RSAC 2024 Day 2: IoT Security Questions (and Answers)

RSA Conference delivers in terms of interesting dialogues with other cybersecurity professionals, and this year while there is not much on the conference agenda related to IoT security there is a lot of discussion about it.  Whether it’s the UK’s Product Security law going into effect at the end of April, the growing focus by CISA on SBOMs and other methods to make IoT more secure, or how cyber insurers are considering IoT more in underwriting decisions, there has been a lot more urgency around IoT security since RSAC 2023.  

One of the more interesting topics that came up yesterday was on the impact of 5G on the growth of IoT in the enterprise.  Now that 5G systems are in full deployment from network operators a second phase is underway – 5G adoption by enterprises to gain significant operational efficiencies, launch new products, and perform more sophisticated analytics.  5G, by eliminating latency and bandwidth barriers of previous wireless technologies, enables something never possible before – real time, remote (edge), and data-intensive operations.  It’s a technology shift where organizations who do not embrace it will be at a significant disadvantage.  At the same time however it rapidly expands the attack surface for cyber criminals and presents new forms of security challenges that current cybersecurity solutions do not address. Specifically, the expansion of IoT/OT devices that are known to be easily breached and easy to pivot laterally into corporate networks from will be magnified by 5G.  Viakoo’s ability to enable all enterprise IoT/OT devices to be visible, operational, and secure will be required to manage the cyber risks associated with 5G deployments. 

Q1:  Isn’t 5G just another “transport layer”?  How does it change enterprise security? 

A1:  There are four major security differences in moving to 5G as compared to other networking approaches.  First is simply the number of IoT/OT devices that will be added because of 5G’s unique ability to bring high bandwidth and low latency to mobile situations; for example cars are not the only “devices” needed to make autonomous driving work – there will be sensors, control systems, and other edge processing devices also required, expanding the current IoT landscape.  Second, for enterprises many will choose to deploy private 5G networks for cost reasons, but then will have to design and support a security strategy themselves for it (rather than rely on the network provider).  Third, there will be new forms of vulnerabilities developed that take advantage to 5G; specifically as IoT devices are easily breached, threat actors will leverage their 5G connectivity to establish a cyber kill chain more quickly and deeply than was possible before.  Fourth, the number and functionality of edge devices truly expands the “blast radius” of a cyber incident, both in scope and severity. 

Q2:  Does 5G make IoT more secure, or do we need to come up with new security solutions?

A2:  5G brings to the enterprise wireless networks more advanced software-defined networking (SDN) capabilities, which may help to more quickly stop infected IoT/OT devices by port-blocking or changing their network connectivity.  However, as discussed earlier many of the applications relying on 5G cannot be taken off the network (think of the autonomous driving cars all crashing because a sensor got breached).  Ultimately the combination of SDN, automated cyber vulnerability remediation, and 5G will force new solutions to be used to secure IoT/OT devices. 

Q3:  What security technologies will 5G most impact. 

A3:  There are three security technologies that will be greatly accelerated by 5G; Zero Trust, Agentless Security, and Security Orchestration and Response (SOAR).  Zero Trust should be the de facto standard with 5G to decide on network access; extending it to all IoT/OT devices on a 5G network will be an imperative.  Because 5G dramatically expands the number and types of IoT/OT devices connected to a network (devices that do not support agents), agentless security solutions will be required to maintain device security.  The latency and SDN advantages of 5G will accelerate and demand new forms of SOAR capabilities to increase the speed by which an attack can be both mitigated and remediated. 

Not as RSAC and have IoT security questions you’d like to discuss?  Or at RSAC and want to discuss away from the conference?   Schedule some 1:1 time with a Viakoo IoT security expert.  Just click here to schedule a 30 minute Zoom call – and bring your toughest questions!

Share this