What can you tell us about the pace of digitalization today?
There are no signs this development will slow down in any way. It’s clear that the capabilities provided by existing mobile networks have helped us to work from home during the pandemic, as I’ve been doing during this period. But there are some differences across sectors and size of enterprise.
The World Economic Forum reports that 84 percent of employees in white-collar industries have experienced rapid digitalization and shifted to working from home. At the same time, micro, small, and medium-sized businesses – which account for 80 percent of all enterprises – have not had the same agility and ability to provide the means for their employees to work from home.
As 5G is deployed globally it will start to enable even the smallest players to jump on board and get their businesses running fully digital. I think that’s a necessity for these businesses, and we’re going to see fast growth going forward.
Security and privacy in 5G systems
In our latest Ericsson podcast, Mikko Karikytö explains why resilient 5G networks are becoming pivotal to securing both public and private sectors.
Listen nowWhat are the biggest concerns when it comes to security and privacy?
The security of 5G and this digital environment is one of the hottest topics of the decade.
In our discussions with communication service providers – the masters in operating secure, resilient and reliable networks – we need to ensure that we’re on the same page. That we’re in agreement when we provide products and technologies that fulfil the expectations of continuous security operation and management, robust vulnerability management, and visibility to the live security posture of the network. It’s a continuous dialogue, especially now as the technology takes huge leaps forward, moving from monolithic server-based systems to virtual and cloud native deployments. When the deployment scenario changes, so do the threats and threat models, and the tools you need to manage the new landscape.
When talking to industries, discussions are about how 5G networks are remarkably different in security, reliability and resilience characteristics. It provides secure out of the box connectivity to all needs.
We will need to continue discussions with government stakeholders about the opportunities and implications of deploying 5G and the impact it has on our society. We’re getting to the point of realization that 5G is going to be a platform where everything and everyone will be connected, which means it will play a critical role in societies. Government stakeholders and regulators need to understand specifically how this technology works, and how to regulate it to stimulate business and societal growth.
What are the biggest differences with 5G when it comes to security and privacy?
5G provides us with ultra-reliable, low-latency communication, time-sensitive networking, and network slicing. Network slicing means that we can have tailor-made performance meeting various enterprise needs delivered, for example, as a service on one single resilient infrastructure. The technology is designed to be tailor made for specific security and privacy needs.
We already see a lot of momentum when it comes to network slicing use cases from areas like business and mission-critical systems, public safety, factory automation, the automotive industry and logistics supported by 5G technology. In all these use cases you need wireless global connectivity.
Network slicing provides security, including for example traffic isolation. If you have a super-secret, critical data, you don’t want that traffic getting in the hands of someone else, or into anyone else’s slice. It needs to be protected. The technology provides you with that privacy.
We talk about mobile technology in terms of five nines: we need to be able to trust that these networks are available 99.999 percent of the time. This service availability is rare compared to other digital services you use in your daily life – not many can live up to this performance.
The first version of 5G standard specifications already included improved subscriber privacy, enhanced authentication, and removed some of the legacy technology risks related to fraud scenarios or eavesdropping. It’s security by design decided in the standards.
But standards alone don’t do the trick, which is why at Ericsson we talk about the trust stack. In the trust stack mobile network standards are the starting point. The next step is when we make sure we have security and privacy by design in our product development processes. Then, together with the service provider, we deploy the equipment and software in the networks. After this comes the operation of the network, where the service providers manage and administer the network, change configurations, and add new functionalities and features. This also needs to be done in a secure manner.
In summary, there are four important layers in the trust stack: standardization, product development, deployment, and operations. Only if these layers work together can you have a real end-user experience that is secure and privacy respecting.
5G rollout in Europe has lagged behind places like Northeast Asia and North America. Does that put this region at a disadvantage when it comes to security and privacy?
5G is the most secure mobile networking technology yet. The faster you can onboard to 5G, the better you are suited. Not just in performance but in reliability, security, and privacy.
I would encourage anyone, even end users like myself, to opt for 5G when available. We need to get 5G rolled out faster so that we can benefit from this secure platform for innovation.
What does Ericsson mean when it says 5G is the only platform that can adequately connect private enterprises to the future global innovation ecosystem?
We are continuously working with frontrunners like Atlas Copco and ABB, as well as Mercedes Benz at their Factory 56. These are all live examples of how 5G technology is being used in very demanding and critical processes where there are no margins for error.
There is no better example of showing how 5G technology meets the requirement of the most demanding use cases than mission critical communications for public safety. We’re working together with companies like Erillisverkot in Finland, the public safety network service provider, as well as with FirstNet in the US.
These companies are now onboarding to cellular mobile technologies like 4G and 5G. So in other words: where protection and security are most important, mobile technologies are seen as applicable. Previously it was enough for first responders, rescue personnel, or the police force to be connected so they could collaborate mainly through voice. But now there is the need for connected ambulances to seamlessly share patient information. Or for 3D building layouts to be shown infirefighters AR headsets so when they go into the smoke, they have a real-life view of the building, where the doors are, and where they may find people in a bad situation. These are network performance-demanding use cases involving high-resolution videos with high-bandwidth requirements, and at the same time, having a need for complete, ultimate security and privacy. Don’t forget reliability and availability too: the network needs to be running at all times.
The fact that these players have selected 5G is an example to me of what this technology can achieve for some of the most demanding use cases today. I would say we have examples backing up our claims.
Telecom networks are rarely down. How important is telecom-grade availability, such as five-nine availability?
We know how critical telecom-grade availability is for industries and enterprises. Their business can’t be out of action or lose connectivity to customers. We cannot risk that your business depends on something that may or may not be working and could have an outage on any given day. That’s why telecommunications technology – that heritage of being always on – brings value. You can depend on this connectivity.
What we have achieved as an industry is extraordinary. In the consumer space, we have managed to cover the population of earth with this robust connectivity. And for context, it usually costs you something like a cinema ticket or meal dining out each month to have that connectivity.
What are some of the new security challenges enterprises are going to face in this new, connected reality?
Zero Trust is a very topical subject. Traditionally we have had a model where you had to build a firewall to protect your company and you trusted the perimeter protection to keep you safe. Now we know with the complex nature of the digital environment we can’t draw a hard line with trust inside of the border, but not on the outside. Therefore, concepts like Zero Trust have emerged. This means you have zero trust in any of the assets, but each asset has a strong identity, and you know that if you try to access information or a service, there’s going to be authentication between the trusted user and the server or service at the other end. The concept makes sure that nothing inside the network or operation is trusted by default. Zero-trust architecture provides protection to other assets in the case that some are breached.
Looking at 5G, the introduction of service-based architecture deploys the principles of zero trust in mobile network technology. It means that network functions that are now cloud native and virtual do not assume trust in their surrounding network functions. They will have mutual authentication between each and every network function. If a threat actor gets into the service provider network environment, they can’t do much, as they wouldn’t be able to establish these trusted relations in the network.
How do you see 5G systems evolving in the coming years to manage this changing trust and security landscape?
There are a few technology aspects that we will see developing. Secure identities and protocols is one area to start with. If you think about it, the 5G network is secure by default. You can just connect your 5G enabled device, and you already have a secure connection to whatever service you need. But at the same time, we understand that not all devices are as secure as mobile phones. Not all devices share the heritage of secure, hardware-based identities like SIM cards and hardware security modules.
We’re going to see trusted identities and confidential computing technologies evolve to make sure that different kinds of devices and services can connect securely to the network, and that the network can trust those devices.
When it comes to confidential computing, think about scenarios where our data is being processed in multiple places. Cloud native virtual instances make it possible for the network to dimension itself and deploy a function closer to the end user, or more centrally in a data center. You need to be able to trust that your data will be protected wherever it is being executed in the network. Things like confidential computing, really enabling fully secure examination of data in any part of the network, will be important.
We also want security assurance. How can we measure the security of a device or system that connects with our system? How can we assure that if we trust it now, it will continue to be secure and protect our data in the future? What kind of protocols and systems can we create so that we can ensure the evolving security posture of the system is for our benefit?
These are some of the areas we will see evolving in the future. Standardization plays an important role as we don’t want every corner of the world to have their own solution for these issues. We can see how open global standardized mobile networks have succeeded, and we want to continue on the same path.
What do you think the critical success factors are going to be going forward that will be the foundation of this new future digital ecosystem?
One of Ericsson’s internal focus areas is collaboration and cooperation, and that connects to the bigger picture very well. We need to be able to collaborate openly and holistically across industries, the tech ecosystem, and governments. Here the trust stack I mentioned earlier is a good fit. We talk about standardization, where all technology players, service providers, and the public sector come together to design and discuss how the future secure, reliable, resilient network will look. We, the technology vendors, create network technology based on our security and privacy by design development and delivery processes. And then service providers – who are masters in operating the networks – deploy and configure our technology and make the architecture work for the needs of the users, with security in mind. This collaboration remains critical in enabling us to stay ahead of evolving challenges, risks, threat actors, and threat vectors.
Governments also have a critical stake in this shared interest. As technology vendors and facilitators, it’s important that we maintain continuous dialogue with governmental agencies – both on a high level and working level.Governments need to understand the technology, and decide how to enable this technology to benefit respective economies and societies.
I think we are going to see a lot of cooperation and collaboration on our cultural journey, not just inside Ericsson, but globally.
Learn more
What makes a resilient 5G system? Learn more here
Read this in-depth report on how 5G is positioned in an increasingly challenging cybersecurity environment
Find out more about how communication service providers (CSPs) are positioned to become security champions for digital business in the future
