New processes, new threats and new security challenges in industrial 5G

Security threats for companies operating in different verticals increase when a new technology is integrated into a legacy system with increase of connected devices

Changes in processes and the conversion of IT and OT teams create new challenges and security vulnerabilities for companies in different verticals. These threats increase when a new technology is integrated into a legacy system with increase of connected devices.

In a panel at the recent RCR Wireless News’ Industrial 5G Forum, Vijayakumar Kempuraj, digital twin lead at Ford, Pamela Gupta, CEO of Trusted AI and Neils Konig, head of department production metrology at Fraunhofer IPT and coordinator of 5G Industry Campus Europe, talked about how can industries reduce operational complexity and integrate a large ecosystem of new technologies, and how can they integrate 5G with a broader security system.

Commenting about what are the main challenges in terms of security for companies related to the convergence of IT and OT teams, Gupta said that the way it has been possible to do that is to have security technology and the right security configurations in place. “5G throws all that out of the window, because it doesn’t follow that same paradigm of being able to segregate out the two environments in the same fashion through security technology such as firewalls, for example, because 5G is directing traffic to routers and it’s not centralized,” she said.

“The challenge is different. And that’s why it’s really important to not have that tried and proven model of “This is how it has worked and this is what we can do in the future to enhance and secure our business,” Gupta added.

“When it comes to convergence of IT and OT teams in a company, we have to understand that these technologies come from different industries. On the one end, we have the mobile communication industry. And then, we have the production industry and the OT vendors. Of course, they have different cultures and different vocabularies, different paradigms,” said Konig.

“That itself, I would say, is a challenge. But when it comes to bringing it all together, then I think they’re able to understand each other. We’ll have, let’s say, the production IT talk to the MNO or to the mobile communication vendor. That’s where I do not see such a big challenge. Where I see a challenge is that the ecosystems are somehow different, and the security architecture of 5G or mobile communication technology at work is somehow different from what we know from the production IT security standpoint,” he added.

Konig also highlighted that there are surveys that were explicitly asking for cybersecurity of 5G when introduced to production. “The majority of companies recognize that 5G can contribute to the industry. But on the other hand, 75% of them understand that special security measures need to be taken for 5G in industry.”

“The bigger thing that I’m seeing is the legacy systems … When we integrate that bringing in older OT systems, it may not support the modern security measures, leaving them exposed to the threats,” said Kempuraj.

“Another big thing is skill gaps. There may be a lack of personal expertise in both IT and security, because this should work hand in hand. Always these are two different worlds, and bringing those two people in the same place and making them to understand or making them to talk the common language is sometimes very difficult,” he added.

When asked about if there any specific risks in terms of security for manufacturers willing to implement 5G, Konig noted that it is important to understand that there is a fundamental difference between public 5G networks and private 5G networks, especially in terms of cybersecurity. “It’s clear that on-premise 5G networks, non-public networks, which are really on-premise, they have the highest security level. And the public networks they have, let’s say, the lowest, but that doesn’t necessarily mean that it’s unsecured,” he said.