial in the New York Times on October 30th explaining quantum supremacy, and characterizing the Google demonstration as ‘a critical milestone’ on the path to quantum computing.

The search giant’s progress in quantum computing is undeniable even though practical uses of it at this point may be limited to verifying randomness of numbers for crypto keys. IBM agrees that “building quantum systems is a feat of science and engineering, benchmarking them is a formidable challenge” and concedes, “Google’s experiment is an excellent demonstration of the progress in superconducting-based quantum computing.” IBM similarly predicts quantum breakthroughs that boost machine learning, simulation and optimization. These capabilities may enable design of new materials, innovative business models and transformation of global supply chains. IBM suggests that hybrid quantum-classical computer architecture will emerge to “outsource” portions of difficult problems to a quantum computer.

IBM also observes that the concept of quantum computing is inspiring a whole new generation of scientists, including physicists, engineers and computer scientists to transform information technology. It is collaborating with San Jose State University on providing students with the skills needed for high tech jobs of the future, including in quantum computing.

Meanwhile, David Poulin, co-director of the quantum information program at the Canadian Institute for Advanced Research says that Google’s recent progress “is not a technology milestone, it’s a scientific milestone.” Google’s quantum hardware researchers are talking with their company’s security experts about adapting the Sycamore experiment to create random numbers for encryption keys. They are also testing whether Sycamore-like chips might help machine-learning algorithms to generate useful virtual reality images of things like natural weather phenomena and manufacturing processes.

IBM, Intel, Google and start-ups Rigetti and in Canada, D-Wave already have developed processors with up to 53 qubits, and can envision scaling up to hundreds or thousands of qubits. But apparently it will take quantum computers with more like a million qubits to accomplish full error checking and practical usefulness. D-Wave announced last month that it will house its first Leap quantum cloud-based system outside North America in Julich, Germany to serve researchers and app developers in Europe. Chinese tech and internet firms like Alibaba Group Holding, are also ‘all-in’ on developing similar quantum machines. Meanwhile, the NEC Corp of Japan, though an early leader in quantum computing technology, long ago ceded the field to others.

What is Required for Quantum Resilience?

Currently, post quantum cryptography usually involves public key algorithms that are considered secure against quantum attack. However, the most popular public-key algorithms are vulnerable to a strong quantum computer running Shor’s algorithm to solve the mathematical problems that created the security in the first place. By contrast, symmetric cryptographic algorithms and hash functions are thought to be relatively secure against quantum attacks. Cryptography researchers are always trying to prove the equivalence of a cryptographic algorithm and a known hard math problem. These proofs are known as ‘security reductions’ and they demonstrate the difficulty of cracking the algorithm.

Let’s explore the current state of practice in quantum resilience, which includes six different techniques: hash-based, code-based, lattice based, multivariate, supersingular elliptic curve isogeny and symmetric keys.

The downside of hash-based systems is that for any hash-based public key, there’s a limit on the number of signatures that can be signed using the corresponding set of private keys. They are meant either for one-time use or ‘bounded in time’ signatures. However, universal one-way hash function (UOWHF) hashing can be used for an unlimited time. The Post Quantum Cryptography Study Group (PQCSG), sponsored by the European Commission recommended use of the Merkle signature scheme for quantum protection, according to Wikipedia. NIST is expected to certify quantum safe hash-based algorithms before the end of this year.

Next, code-based systems rely on error-correcting codes, in which only the legal user who knows the algebraic structure of the code can remove those errors and recover ‘cleartext’. The PQCSG recommended the code-based McEliece public key encryption (PKC) system for long-term protection against quantum attacks, according to Wikipedia.

Lattice-based PKCs is a promising field of research. Actually, it is the most well understood and longest studied family of hard math problems. It has been studied since early 1800s providing lots of insights about what could and could not be achieved with lattices. Because of that and the versatility of cryptographic schemes lattices allow us to build, this field is the most promising for development of quantum-resilient cryptography. The PQCSG proposed one variant of a lattice-based encryption scheme in particular, the Stehle–Steinfeld variant of NTRU, to be studied for standardization.

Several scholarly articles on supersingular elliptic curve isogeny cryptography are available. This technique relies on mathematical graphs of curves to create a quantum resistant key exchange that can serve as a replacement for the key exchange methods in widespread use today. It offers forward secrecy, which is viewed as helpful in blocking mass government surveillance, and to prevent compromise of long-term keys. Chinese researchers have led the way on this approach.

Multivariate public-key cryptography takes advantage of the difficulty of solving multivariate equations, and systems such as one called “Rainbow” could lead to a quantum secure digital signature.

Finally, symmetric secret-key cryptography or QKD, is a system that uses the same key to encrypt and decrypt data. All parties involved have to know the key to be able to communicate securely – that is, decrypt encrypted messages to read them and encrypt messages to send. Given large enough key sizes, some of today’s symmetric key cryptographic systems are resistant to attack by a quantum computer. The firms currently offering QKD systems are: ID Quantique (Geneva), MagicQ Technologies (New York), Quintessence Labs (Australia) and SeQureNet (Paris).

Inside Quantum Technology, which recently hosted a conference at the Hague in the Netherlands, will be hosting another conference bringing together quantum researchers and businesses in New York City on April 2-3, 2020. If you are interested in this field, you should consider attending.

What Governments are Doing and/or Should be Doing to Address the Quantum Threat

Identifying the right approaches to network security in a post quantum world will require leadership from governments and extensive and sustained collaboration among commercial and public sector enterprises, including major research universities and nationals labs. Critical infrastructure such as transportation systems, power grids and smart cities must be designed to be quantum safe. The upcoming most critical of critical infrastructures – the 5G infrastructure – should as well. All levels of governments should come to terms with this 21st Century reality.

The U.S. National Institute of Standards and Technology (NIST) aims to come up with post quantum cryptographic standards by 2022, and this year it’s judging second-round candidates for the best hash-based quantum resistant algorithms. It is considering two categories of algorithms: those establishing keys that allow two parties who don’t know each other to agree on a shared secret, and those involving digital signatures that verify the authenticity of data. The process has been described as competitive, but NIST is also encouraging cooperation among participants.

In Canada the National CyberSecurity Strategy: Canada’s Vision for Security and Prosperity emphasizes the need to prepare for increasingly sophisticated threats to the IT systems that both critical infrastructure and government rely on to support economic prosperity and public services. It mentions the risk of aforementioned malfeasance in data storage of encrypted data for later quantum-enabled decryption. It also promotes investment in commercialization of practical QKD, including satellites and ground stations as well as software, applications and related up skilling of cybersecurity personnel.

The Canadian government put out a bulletin in May 2019 to help its IT security authorities understand the risks associated with the quantum threat. It mandates they undergo quantum risk assessment that covers reliance on asymmetric public key cryptography, and current and future creation, management, handling and storage of classified information with medium or long-term lifespans.

Quantum safe encryption and innovation in the military should be a priority of all major national governments. Quantum devices could reduce military dependence on space-based satellite systems for critical position, timing and navigation in GPS-denied environments. The Pentagon’s Mike Griffin, Under Secretary of Defense for Research & Engineering, testified before the U.S. Congress earlier this year that that there’s “justifiable optimism that quantum clocks, magnetometers and inertial navigation sensors could be available in just a few years.” The Defense Department’s work with the National Science Foundation, the intelligence community and others is focused mainly on deployment of quantum clocks and development of sensors.

The U.S. Naval Research Laboratory announced in June that it developed a new technique that squeezes quantum dots to emit single precision photons (particles of light) and tune the wavelength of the quantum dots. This technique could accelerate the development of quantum information technologies for computation, communications and sensing, including ‘neuromorphic’ brain-inspired computing based on a network of tiny lasers.

The Challenge of China

As a leader in the development of quantum computing for military applications, China is raising the risk of a global quantum arms race. It launched the world’s first quantum satellite as part of a “megaproject” in 2016, thereby positioning a key building block for a secure quantum communications network. The U.S. Defense Department sees recent Chinese advances in military spending and technology, including quantum communications and computing, as a distinct threat to national security. Improved detection of stealth weaponry and submarine navigation are among the more specific concerns. This competition in the quantum field represents another major global technology race running in parallel to the global technology race around terrestrial commercial 5G networks.

A Pentagon official recently gave a speech at the Center for Strategic and International Studies in Washington in which he warned that China’s plan for quantum technology, including standards setting, has implications for U.S. national security. He urged greater USG cooperation with its allies and more investment in R&D on quantum computing, along with other new technologies.

A significant theme in Europe, meanwhile, is that all groups, including research institutions, academia, industry, other enterprises and policy makers should work together to bring quantum technologies from the lab to the market. The so-called Quantum Flagship of Europe is striving to make it a dynamic and attractive region for innovative research, business and investment in quantum technologies.

Quantum and 5G Security Conclusion

Advances in quantum technology are accelerating currently, though the field of scientific study dates back to the late 1990s. Along with exciting new capabilities that will serve humanity in general, quantum computing also ushers in an era of expanded risks to businesses trying to protect their commercial data, and to governments trying to protect their civilian databases and military secrets. Quantum hacking threats will drive a whole new level of digital IT security measures, including post-quantum encryption, authentication and data hygiene among those who are smart and proactive enough to embrace them.

Those who haven’t yet considered the issue or haven’t planned out their path to quantum-proof cryptographic protocols implementation may find themselves caught with their proverbial pants down. They might be forced to undertake immense, expensive, difficult and perhaps unsuccessful efforts to limit their exposure to mainstream quantum computing capacity. For those working with programs and architecture which will be foundational and last many years in their service of technological infrastructure such as the 5G networks, or critical infrastructure cyber-physical systems, have to be more aware of the issue than almost any others in the technology field for they will have the most to lose and have the most difficult time in limiting their exposure once quantum computing arrives.

IIoT and Trust and Convenience: A Potentially Deadly Combination

IIoT 5G Trust Security
IIoT 5G Trust Security

When microwave ovens first arrived on the market in 1967 they were met with public skepticism. Perhaps it was because, not long before, the same technology now promising to safely cook consumers’ evening meals was the backbone of a military radar. Perhaps it was the $495 price tag (more than $3,700 in today’s money).

Whatever the reason, in the early 1970s the percentage of Americans owning a microwave was tiny. By 2011, it was 97%. What changed?

Trust and convenience.

When microwave technology was first released, it was difficult to trust. Cooking without using heat? It was simply too alien. In 1973, Consumers Union stated that microwave ovens couldn’t be considered safe because there was no solid data on safe levels of radiation emission.

In a 1974 New York Times interview, Leonard Smiley, Consumers Union’s appliance division chief declared, “We see no reason to change our minds, but we are always open to changing it when additional data comes in.”

And that’s what happened between 1974 and today – data convinced consumers that the technology could be trusted. At the same time, the public was motivated by the incredible convenience that the microwave oven offered.

Today, that hunger for convenience is driving the exponential growth of the internet of things (IoT) and the almost unquestioning adoption of this technology among consumers. This time, however, it is not matched with trust. A 2017 Cisco study found that, while 53% of respondents felt that IoT devices made their lives more convenient, only 9% trusted the tech.

Astonishingly, though, despite this lack of trust almost half of survey participants said they were not willing to disconnect from their IoT equipment and services. They were prepared to take the risk. Because IoT devices were already so integrated into their lives that they couldn’t imagine parting with them.

There is something unsettling in the paradox of low trust and high attachment. It runs counter to all our better instincts. When people admit that they don’t trust technology but refuse to do without it, they are complicit in willful denial.

What makes the Cisco research even more perturbing is that the ‘risk’ that the survey respondents referred to was a danger to privacy and personal data. Of course, those are legitimate concerns, but in the multi-vector landscape of IoT, there are far bigger threats than stolen identity.

Let’s get physical with IIoT

One of the reasons the IoT habit is so hard to kick is that these devices have a physical impact on our world. They take the digital and make it manifest in functional tools that we experience as lights that dim at the sound of our voice, watches that tell us our heart rate is too high, fridges that tell us we’re out of milk, or cars that warn us of other vehicles.

These are cyber-physical systems (CPSs). They cross the threshold between the digital world and the physical one, which is what makes them so useful to those seeking greater convenience.

But it is also what makes them so potentially dangerous. CPSs have the potential to affect their surroundings, but unlike strictly mechanical systems they also have the potential to be hacked. Those that control the cyber can then control the physical, with possibly lethal consequences.

As far back as 2015, Charlie Miller, a security researcher at Twitter, and Chris Valasek, director of Vehicle Security Research at IOActive, proved the havoc that could be wreaked by hackers commandeering CPSs. In a now-famous exercise for Wired magazine, the duo used remote access to hack into a car driving on the highway. From 10 miles away they were able to control the vehicle’s air conditioning, radio, windscreen wipers. But they were also able to cut the engine and take over the steering.

Now imagine the same scenario extrapolated across a network of driverless cars traveling at over 100 miles an hour in perfect precision. The damage that could be done in an instant by cyber attackers who infiltrate the network, or even just one car, is harrowing to consider. That is the nature of cyber-kinetic risk.

The Mirai distributed denial of service (DDoS) attack of 2016, which brought down internet connectivity across a large part of the US east coast, is an early example of how IoT devices may be used to significantly impact public well-being. It’s not hard to predict some of the damage that could be done in smart cities where water, waste and critical services rely on effective cyber systems.

However, the major weight of IoT cyber-kinetic risk rests outside the consumer product domain. The industrial internet of things (IIoT) is growing quickly as more and more companies seek to access the business value of connected devices and systems in industries as diverse as mining, manufacturing, and energy.

Marx and the machines and the IIoT

German philosopher-economist Karl Marx famously pointed to ownership of the means of production as the primary cause of stratification in society. The wealthy, independent bourgeoisie, he said, own the means of production while the proletariat work to keep those institutions operating profitably.

Marx believed that this distinction between the classes leads to progressive deterioration of living and working conditions for the proletariat, with revolution being the inevitable result. Today, there certainly is a revolution underway in the way goods are produced, but it has less and less to do with the worker.

When people talk about the internet of things they are almost always referring to gadgets and electronic products. They are talking about smart watches, smart phones, smart homes, smart meters, even smart toys. It seldom occurs to people, however, that all of these products are produced somewhere, and that those production processes themselves are being redefined by the IIoT.

Smart robotics, intelligent warehousing, remote AR-driven management of industrial machinery, self-driving trucks and tractors – the footprint of IIoT devices and technology in primary and manufacturing industries is growing rapidly. Companies have moved beyond automation to leverage the profound business value of real-time connectivity.

Entire factories of robots talking to each other via the cloud are able to build a car every 77 seconds. Shipping companies use IIoT chips and sensors to constantly optimize transport routes and delivery schedules, soon to be carried out by autonomous ships. IIoT-linked wearables are used to keep workers safe by, for example, using real-time biometric data to help avoid workplace fatigue and preempt accidents.

There is some irony in this. Though the IIoT can legitimately contribute to better health, safety, and environment (HS&E), without sufficient attention paid to security it could also turn out to be the single biggest risk to HS&E and human life.

The devil in the detail

Accenture estimates that the IIoT could add $14.2 trillion to the global economy by 2030. Businesses are eager to claim their slice of this cyber-physical pie. Through better efficiencies, greater economies of scale, higher outputs, and lower OPEX the IIoT will change the fabric of the industrial world.

The key to this potential success is interoperability. According to McKinsey, interoperability – the ability of systems or elements of systems to function harmoniously and in unison – is required for 40 percent of potential value across IoT applications, nearly 60 percent in some settings.

This makes intuitive sense. The IoT is an ecosystem, a cyber-kinetic network of chips, sensors, devices, software, communication services, all working together digitally to make physical things happen. No single technology can provide a total solution. With so many devices produced by many different manufacturers from many different countries representing many different regulatory perspectives, just getting the various nodes in an IIoT network to talk to each other is an achievement.

Getting them to do so safely is another matter entirely.

Many industrial organizations are embarking on massive digitization campaigns without knowing how to secure IIoT. In the race for a competitive advantage they are proceeding quickly, sometimes rashly and without sufficient prudence. Most companies are familiar with, and pay close attention to, the due diligence required to satisfy compliance regulations. However, regulatory specifications for IIoT are still in their infancy.

Without these frameworks, companies are often not motivated to ensure that their IIoT systems are secure against cyber attacks. Often they assume or hope that device vendors have paid enough attention to cybersecurity, but this is rarely the case. In an intensely competitive market, most vendors are focused on getting their products in front of potential clients as quickly as possible. Cybersecurity is usually an afterthought or, even if attention is paid to security through the device’s design and manufacturing, most producers do not have expert cybersecurity knowledge. Even with the best intentions, their security systems prove to be insufficient.

The results of cyber attacks on IIoT could be catastrophic. First, there is the immediate concern for the safety of workers and employees on the industrial front lines. When ships, trucks, machines, entire processing plants or even personal equipment can be hijacked with malicious intent, the physical danger to humans is high.

Then there is a broader concern: industrial systems are at the heart of primary infrastructural networks like energy grids and rail, road or marine transport. The massive scale of devices that will make up these networks as IIoT comes more online means that the number of attack vectors becomes almost unmanageable. Each of these vectors is a potential gateway into the wider network – bring any of those major systems down and a country can be brought to its knees.

There are, however, steps that can be taken:

Practice better cyber hygiene

This seems obvious – any business not already prioritizing cybersecurity is unlikely to survive the 21st Century – but it needs to be emphasized. The landscape of cyber threats is moving constantly and quickly. The technology being targeted and the technology being used for targeting are evolving exponentially. Staying on top of this is not a once-off or annual review process. Businesses need to be constantly refining their processes, procedures, and protocols.

Understand IIoT and HS&E

As evidenced by a recent announcement by Business Roundtable, the purpose of corporate business is being redefined by shifts in public and private expectations. Shareholder primacy is no longer the number one consideration, all stakeholders need to be considered in the purpose and operation of business, including customers, employees, suppliers, communities and shareholders.

Now more than ever businesses have a duty of protection to their employees and those that their business activities impact. For industrial companies, there is an additional responsibility in the emergent risks posed by IIoT. As these organizations move into greater IoT enablement, it is critical that they work with HS&E and cybersecurity professionals jointly to interpret and plan for imminent threats. This is a new territory and very few businesses are equipped to navigate it alone.

Engage government and regulators

In IIoT companies are often working with devices that have been manufactured in one country (sometimes several), sold in another, and used in yet another. In addition, the software and telecommunications service providers that give life to these devices are also distributed across the globe. Though some international standards exist, there is insufficient alignment in policy and regulation to ensure that IIoT cybersecurity is enforced.

Governments and regulators need to work more strategically in developing cross-border and cross-industry frameworks to manage IIoT’s inherent danger to the public. Business, however, needs to be more proactive in this regard. Rather than seeing policy something that is applied to them, organizations need to see it as a co-creative process. Only by combining the experience and expertise of regulators, cybersecurity experts, and the companies that are dealing with these issues on a daily basis can we hope to devise effective policies and regulations.

Assign end-to-end accountability

Any large-scale industrial digitization project requires the participation of multiple role players, including the buyer, a large number of different IoT vendors, systems integrators and software developers, process change specialists. It is a long chain and the more links there are the greater the potential for cyber insecurities to manifest.

One of the easiest and most impactful things a buyer can do to limit exposure to cyber risk is to make one party accountable for end-to-end cybersecurity implementation and management. This may be the buyer itself, a systems integrator or a cybersecurity specialist, but having a holistic view of the operation and its parts is critical to effective threat management.

The biggest mistake I see with my clients is that no one is accountable for cybersecurity because everyone assumes that someone else will do it. And they don’t want to take on that responsibility. It is more convenient to ‘trust’ that the problem is taken care of, though it seldom is.

Cyber vulnerabilities most often happen in gaps between accountabilities.

5G Network: A Quantum Leap in Connectivity – and Cyber Threats

5G Connectivity Security
5G Connectivity Security

The timeline of human history is marked by inflection points of major technological advancement. The plow, the printing press, the telegraph, the steam engine, electricity, the telephone, the internet: each of these breakthroughs precipitated tectonic shifts in how people lived and worked. Now, in the early part of the 21st century, we stand witness to the birth of a new industrial revolution built on 5th generation cellular technology – 5G network.

As the name implies, 5G network follows a developmental chain. First came 1G, the first generation of cellular communication that freed us to make voice calls without being tethered to a physical phone connection. Then 2G augmented this by adding data services like SMS and MMS. 3G gave us access to mobile internet, video calling and other data-heavy services. 4G, the highest standard commercially available at the moment, has enabled high-speed data services like HD mobile video and real-time gaming.

In one sense 5G network is the next step in this evolution. It continues the trend towards higher and higher data speeds and greater connection density.

However, 5G is much more than that. It is a reconceptualization of what a communications network looks like. It is not, as the previous four generations were, rested in physical architecture. While there is new hardware, 5G is first and foremost a virtual network through which the boundary lines of physical and cyber reality will become increasingly blurred.

The latent potentials of 5G network are as endless as the applications that can be built on it. From healthcare to public safety to domestic leisure to travel, childcare, manufacturing and even warfare, 5G will change everything. It, together with IoT and AI will be one of the single biggest technological leaps our species has seen.

But with this tremendous power comes tremendous risk. 5G network is not the same as 4G or 3G, nor can we view the cybersecurity of 5G in the same way as we did with previous network generations. As we move into an era of driverless cars, autonomous factories and ubiquitous drones, we need to think differently about how we secure our networks.

New tech, new cybersecurity dangers

A 2018 study of more than 1000 senior managers and C-suite executives in Western Europe, the Middle East and Japan found that the top business priority for senior leaders globally was cybersecurity. It’s not difficult to see why. Significant data breaches are becoming more commonplace, exposing corporations to material losses of shareholder value, investor confidence and customer faith.

A recent example is the hack of Capital One that saw the theft of more than 106 million customers’ personal information. What was especially pertinent about this attack, though, was that it was conducted on cloud-based data stores, not physical servers. The Capital One incursion has raised concerns about the safety of sensitive information in the cloud, but with 5G these dangers increase in complexity, scale and magnitude.

The reasons for this are the same as those that make 5G such a thrilling prospect for human development.

Firstly, 5G network is fast. Very very fast. Whereas 4G tops out at 100 Mbps, 5G’s theoretical top speed is 200 times faster at 20 Gbps. Secondly, 5G has breathtakingly low latency (the time it takes for a system to receive a response to a request). The average human reaction time to a stimulus is 250 milliseconds (ms). Most humans perceive 100ms as instantaneous. 5G’s reaction time is 1ms.

Though the general public is sold on what this means for entertainment (think: UHD movies downloaded in seconds, multiplayer games with zero time lag), the true benefits of high speed and super-low latency will be felt in society-shifting technologies like autonomous vehicles, remote surgery, and AI. New functions will come online that most people cannot currently imagine.

5G is able to deliver these unimaginable efficiencies because it lives in the frictionless universe of the cloud. It is essentially an all-software network operated through distributed digital routers, virtual networks, and network slices orchestrated with the help of AI. It is a decentralized system that optimizes processing speed and power by relocating operations to the fringe. This is very different from the ‘hub and spoke’ configurations of previous generations.

Such a setup unleashes almost unlimited potential and is the gateway to a truly AI-empowered world. But it also reveals previously unseen numbers of vulnerabilities.

To begin with, software is by its nature hackable, so a system built on software interfaces will always be prone to hacking. 5G specifically virtualizes in software higher-order network functions usually employed in physical hardware. The language used in virtualizing these services is universally known and accessible. At the level above, the network is, as in the case of services like network slicing, operated by software, probably even basic AI. Anyone capable of corrupting this software can gain control of everything it manages.

Then, compared to 3G and 4G networks, for example, where hubs and connections are more centralized and can be used to conduct cyber hygiene, the 5G network is open and distributed. This creates an entirely new set of cybersecurity challenges. Decentralization and removal of network ‘choke points’ makes the network far more difficult to police. But the problem is not just structural.

A conflict of interests

The internet of things (IoT) already consists of billion devices linked to servers and the internet in different ways. These can be anything from a car’s navigation system to a child’s toy doll. Chips and sensors turn everyday objects into mini computers that create and share data. As 5G becomes the standard, the IoT will explode. Soon we will see entire cities connected in seamless silent communication.

Smart cities are an example of ways in which 5G network might improve the living standards of every citizen, but they also show what might go wrong. When billions of devices are connected to a 5G network, and all of those devices have many possible types of applications, the cyberattack vectors become limitless.

When hackers or cyberterrorists manage to compromise the systems that keep a smart city functioning, the consequences move out of the digital realm into the physical. When water supply, power supply, traffic management, waste removal or connectivity are disrupted, humans suffer. This is to say nothing of what might happen if a highly sophisticated matrix of autonomous vehicles, all driving at high speeds during peak time traffic, were brought down in an instant.

On a smaller, but more personal scale, the accelerated ubiquity of IoT devices in our normal lives will leave us open to surveillance in our own homes. Even basic devices can, without our knowledge, be turned into microphones or cameras by someone why gains remote access. Then, if those devices are infected with a virus that recruits them in a DDoS attack, networks or businesses face an army of billions of devices flooding them with requests. The result is inevitably breakdown.

So, the risks are dramatic and, as the news regularly reports, the threat is real. So what should we be doing and why are we not doing so already?

For one thing, there are too many competing interests in the market. Devices and applications are being designed as iterative models, always released as a minimum commercially-viable product. Device and application developers know that their software can always be updated later to fix bugs and errors – the key is to get the product to market as soon as possible. This is understandable when profit is the only aim. But it makes security almost impossible.

There is an old military saying: ‘slow is smooth and smooth is fast.’ Do something properly and you will save yourself the time that will give you the upper hand over your adversary. This is not, however, the philosophy guiding device and application design. Nor is it the thinking guiding 5G network construction.

Too many cooks in the 5G network kitchen

Unlike China which has a managed economy, western democracies are governed by the rules of free market economics. Using the US as an example, multiple network operators have licences to move ahead with 5G, and with diversity comes less alignment.

Yet, a coordinated move to build cybersecurity into 5G networks from the ground up is critical if we are to deliver on the promises of the technology. Without it the rollout of one of the most powerful tools of our times will be fraught with peril.

It is one of the reasons why the US National Security Telecommunications Advisory Committee (NSTAC)—composed of leaders in the telecommunications industry— recently told President Trump that, “The cybersecurity threat now poses an existential threat to the future of the [n]ation.”

For 5G to become a blessing and not a curse, public and private interests will need to be congruent. Governments and businesses will need to work together to establish policies and operational agreements that grant capitalistic freedom without infringing on the safety of our people.

Corporate interests owe their customers a duty of care. That is a fundamental principle of business, but ignoring it in a 5G world could be catastrophic. Governments, on the other hand, need to be more sober about how they determine their policy agendas. The recent furore around the US and Huawei may or may not be justified. What is certain, though, is that it has obscured the true scale of the 5G threat.

Technology is changing faster than anyone could control. Cyber criminals and cyber terrorists know this and take advantage of it. When 5G comes online the battlefield opens up. We need to act now in an agile and coordinated fashion if we hope to make the coming decades the prosperous ones the world deserves.

NFC Security 101 (Non-5G IoT Connectivity Options)

NFC Cybersecurity

NFC is a short range two-way wireless communication technology that enables simple and secure communication between electronic devices embedded with NFC microchip. NFC technology operates in 13.56 megahertz and supports 106, 212, or 424 Kbps throughput. There are three available modes of NFC communication:

  • Read/write (e.g. for reading tags in NFC posters)
  • Card emulation (e.g. for making payments)
  • Peer-to-peer (e.g. for file transfers)

There is no need for pairing code between devices, because once in range they instantly start communication and prompt the user. NFC technology is power efficient – much more than other wireless technologies. The communication range of NFC is approximately 10 centimeters and it could be doubled with specific antennas. The short range makes this technology secure. Only allowing near field communications makes this communication technology optimal for secure transactions, such as contactless payments. Some examples of NFC applicability include:

  • Ticket confirmation for sports events, concerts, at theaters, cinemas;
  • Welfare performances improvement – syncing workout data from a fitness machines with personal user device;
  • Personalized content sharing – viewing special offers on your phone in museums, shopping malls and stores;
  • Loaders of translated content in different services, like menus in the restaurants;
  • Check-in and check-out in hotels, airports, etc.;
  • Security systems – unlocking an NFC-enabled door locks, etc.

NFC technology provides further support for smart home and smart building evolution. In the bedroom an NFC tag can be used for monitoring TV, wireless system, alarm, lighting or other devices via the smartphone. In the kitchen NFC tags could be placed on refrigerator and oven making them smart as presented in Figure 3., or they could be used to modify the ambient according to your needs (turning on and off some lights, music, etc.)

NFC support for smart kitchen
Figure 1: NFC support for smart kitchen

NFC tags can transform a smartphone or other personal digital device embedded with NFC chipset, into a universal remote capable of performing any action. Compared to RFID technology, every NFC device has embedded NFC reader and NFC tag capabilities. The potential for NFC technology applicability in smart homes and buildings is endless.

NFC advantages for smart homes and buildings applicability are simplicity, security, capability to connect unconnected devices via NFC tags or bridge other incompatible wireless technologies, low power consumption, widespread technology in almost all electronic devices, etc.

The main limitations that have to be considered for NFC applicability in smart home and smart building use cases are: very short distance, lower throughput compared to other wireless technologies, it is not completely risk-free technology – due to the fact that mobile based hacking tools are evolving and became common today.

NFC Security

NFC wireless technology enables all objects to connect to the Internet. Its applicability in the IoT domain, to smart home and smart building use cases is crucial, especially if taken into account the fact that all modern personal devices (cellphones, tablets and notebooks) are embedded with NFC chips and their mutual compatibility is achieved.

One of the security mechanisms implemented in NFC is Digital Signature (defined in the NFC Forum Signature RTD 2.0) with asymmetric key exchange. The Digital Signature is a part of the NFC Data Exchange Format (NDEF) message, which includes also a Certificate Chain and a Root Certificate. Each NFC device has a private and a public key.

Developed by HID – NFC tag manufacturer, another security mechanism is a Trusted Tag. It fully complies with NFC Forum Tag Type 4 and works with any NFC Forum compatible devices. The Trusted tag is protected from cloning and embedded with cryptographic code generated by every “tap” or click on NFC button. This cryptographic code protects the content of the transmitted information.

NFC technology operates in limited range includes additional protection like PIN or biometric locks that enable secure data exchange. Similar to other wireless technologies, NFC is susceptible to some security challenges. Some illustrative examples are:

  • General Theft of property or losing a device is hard to avoid. The best defense from this threat is to ensure phones, tablets and other personal devices from unauthorized logging and usage.
  • Eavesdropping and interception attacks apply to NFC technology.
  • Man in the middle attack is possible if there is a malicious device positioned between two NFC devices or in their short range that receives and alters the exchanged information. They can be prevented by remaining aware of unusual devices that are attached or positioned nearby to transactions premises. It is important to ensure that NFC transactions are realized only in official and authorized places.

Most popular articles this week