YOU ARE AT:5GHow to understand, map and mitigate 5G cybersecurity risks: An interview with...

How to understand, map and mitigate 5G cybersecurity risks: An interview with Ande Hazard, AT&T

‘A business’ most valuable assets are data, data and more data’

Delivering enterprise-level digital transformation is proving to be a key 5G monetization strategy for operators. This approach, however, comes with a host of cybersecurity implications around things like data privacy and anomaly detection. In an interview at the RCR Wireless News 5G Monetization Forum, AT&T’s Vice President of Manufacturing Solutions Ande Hazard discussed these, and other, cybersecurity considerations in more depth.

Can you start by sharing your experience working in the manufacturing sector at AT&T in terms of the conversation you have with a potential customer? What kind of questions or concerns do they articulate to you around 5G security?

As we talk about this transition into 5G, there’s many security considerations that they’re still trying to sort out, especially as we look at the expansion of connected devices. It’s really clear that the theme of protecting the data regardless of where it’s stored or the communication channel that it travels, it’s one of the biggest concerns that we hear that our customers are trying to tackle.

Data privacy and managing the security of the data that’s accessed by the mobile end points is also top of mind for all of our customers, so there’s a lot of effort around securing the data at rest, in motion and then being responsive to all the data privacy requirements. And as we look at data in this new 5G-enabled world it’s all about protecting one of the most valuable assets for businesses and for our customers, which is data and data and more data.

If we could take a look at 5G NR from the standard perspective, as this went through the 3GPP process and became finalized, there is enhanced security that’s just baked into 5G. But if I was an enterprise buyer, that’s kind of an opaque statement. What else do you see operators as needed to do to help their business customers understand that these 5G-enabled processes are safe and resilient?

I think you made a great point as far as sort of the legacy cellular environment. As we look at 5G, solution buyers are embedding security into the net arch. 5G network operators are also building security into their networks. For example, to your point [about] 3GPP, those standards are part of the focus that we look at as operators and as providers. When you look at 5g, this new era of security with encryption on the IMSI to protect that network data traffic over the 5G radio networks is also an important sec element. There are so many improvements from 3G and 4G LTE, where security in those cases was more of an overlay versus embedded into the network and those standards.

Ande Hazard, Vice President of Manufacturing Solutions, AT&T

But there’s still work to be done to protect the data. I think that we look at it as what was equivalent to the early public cloud adoption, right? There’s a shared security responsibility model that we see with 5G. Enterprises shift many of those network functions to the carriers, which ultimately brings a higher enterprise grade security level, similar to what we saw with the cloud shift. There is a responsibility of the network providers and the cloud infrastructure to comply with all of the regulatory standards to provide continuous monitoring of the data on that network. But there is also the responsibility of the enterprises to provide the security on their own devices and their endpoints.

We see things like identity access management, data protection suites that are needed to complement the physical security of the on-premise equipment, especially when we look at things like multi-access edge computing — MEC — so it’s a hybrid of the carrier grade, and what’s embedded in the network, and what has to happen at the physical endpoints.

You mentioned endpoints and maybe we can stick with this man example when we think about 5G in that type of environment, a lot of it has to do with connecting physical assets like machinery, robotics, cameras, other types of sensors, so new endpoints that are dii from the endpoints where accustomed too, like me holding a phone. So, what do carriers and their customers need to do in terms of adapting a set of cybersecurity best practices that kind of lend itself to this new IoT world?

We look at it in three areas. The first would be around Machine Learning [ML], Artificial Intelligence [AI], advanced analytics. This explosion of IoT devices on 5G ultimately expands the attack surface, so security design really has to incorporate automation to ensure you can apply those security policies dynamically and get it at the scale of what we’re seeing with the network. Utilize AI and ML, other analytic capabilities to improve rapid detection and response of these new threats because their networks are becoming more complex and the number of devices connecting to these networks grows, so you have to be very nimble in that approach.

Second would be around software-defined networks [SDN] with security. As you need more connected devices added to the manufacturing ecosystem, attackers have a great opportunity to exploit those vulnerabilities and grab that very valuable data. Software-defined networking is a security enabler with the increase of applications developed, SND allows embedding that security into the design and architecture of the network. This improves the opportunity to put policy enhancements and anomaly detection and mitigation. It also allows applications to block malicious activity on the network and enforce policies across the security services.

Then the third would be virtual network functions [VNF]. Virtualization is an excellent opportunity to implement across a big, distributed network very quickly and because of this, enterprises can spin up security components like firewalls and push policies to many devices very efficiently. We also see virtual security controls to allow technologies to prevent attackers’ lateral movements. You can apply micro perimeters to protect applications, and then utilize SDNs for mitigating threats.

If we could get back to this point around monetization of 5G, maybe you can take us through some of the use cases that AT&T is opening up for customers by bringing 5G networks to manufacturing businesses.

In manufacturing, we are seeing vision systems […] around quality control and employee safety. We are seeing autonomous-guided vehicles […] and then also data intelligence from predictive maintenance of the factory equipment. I’d even give you a very specific reference. We did a publish use case with Ford Motor Company back in the fourth quarter of 2021 and it’s a great example of bringing that all together. They have their electric vehicle production in Michigan that’s going to produce the Ford F-150 Lighting pickup. We are leveraging 5G and MEC in that facility. Some of the use cases that they are going to tap into around the ultra-fast speed and low latency and this massive connectivity on the factory floor, they will be able to leverage the vision systems, the equipment status, material supply chain, automated robotics and even faster wireless vehicle updates, just to name a few use cases.

Image courtesy of Ford Motor Company.

When we think of a vision system for quality control that seems pretty straightforward in terms of delivering an improved business outcome almost immediately, but from your experience, is the time to value as fast as it seems like it would be when you implement these systems?

We’re seeing that from our customers […] that agility that you see from it and the consistency, and you take the human element out of it so you’re in this automated environment that allows for very quick analytics, very quick decision making, and it has actually produced improvements on the supply chain, on the factory floor and on the production line.

The manufacturing industry has been automated for a very long time, but if you can do smart automation, if you can actually accelerate that decision making and leverage more connectivity, […] I do think it’s accelerating that go-to-market capability.

ABOUT AUTHOR

Catherine Sbeglia Nin
Catherine Sbeglia Nin
Catherine is the Managing Editor for RCR Wireless News, where she covers topics such as Wi-Fi, network infrastructure, AI and edge computing. She also produced and hosted Arden Media's podcast Well, technically... After studying English and Film & Media Studies at The University of Rochester, she moved to Madison, WI. Having already lived on both coasts, she thought she’d give the middle a try. So far, she likes it very much.