With 5G wireless networks continuing to be deployed in 2020, the issue of 5G cybersecurity remains a huge area of uncertainty. Despite telcos’ enthusiasm to roll out the network as quickly as possible, Dr. Ibrahim Gedeon, CTO of Canadian telecom provider, TELUS, stresses that security is not a feature that should be added after the design of a product or service, but rather as an integral part of the design process. He believes that building secure products from the ground-up requires a strong reliance on a root of trust.
Telecom Review secured an interview with Dr. Gedeon where he spoke about how TELUS is operating to secure its 5G networks and the cybersecurity challenges operators are facing in their journey to commercially rollout 5G.
2019 saw the beginning of the rollout of 5G. What are some of the lessons learned from initial deployments?
TELUS has not officially rolled out 5G. Canadian regulators have not auctioned the integral 3.5GHz band yet, which is scheduled to occur sometime this year. We will start to rollout 5G in 2020 but we will do so when we can offer network speeds that build on our world-class LTE-A Pro. Our initial pilot deployments have been very promising. However, TELUS believes 5G is a marathon, not a sprint, and some of the most meaningful capabilities which will emerge gradually, require a 5G core architecture and an edge computing deployment.
In the era of 5G, where should telcos direct their focus in order to reach their full potential and reap its benefits?
We believe 5G holds a paradigm shift in the rollout of networks. Services and applications are where the “magic” lies. We are assuming the debate over fiberizing cell sites is over. Leveraging the ability to define networks and applications in SW with full automation is where the emphasis resides. Building edge computing capabilities is a major differentiator for telcos who are uniquely positioned to offer low latency capabilities.
How is spectrum allocation affecting 5G deployments worldwide? What role are regulators playing here?
There are lots of studies that have been conducted on what is the right amount of spectrum, and namely focused on 3.5GHz. In my opinion, 100MHz per operator should be the norm. Regulators traditionally used to unlock a new band every few years in a rigorous fashion. In my opinion, regulators have to be more agile and be at the forefront of technology rather than reacting to it. The concept of 5G was born in 2014 and the NGMN white paper was shared in 2015 at MWC in Barcelona. 3GPP started the work on spectrum in 2016. We are in 2020 now and some regulators are still developing their spectrum strategy. In this era of change and with the importance of being connected, I believe five years is too long for a spectrum strategy. Regulators should realize that they are competing with other countries, and that their 5G policy has a distinct impact on the future growth of their economy. Some regulators understand this and have taken early action to release large channels of mid-band spectrum like 3.5 GHz with a mechanism that minimizes the price of spectrum. Others are still trying to monetize spectrum with auction constructs resulting in very high prices that eventually becomes a hidden tax on consumers.
As the amount of connected devices continues to increase, security and privacy are a primary concern. What is the best cybersecurity model to be adopted in the era of 5G?
In today’s society of connected devices, security and privacy are essential. I would like to add ethical AI to the mix, which is critical as people rely more on operators and OTT integrators for managing all aspects of their life. As technical innovators, we sometimes believe once we get the technology right we will secure it, then make it ethical, and then ensure it is private. From a security point of view, TELUS is a huge supporter of the Zero Trust Architecture (ZTA) initiatives both within NIST and ETSI. We believe with the agility of our industry, the era of secure, private and ethical by design is here and that is our stance. TELUS is one of only five companies in Canada – and the only telecommunications company – to have secured a Privacy by Design (PbD) certification. We have transformed the seven PbD principles into specifications and recommendations for developers and innovators across our company to ensure privacy is embedded as an essential component of our products and services. Building secure products from the ground-up requires a strong reliance on a root of trust. You cannot add security by design into product and service without ZTA and most importantly without hardware based RoT (which ensures security that is grounded with a hardware root of trust). TELUS along with BlackBerry and Solace with L–Spark in Canada have a prototype to support startups in the IoT space to move the industry towards ZTA. On AI and ethical AI, we have a framework and are working globally with the GSMA.
In your opinion, does the level of readiness in terms of cybersecurity affect 5G deployments?
I believe the hype has been around equipment in concert with global politics; the Canadian, UK and EU efforts are ensuring the safety of the wireless transport network 5G. I believe that should apply to all vendors and equipment. In addition to this, the key is and always will be operator hygiene in terms of cybersecurity. I would urge colleagues to look at the draft “Ottawa Accord” and its critical role to ensure a certain level of proficiency for the CSO community. Our emphasis is on securing the end points. IoT devices will come from anywhere and can be produced by anyone, thus ZTA. In a nutshell, networks ready-ish end point needs to be worked on.