Receive our newsletter - data, analysis and deep insights on FDI delivered to you
Tech / AI

IoT must meet security standards for wide-scale acceptance in the 5G era

The internet of things has seen its march to worldwide ubiquity slowed by the Covid-19 pandemic. Will the lack of a global cybersecurity standard hamper its progress further?

internet-of-things
Growth in the IoT market has been sluggish during the pandemic and growth may be hampered further by the lack of a common cybersecurity standard. (Photo by one photo/Shutterstock)

As the world reopens for business, 2021 is seen as a year of cybersecurity catch-up for the internet of things (IoT) – one of many technology themes impacted by the Covid-19 pandemic and the ongoing chip shortage. While IoT has a brighter year ahead, the issues which dogged the area in the 2010s continue to do so.

Although 2020 may have seen more people going online for work and play, IoT ironically became less of a ‘thing’ last year, according to a report published in April on the theme. GlobalData analysts report sluggish growth in the overall IoT market as Covid-19 interrupted IoT deployments. In the consumer IoT domain, the connected car market declined by 10%, and the automated home segment saw just 1% growth in 2020.

The IoT market as a whole encompasses everything from smart cities to wearables and industrial machinery. This is all made possible by connected sensors and actuators of the IoT, which control and monitor environments and the things that move within them, along with the response of people to both.

White papers from our partners

IoT is potentially an even more pervasive kind of tech than today’s computers and mobile devices  –  and yet it isn’t pervasive as things stand. However, it has evolved from the days of retrofitted ‘grimy IoT’ and machine-to-machine implementations, aimed at industrial control and remote management, into the current age of ‘shiny IoT’.

Analysts such as GlobalData’s Michael Orme say broadscale 5G adoption needs to take off for the next stage of pervasive IoT to happen, with “hundreds of billions of smart-connected devices ranging from light bulbs to cars, and from biomedical wearables to smart buildings, making up the ‘internet of everything’ from 2025 onwards”.

IoT will therefore become the solution, and create new business models with it.

However, before all this can happen, IoT will also need a unified and global cybersecurity standard. This is because as the number of connected devices increases, so does a massive security gap with more and more potential for cyberattacks.

The kill switch

The multi-layered nature of the IoT creates a huge attack surface, whether through devices, connections, data, apps or services, yet there are no globally accepted standards spanning all five layers of the IoT value chain. This hasn’t gone unnoticed: regulatory initiatives such as the EU’s General Data Protection Regulation are slowly emerging. More manufacturers, meanwhile, are designing IoT devices with prebuilt cyber applications, while also providing users with the necessary software updates to patch security breaches. This is important as IoT cybersecurity begins with device design and the choices that engineers make when developing their IoT products.

On the question of universal security standards, few technologies have seen genuinely global standards beyond, say, mobile telecoms. David George, GlobalData

However, this is not enough. Current IoT ecosystems lack adequate security regulations, with most devices having weak or no security controls – and as GlobalData analysts state, legislation covering IoT cybersecurity “remains a fragmented patchwork of laws that do not address concerns around IoT security as a whole”.

For IoT tech the primary focus is endpoint security, which refers to the protection of connected devices. Intermediate gateways and routers will also need to be effectively secured, along with central servers, which contain the bulk of the most valuable data.

It is important to bear in mind that attacks on industrial equipment and critical national infrastructure can be a significant threat, as shown by the recent Colonial Pipeline hack. Perhaps the threat is best expressed in GlobalData’s report. “If a cyberattack hits your PC, it is a nuisance,” its authors state, “but if your connected car suffers a cyberattack, it could kill you.”

5G’s role in IoT cybersecurity

“On the question of universal security standards, few technologies have seen genuinely global standards beyond, say, mobile telecoms,” says GlobalData analyst David George. “ETSI released in June 2020 a standard for consumer IoT devices that it described as a ‘security baseline’ and that could provide a basis for future IoT certification; it focuses on building security into the design of devices rather than as an afterthought.”

While George says the ETSI standard is seeing growing adoption, in his eyes it is not yet ready to be called a global standard. The same can be said for similar initiatives such as a tech spec guide from the US National Institute of Standards and Technology centred around consumer IoT devices, and the US IoT Cybersecurity Improvement Act, which was signed in December 2020.

Some help may be found in another technology theme also impacted by the events of 2020: 5G, the worldwide deployment of which was affected just as much as IoT deployments last year. Being low cost, low power and wireless, 5G is potentially a huge enabler of pervasive IoT. Not only that, but its new global wireless standards may also be the obvious path to a single interconnection standard, something which a communications protocol for IoT will most probably need.

The world is ready for ‘massive IoT’

However, in those countries that have seen initial 5G roll-outs, public coverage remains low. Besides patchy signals for consumers, this means there is as little sign of a pervasive IoT revolution as there is of 5G becoming the world’s single interconnection standard any time soon. However, GlobalData analyst John Marcus believes there is a brighter picture when looking away from the consumer end of 5G.

5G-powered IoT is more relevant in the industrial space. To get a peek at the potential, it makes more sense to look at private 5G network deployments rather than looking at a country’s public 5G roll-out. John Marcus, GlobalData

“5G-powered IoT is more relevant in the industrial space,” he says. “To get a peek at the potential, it makes more sense to look at private 5G network deployments rather than looking at a country’s public 5G roll-out.”

Marcus points to smart factory examples such as Ford’s E:PriME facility in Essex, UK. He also flags up a Mercedes-Benz factory in Germany that, when launched in 2019, was the world’s first 5G wireless network in an automobile plant.

Marcus also notes that the pandemic “increased demand for enterprise and healthcare use cases around people tracking, remote equipment and site monitoring”.

Such applications, of course, raise the need for cybersecurity in IoT even higher.

Marcus also assesses that this brings the world one step closer to “massive IoT”, which entails the use of low-cost sensors and long-life batteries for smart meters, cities, buildings and homes, along with fleet management across a wide area as opposed to the localised kind of 5G coverage that is currently enabled. This type of application will mean Low-Power Wide Area Networking (LPWAN) technology, often used to deliver so-called narrowband IoT (NB-IoT) coverage. This is useful for things such as smart utility meters that don’t need to send a lot of data, but do need to be connected in large numbers to small amounts of infrastructure while running on a single battery charge for very long periods.

“For the wide area, you will need that coverage but you will also need roaming across the LPWAN part of the solution,” Marcus notes. “Vodafone and AT&T have partnered to open up access to their respective NB-IoT networks to each other, making it easier for customers to create massive IoT deployments that work across the US and parts of Europe, and Deutsche Telekom has recently upped its global roaming in this space too.”

Wafer woes

For better or for worse, the great IoT slowdown currently occurring will probably be exacerbated by the ongoing global chip shortage. Weak demand for automobiles due to the pandemic had caused automakers to cancel chip orders in 2020; much of this supply was then redirected to the booming consumer electronics market.

When demand for automobiles picked up again at the end of 2020 there was not enough chip supply to go around, leaving the auto industry at the back of the wafer queue. The problem has been made worse by factory fires and severe weather affecting production this year, sending shockwaves through global supply chains. IoT is also affected as chips are a key component of many smart devices, and more silicon is being added to many devices that previously had not required them, such as light bulbs.

The shortage may not be over until 2023 and will hobble IoT-related businesses according to their status profile with the chip foundries led by TSMC. Michael Orme, GlobalData

“The shortage may not be over until 2023 and will hobble IoT-related businesses according to their status profile with the chip foundries led by TSMC,” Orme tells Verdict. “Autos are the headline case, but smart cards are equally badly hit and even Apple and Samsung are suffering in high-end smartphones.”

George adds: “As auto production rebounds, meanwhile, we are already seeing stories of manufacturers removing certain features such as touchscreen and advanced infotainment. This impacts elements of what are generally categorised as connected cars.”

In Orme’s view, what happens next in the IoT theme depends on the buildout and reach of global manufacturing capacity. “TSMC, Samsung, Intel, GlobalFoundries, Infineon, SMIC, etc, have major projects under way set to go on stream by 2024/25,” he says. “How much of it is for mid-range and low-end semiconductors, which is where the vast bulk of IoT related demand will reside? Not enough, probably.”

Despite the delays, Orme still doesn’t think there will be enough time for a global IoT cybersecurity standard to be in place once normality has returned and 5G coverage starts to become widespread. Fellow GlobalData analyst David Bicknell, though, believes the countdown isn’t over just yet.

“I still think there is time for something of a reset,” he says. “I think that steamroller is still in a low gear. Business hasn’t got up to speed yet  –  there are still too many uncertainties about Covid.

“Smart cities are now ‘uncertain cities’, still trying to predict what the future holds. Cyberattacks are not diminishing in number or severity. Dabbing the brakes now might be a smart move.”

Find the GlobalData Internet of Things – Thematic Research report here.

Giacomo Lee is themes editor for Verdict.