Operators balancing risk and reward of IoT explosion

Ensuring security while benefitting from the opportunities offered by IoT is front-of-mind for operators, as technology and services gain momentum and maturity.

According to reports by Mobile World Live, Raul Azevedo, product development VP at WeDo Technologies (pictured, right), summed up the situation: “Our customers are concerned with 5G and IoT, which will bring a huge diversity of scenarios which we’ll have to handle. The volume of data is exploding, the speed of that data will be real-time, and they are concerned how to address that.”

The primary challenge of IoT is the complexity and diversity of the landscape. Operators will not be providing services alone: a broad set of device makers, platform providers and vertical market applications will also be added to the mix, any of which can introduce weakness into the chain.

Eric Priezkalns, who sits on the committee of the Risk & Assurance Group, said: “We are trusting a lot of devices to all be secure, and when we should know they aren’t all going to be. There are lots of potential risks for our customers. Can you imagine how much money is spent on security and how advanced the technology can be, when we are talking about small, cheap battery powered devices?”

And for the operator, there is a significant downside attached to this: “You might say ‘it’s not my fault if the device wasn’t very good’, but who are people going to complain to, who are they going to blame? They are going to blame the telco, they are going to complain to the telco, because that’s who they can complain to; that’s who they recognise. They aren’t going to complain to lots of small IoT manufacturers,” he continued.

On the same theme, Azevedo commented: “If you have an insecure network or an insecure device polluting your secure ones, for sure you will have a problem. We will need to find a way to monitor the different layers of this complex architecture, and it won’t be easy also to solve the liability problem. Data will be really important to find out who is liable within this long chain.”

With much of the focus on IoT around connecting industries, Andreas Manolis, group head of strategy and risk for BT Group (pictured, left), said the “biggest issue is the home network”, where consumers can quickly and cheaply buy devices and connect them to the network.

“All those different providers which can come up in an instant, create a solution in two or three months, design it, develop it, release it, it’s the un-smart smart device – it’s un-smart in security,” he said. While BT ships its routers with an inbuilt firewall, there are examples of customers looking to disable it if they think it is getting in the way of their connectivity.

“Customers are so eager, they want the service, they don’t want any interruption, and they are willing to sacrifice security to do that,” he warned.

Antonio Vanni, VP in Ericsson’s digital services unit (pictured, centre), said the company’s approach is to “team up with as many industries as we can, start anticipating the problems, start figuring out the specifics of what those problems are going to be, understand the value chain, the actors, the players, and try to limit your exposure in advance. And of course, five years from now, we are going to learn things we have no idea about today.”

New techniques

With the massive increase in connected devices and service types, Vanni also said that tools such as artificial intelligence (AI) and machine learning will be crucial to “keep up with the pace of things that are going to change”.

“We have an idea of the variables that are going to be impacted, and we are preparing for them specifically with things like automation. You cannot enable the economics of IoT and connected devices if you do not have a fully automated value chain,” he said.

For all the concern, BT’s Manolis was keen to turn the tables, to point out how IoT can be used by operators to help manage their own operations.

“For us, we see with the new IoT devices that have a ten year life span and eSIM, you can retrofit these devices on any assets. So one thing I’m sure we are all aware of is asset assurance: for us, this is a great opportunity to be able to tag devices, have what weren’t smart devices retrofitted, to give us information on where they are, are they still active, should they be active, and what’s their condition. So when you say risk, you can convert that to risk management.”