Now may be the one chance for safer IoT cyber security
Join Our Newsletter - Get important industry news and analysis sent to your inbox – sign up to our e-Newsletter here
X

IoT must become the Internet of Secure Things for widescale acceptance in the 5G era

By Giacomo Lee 21 May 2021 (Last Updated July 22nd, 2021 15:10)

2021 is seen as a year of catch-up for the Internet of Things. But IoT cyber security issues which dogged the tech in the 2010s continue to do so, Giacomo Lee explains.

IoT must become the Internet of Secure Things for widescale acceptance in the 5G era
An employee walks the exhibition hall for an IoT-based urban traffic management system (Credit: Chen Chao/China News Service via Getty Images)

As the world reopens for business, 2021 is seen as a year of cyber security catch-up for the IoT (Internet of Things) – one of many technology themes impacted by the pandemic and the ongoing chip shortage. While IoT has a brighter year ahead, the issues which dogged the area in the 2010s continue to do so.

Though 2020 may have seen more of us online for work and play, IoT ironically became less of a “thing” last year according to a report published last month on the theme. GlobalData analysts – who will be holding a free webinar on the topic this May 27th – report sluggish growth in the overall IoT market as Covid-19 interrupted IoT deployments. In the consumer IoT domain, the connected car market declined by 10%, and the automated home segment saw just 1% growth in 2020.

The IoT market as a whole encompasses everything from smart cities to wearables and industrial machinery. This is all made possible by connected sensors and actuators of the IoT, which control and monitor environments and the things that move within them, along with the response of people to both.

IoT is potentially an even more pervasive kind of tech than today’s computers and mobile devices  –  and yet it isn’t pervasive as things stand. But it has evolved from the days of retrofitted “grimy IoT” and machine to-machine (M2M) implementations, aimed at industrial control and remote management, into the current age of “shiny IoT”.

Analysts like GlobalData’s Michael Orme say broadscale 5G adoption needs to take off for the next stage of pervasive IoT to happen, with “hundreds of billions of smart-connected devices ranging from light bulbs to cars, and from biomedical wearables to smart buildings making up the ‘internet of everything’ from 2025 onwards.”

IoT will therefore become the solution, and create new business models with it.

But before all this can happen, the IoT will also need a unified and global cyber security standard. This is because as the number of connected devices increases, so does a massive security gap with more and more potential for cyberattacks.

The Kill Switch

The multi-layered nature of IoT creates a huge attack surface, whether through devices, connections, data, apps or services. But there are no globally accepted standards spanning all five layers of the IoT value chain. This hasn’t gone unnoticed: regulatory initiatives such as the EU’s General Data Protection Regulation are slowly emerging. More manufacturers meanwhile are designing IoT devices with prebuilt cyber applications, whilst also providing users with the necessary software updates to patch security breaches. This is important as IoT cybersecurity begins with device design and the choices that engineers make when developing their IoT products.

However, this is not enough. Current IoT ecosystems lack adequate security regulations, with most devices having weak or no security controls. And as GlobalData (GD) analysts state, legislation covering IoT cybersecurity “remains a fragmented patchwork of laws which do not address concerns around IoT security as a whole.”

For IoT tech the primary focus is endpoint security, which refers to the protection of connected devices. Intermediate gateways and routers will also need to be effectively secured, along with central servers, which contain the bulk of the most valuable data.

It’s important to bear in mind that attacks on industrial equipment and critical national infrastructure can be a significant threat, as shown by the recent Colonial Pipeline hack. Perhaps the threat is best expressed in GD’s report.

“If a cyberattack hits your PC, it is a nuisance,” as its authors state, “but if your connected car suffers a cyberattack, it could kill you.”

5G’s role in IoT cyber security

“On the question of universal security standards, few technologies have seen genuinely global standards beyond, say, mobile telecoms,” GD analyst David George tells Verdict. “ETSI released in June 2020 a standard for consumer IoT devices that it described as a ‘security baseline’ and that could provide a basis for future IoT certification; it focuses on building security into the design of devices rather than as an afterthought.”

While George says the ETSI standard is seeing growing adoption, in his eyes it is not yet ready to be called a global standard. The same can be said for similar initiatives such as a tech spec guide from the US National Institute of Standards and Technology centred around consumer IoT devices, and the US IoT Cybersecurity Improvement Act as signed in December 2020.

Some help may be found in another technology theme also impacted by the events of 2020: 5G, the worldwide deployment of which was affected just as much as IoT deployments last year. Being low cost, low power and wireless, 5G is potentially a huge enabler of pervasive IoT. Not only that, but its new global wireless standards may also be the obvious path to a single interconnection standard, something which a communications protocol for IoT will most probably need.

Massive IoT in the 2020s

But in those countries which have seen initial 5G rollouts, public coverage remains low. Besides patchy signals for consumers, this means there’s as little sign of a pervasive IoT revolution as there is of 5G becoming the world’s single interconnection standard any time soon. But GD analyst John Marcus believes there’s a brighter picture when looking away from the consumer end of 5G.

“5G-powered IoT is more relevant in the industrial space,” he tells Verdict. “To get a peek at the potential, it makes more sense to look at private 5G network deployments rather than looking at a country’s public 5G roll-out.”

Marcus points to smart factory examples such as Ford’s E:PriME facility in Essex, UK. He also flags up a Mercedes-Benz factory in Germany which, when launched in 2019, was the world’s first 5G wireless network in an automobile plant.

The analyst also notes the pandemic “actually increased demand for enterprise and healthcare use cases around people tracking, remote equipment and site monitoring.”

Such applications, of course, raise the need for cyber security in IoT even higher.

Marcus also assesses that this brings the world one step closer to “massive IoT”, which entails the use of low cost sensors and long life batteries for smart meters, cities, buildings and homes, along with fleet management across a wide area as opposed to the localised kind of 5G coverage that is currently enabled. This type of application will mean Low Power Wide Area Networking (LPWAN) technology, often used to deliver so-called narrowband IoT (NB-IoT) coverage. This is useful for things like smart utility meters which don’t need to send a lot of data – but do need to be connected in large numbers to small amounts of infrastructure while running on a single battery charge for very long periods.

“For the wide area, you’ll need that coverage but you’ll also need roaming across the LPWAN part of the solution,” Marcus notes. “Vodafone and AT&T have partnered to open up access to their respective NB-IoT networks to each other, making it easier for customers to create massive IoT deployments that work across the US and parts of Europe, and Deutsche Telekom has recently upped its global roaming in this space too.”

Engineers install 5G antenna equipment in Switzerland (Credit: Stefan Wermuth/Bloomberg via Getty Images)

Wafer woes

For better or for worse, the great IoT slowdown we’re currently seeing will probably be exacerbated by the ongoing global chip shortage. Weak demand for automobiles due to the pandemic had caused automakers to cancel chip orders last year; much of this supply was then redirected to the booming consumer electronics market.

When demand for automobiles picked up again at the end of 2020 there was not enough chip supply to go around, leaving the auto industry at the back of the wafer queue. The problem has been made worse by factory fires and severe weather affecting production this year, sending shockwaves through global supply chains. IoT is also affected as chips are a key component of many smart devices, and more silicon is being added to many devices that previously had not required them, such as light bulbs.

“The shortage may not be over until 2023 and will hobble IoT-related businesses according to their status profile with the chip foundries led by TSMC,” Orme tells Verdict. “Autos are the headline case, but smart cards are equally badly hit and even Apple and Samsung are suffering in high-end smart phones.”

“As auto production rebounds meanwhile, we are already seeing stories of manufacturers removing certain features like touchscreen and advanced infotainment,” George adds. “This impacts elements of what are generally categorised as connected cars.”

In Orme’s view, what happens next in the IoT theme depends on the buildout and reach of global manufacturing capacity.

“TSMC, Samsung, Intel, GlobalFoundries, Infineon, SMIC etc have major projects underway set to go on stream by 2024/2025,” he explains. “How much of it is for mid-range and low-end semiconductors, which is where the vast bulk of IoT related demand will reside? Not enough, probably.”

Despite the delays, Orme still doesn’t think there will be enough time for a global IoT cybersecurity standard to be in place once normality has returned and 5G coverage starts to become widespread. Fellow GlobalData analyst David Bicknell, though, believes the countdown isn’t over just yet.

“I still think there’s time for something of a reset. I think that steamroller is still in a low gear. Business hasn’t got up to speed yet  –  there are still too many uncertainties about Covid.

“Smart cities are now ‘uncertain cities’, still trying to predict what the future holds. Cyberattacks are not diminishing in number or severity. Dabbing the brakes now might be a smart move.”

Join renowned B2B tech influencer Evan Kirstel and GlobalData analysts for a deep dive into why IoT will be a $1tn industry by 2024 and the myriad challenges the space faces. Register here for the free webinar taking place 27th May 2021, 4pm (BST). Find the GlobalData Internet of Things – Thematic Research report here. Piece by Verdict’s Giacomo Lee.