5G Promises to Hyper-Connect the World; But How Much Will It Amplify Risk?
Here’s one thing we know: Technological advancements are in a constant state of flux.
This reality, coupled with the ever-changing nature of the way technology and connectivity intersect, results in a need for the insurance industry to stay abreast of the technology and the inherent risks involved. This is specifically true as it relates to the introduction of 5G, or the fifth generation of mobile technology, and the Internet of Things (IoT).
These two shifts in macro-technology promise to provide greater stability, the ability to connect more devices at once, move data at greater speeds and lower the overall latency. Seen as the opportunity to supercharge business processes, increase efficiency and reduce costs, many businesses plan to deploy 5G technology in the next couple of years.
As such, experts agree that 5G will become a catalyst for IoT and convert the world from being interconnected to hyper-connected, which ultimately increases automation, transparency into operations and fosters better decision-making at the C-suite.
“With IoT-enabled devices in mind, 5G is meant to connect more devices at higher speeds and make things that lag nearly non-existent, giving way to a seamless user experience,” said Cristina Varner, ARM, LUTCF, practice leader at ABD Insurance & Financial Services, Inc.
“Mobile IoT technologies are a low-cost, low-power consumption solutions while enhancing the connectedness of its users to one another.”
But the inherent risk, as it relates to IoT and 5G connectivity, is the result of constant connection, which certainly provides opportunities for innovation and modernization but opens up potential cyber security threats that can compromise important personal information.
“For communications services providers specializing in mobile services, media or web services, the only constant is relentless innovation,” Varner said.
“Smart cities and infrastructure, connected vehicles, digital health care, smart homes and more are transforming markets. Insurance solutions such as cyber liability, crime/social engineering, general liability and product liability should be seriously considered.”
In addition, transformational mobile bandwidth is coming online at the same time that IoT is reaching critical mass.
“The disruption will be massive,” Varner said. “These systems enable the transmission of financial and business transactions as well as emergency response communications. If compromised, the consequences can be serious.”
Understanding Inherent Risks of 5G
With any new innovation, there come inherent risks that must be mitigated. According to Ankur Laroia, managing director, BDO Digital, this hyperconnectedness 5G and IoT will push the computing platform beyond the edge into uncharted territories.
Think of it this way: Imagine a hyper-connected supply chain, where 5G connected IoT sensors are broadcasting real-time supply vector information into a plant so that ‘just in time’ manufacturing can occur.
Similarly, think of a smart natural gas pipeline that is 5G/IoT enabled — it lets the operators make better operating decisions as they have a precise real-time operating picture, and it also lets marketers who sell capacity on the pipe to better price and market the capacity accordingly.
“With this frame in mind, think of the tsunami of data that will collide with existing IT infrastructure, which isn’t ready to service this data, nor is it ready to assimilate, parse and process it. In short, the very benefits of 5G and IoT can choke an enterprise’s backbone,” Laroia said.
The other elephant in the room is the vulnerabilities that come with velocity at hyperconnectedness.
“Once you have a litany of IoT-enabled devices in the thousands, if not hundreds of thousands, broadcasting telemetry, every one of those becomes a potential target for bad actors. In essence, we’ve exponentially increased the surface attack area here, which has to be consistently patched and curated,” Laroia said.
Nick Graf, assistant vice president of information security at CNA Insurance, explained that additional risks of 5G include over-reliance and unrealistic expectations for a new technology.
“Many people don’t realize that there are multiple ‘flavors’ of 5G — low band, medium band and high band,” Graf said.
“It is the high band 5G that receives the most media hype for the extreme speed and low latency it can bring, but real-world testing shows that a high band signal needs a clear line of sight and close distance in order to achieve the promised speeds. Things like a pane of glass or tree in the way greatly reduces the benefits of high band 5G.”
Mitigating Risks of Interconnectivity
To reduce the risk of costly, disruptive damage to these systems, Varner advised that companies proactively secure, control and monitor the use of powerful privileged accounts.
“Insurance is only one component to transferring risk for companies,” Varner said. “Risk mitigation should be the top priority when planning.”
To mitigate risks, Laroia said companies must ensure the fundamentals are in place as there is no technological “silver bullet” that is a substitute for good IT governance.
“Tech hygiene is paramount; it is a key prerequisite for 5G and IoT enablement,” Laroia said.
“Beyond governance, we must ensure that triage protocols are implemented and tested monthly to ensure readiness. We also have to ensure that the IT backbone, especially the data lake, data automation as well as data analytics pillars are robust and modern enough to keep up with the deluge of data published by the IoT backbone.”
Companies also need to further prioritize the most important privileged accounts, credentials and secrets. And identify the potential weaknesses and vulnerabilities in their existing programs.
“Focus on those that could jeopardize critical infrastructure or organization’s most vital information,” Varner said. “There is no one-size-fits-all solution, but cyber and physical security needs to be a core competency within companies.”
Incorporating new technology comes with its share of issues as it relates to networked devices and security. For instance, privileged access to critical systems is often left unsecured and unmanaged. There is also a lack of awareness of how critical systems are integrated with other systems and how important security is within the entire ecosystem.
“Reported breeches illustrate how intruders entered into networks via common systems such as HVAC systems,” Varner said.
“This puts assets at an increased risk of a damaging cyber-attack that could impact telecommunications companies and citizens alike. It’s like the Wild West as users access on-demand applications from any location using any device. In this new unchartered territory, the risk to confidential data is expanding.”
Chris Hickman, chief security officer at Keyfactor, a company that secures digital identities, said there are a wealth of advantages in 5G adoption — namely, it’s a larger pipe to endpoints and devices, with a lot less latency.
“It introduces a continuous data stream and the ability to access information in real-time, which is critical for more advanced IoT devices, like autonomous vehicles,” Hickman said. “However, security does become a larger concern, especially for devices used in situations where human life is at stake. It comes back to basic concern around the connectivity of those devices and how secure they are.”
As Hickman points out, businesses across all industries are facing pressure to migrate to 5G, mostly on competitive reasoning, but it’s critical that those developing devices in segments like aviation, automotive and medical device markets, take a step back and resist the urge to reinvent security or go proprietary.
“There are industry standards in place that are proven; manufacturers need to leverage those standards and continue working on advancing network development in a practical way,” Hickman said.
“Security doesn’t fundamentally change with 5G, however the need and scope of security does. Billions of IoT devices will push the boundaries of security infrastructures to the brink of collapse. Adoption of proven, standards-based technology that can scale is the path forward.”
As with any new technology, a company looking to leverage 5G needs to be aware of its limitations. As Graf suggested, companies should look at what the end product’s function is, where and how will the device be used (taking into account some of the coverage limitations), and how the device will deal with a loss of connectivity. Can it function successfully offline? If so, for how long?
“Is network backbone capacity sufficient to support the device mission? Realize that interference can occur from both natural and manmade causes, unintentional and malicious as well,” Graf said. “All of this should be thought about with the consideration of business continuity, disaster recovery and incident response.”
Varner says that 5G for IoT-fueled automation in industrial environments will likely use various networks for different services.
As such, they will have to ensure that their mobile service provider has appropriate monitoring in place within their network to supervise the activity of connected devices and infrastructure.
“We have to look at the value to the business that these innovations provide,” Laroia said.
“Not all devices and vendors are created equal. Having a longer term view to the innovation ecosystem and taking a hard look at open platforms will mitigate some of the inherent issues that come with connected network devices and security.” &