Beyond politics, 5G presents technological complexities for cybersecurity. We dive in on each sub-segment of this emerging opportunity.
- Moving beyond geopolitics, 5G presents cybersecurity complexities from various angles regardless of equipment vendors
- As with all step-changes and technological shifts, it opens a window of opportunity for new market players in the equipment and security space
- We discuss the commercial and technological drivers of 5G cybersecurity and introduce a framework for segmenting the emerging US$6-8b annual TAM market
- In each of the 9 sub-segments, we discuss the unique dynamics and key success factors that regulators, companies and investors need to pay close attention to
Backdoor risks are real, but there are genuine cybersecurity considerations beyond geopolitics
The discussions around 5G Cybersecurity started heating up only after the US pulled Huawei’s equipment into the limelight. There were claims that backdoors were embedded within hardware equipment, allowing the Chinese to gain unauthorized remote access to infrastructure and sensitive data of national importance. Arguably, no evidence has been presented thus far and industry insiders increasingly view this as the first step towards legitimizing sanctions against the company as part of an overall trade war aimed at rebalancing a technological gap. This is to a large extent political moves at play.
The risk of network-tapping, or in modern terms “backdoor” are real. Such risk have existed since the cold war and network operators have had to deal with such risk one way or another.
We look beyond geopolitics, and deep dive on key cybersecurity considerations arising from the transition towards 5G, where we see market opportunities and how it could impact the current state of dynamics among cybersecurity players.
5G, from the network owner-operators’ lens
For the uninitiated, 5G is not a new technology or network product. In substance, 5G represents a combination of:
- An entirely different network architecture for wireless communication
- Bringing together different modes of wireless communication into one network
- Through the use of new types of network equipment and
- The use of different spectrum bands
These are aimed at achieving 3 main benefits and step changes in wireless communication
Standing from the perspective of network owner and operators, 5G is different from previous generation of networks in both commercial and technological terms. These are important premises underlying the conversation on the market for 5G cybersecurity
From a commercial standpoint:
- Industry insiders commonly agree that 5G use cases will primarily be focused on Government and Enterprises, leading to the rise of private enterprise 5G networks
- Telco consumer use cases are limited if not financially unattractive, with the exception of fixed wireless as an alternative for fibre home broadband
- Capex will weigh towards network equipment and software for core network virtualisation, with varying degree of upgrades required for edge equipment
There are also 6 key areas where 5G is technologically different and more complex
- 5G networks will be software defined from RAN (“Radio Access Network”) through to the Core as this is a key requirement for end-to-end network slicing.
- Shift away from application specific network equipment towards general purpose compute equipment, capable of running different applications in virtual network containers
- Adoption of Open RAN architecture, meaning that different vendor equipment can co-exist and work together in the same RAN. This will pave the way for new RAN equipment vendors, and facilitate share gain among second / third tier providers
- Multiple slices of virtual networks will ride on a common physical network infrastructure. The same physical network could have consumer voice, consumer web traffic, IoT dataflows and surveillance video streams each running separately as different virtual network slices.
- Networks will handle operating data for government and enterprises, not just communication data. Some of these dataflows will be mission critical. For example, in the case of surveillance and road monitoring, video feeds can be streamed over a 5G network for real time traffic optimization.
- Higher security specifications have been set out by the 3GPP for equipment and communication protocols. As with every new generation of network equipment, security specifications are tightened and network owners expect vendors to meet these common standards.
These added complexities create new cybersecurity considerations although equipment specifications require higher security standards
- Networks will be harder to secure
- 5G Architecture is more open by design. Take Open RAN for example – a framework designed to allow different brands of equipment to co-exist on the same RAN. Historically, RANs function on a single brand of products. If a network runs Ericsson, all RAN equipment within that network needs to be Ericsson. Open RAN essentially allows new equipment vendors to supply equipment into networks (usually by being lower cost), as long as they meet the same 3GPP and Open RAN specifications. While a minimum level of security is mandated by the 3GPP standards, it is open to debate whether they can back their equipment and embedded software the same way Ericsson, Nokia or Huawei would throw Cybersecurity experts behind their products.
- As with all IT products, software running on general purpose hardware are always exposed to more attack vectors than application specific hardware running embedded software. This is exemplified when the software are open architecture by designs and API endpoints are well documented or known. We contrast this to the 3G/4G world where embedded software algorithms are tightly held IPs by equipment vendors.
- Lastly, having multiple software defined networks running on the same hardware infrastructure is complex business from a security standpoint. In theory, each network is separate and unauthorized access or corruption of one network should not compromise another. Yet this is a fallacy in itself because it all falls apart when the hypervisor is compromised. What about very low-level code corrupting the virtualization software which separates the virtual network?
- Infrastructure, applications and dataflows on 5G networks will be more mission critical
- If 4G was about unlocking high speed connectivity and the mobile web for billions of people, 5G as many have described primarily rests on the idea of massive machine to machine connectivity for enterprises. Whether it be for video surveillance, port automation or Industrial 4.0 wireless factory operations, 5G sits at the crossroad between Information Technology (“IT”) and Operational Technology (“OT”)
- While IT cybersecurity has been in vouge among mass media for years now and more recently hyped by data privacy concerns of 5G Chinese equipment; OT cybersecurity is starting to gain attention among systems integrators particularly in the industrial sectors
- If A Telco’s 4G network gets hacked today, data gets exposed and compromised – banking data, private medical records, personal text messages the list goes on. The consequences are serious no doubt.
- Yet, imagine what could happen if a traffic management system running on a 5G network gets compromised? Or if a network managing autonomous cranes, forklifts or aerial drones were to be hijacked.
- In a 5G world, cybersecurity is no longer just about IT but increasingly about OT and the cost of security failure is of a different nature.
- Larger pipes and more connected device will increase scale of potential attacks and have implications on current models for IT Security.
- An often overlooked, but sizable aspect of 5G cybersecurity, is the impact of 5G on classic IT cybersecurity
- Take DDOS (“Distributed Denial of Service”) for instance. Without going into specifics of how DDOS protection works, consider what happens when:
- BOTNETS are multiple times the scale riding on not just laptops but mobile phones, tablets and all the new IoT equipment we might one day load onto the edge of our 5G networks and;
- Network data rates are 100x faster, allowing DDOS payloads of entirely different magnitudes
- Combined, the scale of DDOS attacks could be exponentially larger than what they are today, and present-day security models may not be adequate.
We see 9 sub-segments in 5G cybersecurity
We have thus far elaborated to some extent the qualitative drivers that complicates and would create new demand for cybersecurity in a 5G world. To discuss the market potential for 5G cybersecurity, we have developed a framework that seeks to help regulators, business managers and investors segment and evaluate the commercial opportunities. An important caveat at this stage is that this is a commercial framework, and not one that is aimed at tackling the technicalities of 5G cybersecurity.
We see 9 sub-segments for 5G Cybersecurity, as defined along two main dimensions:
- What it aims to protect:
- The network infrastructure itself;
- The applications & data running on the network or;
- Existing IT / OT systems
- How to protect:
- Hardening hardware and software to minimize vulnerabilities;
- Through assurance, testing and certification or;
- In the form on monitoring, detection and response
Some of these elements are worth a deeper explanation.
Infrastructure vs Applications/Data
In terms of security, it is critical to differentiate the network infrastructure (both hardware and software e.g. hypervisors) layer from the applications and data that are running on the network.
- Firstly, the owner and operators are often different. Most nationwide 5G networks would eventually be owned and operated by Telcos or government entities; but the central idea of network slicing is to allow a broad range of companies to run multiple applications on it for the purposes of unlocking different IoT use cases
- Secondly, the impact and implication of security breaches are vastly different. The impact of unauthorized access at the applications/data layer really depends on the actual application being breached – be it a utility metering network or traffic management network. In most cases, impact would also be contained within the individual virtual networks. On the contrary, security breach at the infrastructure level could cripple multiple virtual networks and applications at the same time; or in a more extreme example allow intruders to spin up a container with massive bandwidth and capacity for attacking other IT/OT systems – before vanishing along with the virtual network and leaving no trace.
Expanding the Enterprise IT/OT Cybersecurity Market
We separately call out existing IT/OT systems as a dimension in our segmentation. As described earlier, the increased bandwidth of 5G coupled with the elusiveness of virtual networks will render many of existing IT/OT security systems and technologies inadequate. As companies seek to make their IT/OT functions more connected, they may invariantly find themselves having to upgrade security measures. While not a new segment in cybersecurity, we believe 5G will spark growth in the security market for existing IT/OT systems.
In hardening 5G network infrastructure, the notion of security by design comes first and foremost.
Hardening infrastructure is ultimately about hardening the individual baseband modules, chips and processors which collectively makes up the network. Security would therefore focus on low-level software and at the chip level – where primary responsibility resides with the equipment manufacturers themselves and also explains why Huawei, Cisco, Nokia and Ericsson have invested heavily in cyber security talent and resources. Outside of the network equipment majors, niche security companies with a focus on network hardware and embed software may find themselves in a sweet spot, where they are either out-invented and made irrelevant or acquired for their IP.
Assurance, Testing and Certification
Assurance, testing and certification is in itself a mix bag of different essential services for 5G cybersecurity.
- Network equipment certification is not a new business and common criteria frameworks will eventually emerge for 5G equipment. Labs and certification companies licensed to inspect and certify 5G equipment will continue to play a key role within the ecosystem although they are not strictly security provider. One must however recognize that the certification process is always done on a sampling basis and provides no guarantee for what is / what is not in every piece of a batch or model of equipment.
- Testing and assurance services are very much dependent on track record and reputation. Companies like Forcepoint (a unit of Raytheon) and other players used to serving defense / government clients may find themselves advantageously positioned to address opportunities for 5G infrastructure and applications security. In fact, many of these defense companies have built up their bench of cybersecurity capabilities and talent pool to meet the needs of military electronics and government intelligence services.
Monitoring, Detection and Response
There is a long tail of Managed Security Service Providers (“MSSPs”) in the market. A hot segment just a few years ago, MSSPs have found themselves caught in a highly competitive space. Faced with pricing pressure in a somewhat labour intensive business, there has been an overall shift towards automation and use of AI for threat monitoring, detection and response. There are also hopes that 5G would open a new segment of opportunities for existing players.
Threat monitoring, detection and response for 5G will be highly integrated with network monitoring and operations. In other words, the task for monitoring security threats in a telco’s or private enterprise 5G network cannot easily be outsourced – to a MSSP team or to a third-party security monitoring AI software.
With 5G’s NFV capabilities, equipment vendors from Nokia to Ericsson or Huawei are looking beyond just hardware sales. Many of the upcoming 5G deployments will see end-to-end network monitoring software (designed and built by equipment vendors) automating tasks and functions traditionally performed by teams of network engineers.
Instead of adding MSSP software or headcount alongside existing network monitoring tools and teams, the more likely scenario is one where
- Network monitoring functions will be integrated with security threat monitoring functions;
- Equipment vendors will supply the software suite that addresses both network and security operations collectively in a single-view;
- Streamlining overall reliance on warm bodies through the use of AI and Robotic Process Automation
Few, if any, cybersecurity players today are equipped with the full range of capabilities required to adequately address the opportunities arising from 5G.
- For one, most cybersecurity players today are primarily focused on enterprise IT and have built software and capabilities around those
- System designs and software for wireless network equipment remain closely guarded by equipment vendor and is a domain where most cybersecurity players do not have access to
- Knowledge and expertise around Telco network operations is yet another aspect that few cybersecurity player are familiar with (potentially with the exception of Trustwave that is owned by Singapore’s Singtel Group)
We have thus far shared our views on the segments of opportunities within 5G cybersecurity, the dynamics and key success factors for each segment and the capabilities gap for existing players. As markets globally transit towards future networks with 5G, it leaves us with a number of questions that spell opportunities in both private and public capital markets.
- Will 5G spur consolidation in an already fragmented cybersecurity market
- If so, which are the companies best positioned as consolidators and acquisition targets
- Lastly, to what extent will “made-locally” be a key consideration in 5G cybersecurity