Ericsson Talks Security Needs for Massive IoT

Article By : Pablo Valerio

Bodil Josefsson, Engagement Lead IoT Security at Ericsson talks about 5G security and the company’s products to help carriers and end users secure their networks and devices.

Bodil Josefsson, Engagement Lead IoT Security at Ericsson, talks about 5G security and the company’s products to help carriers and end users secure their networks and devices.

This is the second part of our interview with Bodil Josefsson. To read the first part, please click here. 

5G promises many groundbreaking features such as ultra-fast bandwidth, low-latency, network slicing, massive MIMO, and 5G New Radio (NR). Most of those features are still being tested today, but strong security is essential for the upcoming critical IoT applications.

You can watch the second part of our interview with Bodil Josefsson here. A full transcript, edited for clarity, is below.

IoT Times. Talking about 5G, over the past few years the new networks have been appearing in many countries, and 5G is starting to provide some new use cases for IoT, especially for Critical IoT. Most of the applications are still in a trial phase; enterprises are figuring out if this can be deployed. How can we ensure that the security of those applications is designed from the start of those projects? Because the new projects are targeting critical infrastructure and critical applications.

Bodil Josefsson.  Absolutely, absolutely. That’s true. 5G will be a platform for connecting not just mobile broadband but connecting industries’ mission-critical applications because of the network capabilities that you have. As I mentioned before, lower latency and higher bandwidth enable those use cases that were not possible before. So 5G will really be a digital and critical infrastructure in itself. And that means that there are a lot of demands for that.

Two things are essential to keep in mind. One is that 5G was designed with security as one of the cornerstones already from the beginning. Using 5G as the bearer for this kind of information ensures that you have security protection there from the start. It has been all the way from the start of its standardization. It’s been part of what 5G should encompass. So that means it is a trusted platform for innovation, for the industries, for digitalization. So that is one thing.

The other thing I would say is that everyone in the IoT ecosystem needs to think about security from the start. And that is, of course, for us, being a telecom vendor, but it’s also for the telecom operators, for the ones designing the applications, and the ones designing the devices. So all of them need to think about security from the start—everyone in the value chain.

And, at Ericsson, we have something we call SRM, Security Reliability Model. This is a process that we have to secure that we have security and privacy built-in already from the start. When we start with early research, with standardization, with development, deployment, and operation of the systems, security and privacy are part of that. And similar systems need to be followed by everyone in the value chain of IoT.

I would say these two facts, having a secure foundation being 5G, which has it from the beginning, and having a methodology by all players in the ecosystem to ensure security is there from the start is crucial to making this work.

IoT Times.  At Ericsson, as an infrastructure provider for cellular connectivity, most of your customers are the carriers, the communication service providers, or the telecom operators. How do you see their role in supporting enterprises to reduce their security risks, especially on IoT?

Bodil Josefsson.  Telecom operators are, of course, providing and should provide reliable connectivity. They should be providing identity management, the identities that are trusted, and security assurance. These parts are things that the telecom operators offer, such as a robust network, a reliable network with availability, and security and privacy.

In addition to that, telecom operators have a unique asset, in the sense that they have the insights into the connectivity domain, so into the traffic as such. The traffic that goes from the devices and through the network to the application is actually visible to the telecom operators. So they can detect if there are threats or if something is going on in the networks that could be signs of attacks. And that insight can then be turned into proposing mitigations, how to respond to these threats. Maybe connections should be shut off, or possibly blocking access to specific IP addresses that are suspicious. So they can add this to their basic connectivity offer. They can add something that builds on these analytics of the insights from the network.

IoT Times.  About Ericsson and IoT security, can you mention any specific IoT security application that Ericsson offers to its customers?

Bodil Josefsson.  Absolutely. As you might be aware, we have an IoT connectivity management platform in our portfolio called IoT Accelerator. This is a platform that we host ourselves.

We host equipment, and we sell it as a service to our customers, the telecom operators, and they sell the solution to the enterprises that have IoT services. This is a platform that is available worldwide.

We have more than 6,500 enterprises on the platform, over 70 million connections. So it’s big, and it’s growing fast. So this is a platform for connectivity. It’s a secure platform. We follow the SRM that we use within Ericsson to develop it and ensure that it’s a trusted and secure platform.

But what we are doing now is adding a capability to this platform to monitor and mitigate IoT security threats. This is an extended capability on our platform. It will also be hosted by us. It will also be sold as a service. The telecom operators will be able to add this capability to their offerings for our customers.

We call the service “Threat Monitoring and Mitigation.” And what it does is monitoring the traffic in the network from the device that passes through the IoT accelerator core network to the cloud, and can detect if there are any threats, and is also able to propose remedies and act on those threats and block in certain ways, blocking subscriptions or part of the network and so on.

This is a capability that is built on our Ericsson Security Manager. This is a security automation management platform that protects, detects, and responds to various contexts, not only IoT.

We see a lot of interest from our CSPs to add this capability because they are asked by their customers to have some service that works this way. And we also see a lot of interest directly from their customers, especially automotive and other industries with a high demand for security and critical applications.

This article was originally published on EE Times.

Pablo Valerio has been in the IT industry for 25+ years, mostly working for American companies in Europe. While primarily based in Barcelona, he has also lived in the United States, Germany, The Netherlands and Denmark. His knowledge of the European IT business and his interest in EU technology initiatives spurred his move to technology writing. For the past 10 years he has been a regular contributor to several publications in the IT ecosystem, focusing on networks, IoT, security, mobile technology and smart cities. His work appears in EE Times, InformationWeek, EBN, LightReading, Network Computing, and SAP Business Innovation, among others. He publishes the site “Cities of the Future”, focusing on Smart Cities, Environment, and Sustainable Mobility. Pablo holds a MS in Electrical Engineering from The Ohio State University, and a Private Pilot License. You can follow him on twitter @pabl0valerio

Subscribe to Newsletter

Leave a comment