How 5G helps secure the ever-expanding Internet of Things.

With cybersecurity top of mind among business leaders due to unrelenting threats, we at T-Mobile created an IoT security team that anticipated this new frontier in connectivity. The group embraces a holistic approach to hardening a network against attacks. The measures include everything from collaborating with equipment manufacturers to ensure their devices have the proper safeguards, to working with customers on the physical design of a network setup. We’re also very active in the global development of new 5G security specifications that strengthened the security of IoT wireless communications.

As a result of these efforts, businesses like yours can confidently capitalize on the possibilities created by IoT—so long as you’ve prepared by putting the proper processes and infrastructure in place.

IoT devices may be part of your day-to-day operations. Popular use cases include asset tracking, vehicle telemetry, factory automation, and utility networks. But emerging 5G-capable IoT devices and next-generation use cases—like new kinds of wearable technologies, autonomous mobile robots, and massive sensor networks—will require more sophisticated and secure connectivity. 

A staggering number of IoT devices—35.8 billion—were installed worldwide by the end of 2021, according to TechJury, a technology review website. Their report on IoT devices includes cameras, sensors, supply chain tags, environmental control devices, and the asset trackers companies use to monitor equipment. The installed number of IoT devices is expected to surpass 75 billion by 2025—and generate roughly 79 zettabytes of data. 

To put that in perspective, a large enterprise may have 1 petabyte of data distributed across several databases. A zettabyte is a million times as much data as a petabyte. That means nearly 80 million petabytes of proprietary and private information will need protection from malicious actors intent on intercepting it.

On the T-Mobile network, data is protected using industry-recommended encryption algorithms. In some situations, T-Mobile 5G wireless encryption is the outer wrapper of several layers of encryption. T-Mobile for Business customers using end-to-end application layer encryption, like HTTPS or another secure IP network protocol, can help protect against potential man-in-the-middle (MITM) attacks.

Even with these 5G security safeguards in place, organizations must stay current with emerging threats and the latest protective measures. As technologies change, so does the guidance. The good news is regular upgrades, new innovations in 5G networking, and ongoing development of improved 5G security specifications will continue to protect IoT devices and the data they emit. 

5G—in particular, 5G Standalone—supports network slicing, which adds another layer of data protection. 5G Standalone refers to a 5G network where the 5G New Radio access technology operates on a 5G network core, rather than overlaying an existing 4G LTE network core. By creating private, designated paths for data transmission, 5G-enabled network slicing will provide additional protection for customer data.

Shawn Corey, Cybersecurity Engineer & Member of Technical Staff, T-Mobile

Data protection is only one element of our multi-pronged approach to help customers make IoT environments more secure. Security must be baked in at all levels and the network protected at every access point. At T-Mobile, that begins with the integrity of 5G network infrastructure.

To further protect our customers’ data, we developed a rigorous set of foundational security standards and strict platform requirements—from the chipset level and booting process all the way through to the operating system, communications interfaces, and storage. We also work with device manufacturers to ensure consistency and compliance with our standards. Equipment is not deployed on the T-Mobile network until it passes rigorous security tests, including our own cybersecurity engineers’ attempts to break or hack into a device.

“We use the same methods that malicious actors do to find potential security issues,” says Shawn Corey, a T-Mobile cybersecurity veteran who founded our IoT security group. “We take a deep dive into each device and focus on everything from the physical design to the backend cloud services and see if it needs hardening.”

This kind of under-the-hood security assessment includes determining whether the necessary anti-tampering measures are in place. For more critical devices, we require manufacturers to install a tampering alarm that goes off if the equipment is physically opened. The software on a device is also examined. 

“We have a set of strong restrictions on what software and services can run on the network, as well as on the devices that connect to the network,’’ Corey adds. “And we require that they are developed using secure practices.” 

Externally, we have representatives in numerous leadership roles across industry standards development organizations and forums that create and define new 5G security specifications. Two of the mobile industry’s influential bodies relating to mobile security specifications are 3GPP and GSMA. In 2019, GSMA launched a two-phased approach to addressing global 5G security concerns. GSMA and 3GPP came together to develop the program, named Network Equipment Security Assurance Scheme (NESAS).

According to Todd Gibson, a T-Mobile telecom cybersecurity expert who founded our Secure 5G Program, “GSMA’s NESAS program is a critical activity that we have supported and contributed to since before the 2019 launch. The independent security audits and security testing by accredited third parties allow T-Mobile to deliver secure 5G platforms into our networks.”

“T-Mobile has a subject matter expert who sits on the NESAS Oversight Board, and we continue to proactively contribute to the evolution of the NESAS,” Gibson adds. “T-Mobile is the only U.S. domestic wireless service provider that is engaged in the NESAS program and ensures that we leverage the most secure vendors and products within our 5G network.”

Businesses and consumers alike can rest easier knowing that any T-Mobile equipment they receive meets or exceeds industry-best standards for security. Additional layers of cybersecurity, controls, and capabilities are added in accordance with standards bodies, as well as the Cellular Telecommunications and Internet Association (CTIA) and supply chain risk management programs.

We also work with business customers on their own system designs to ensure they know best practices in enterprise-wide security. That includes using T-Mobile fleet management tools to make configuration changes and other updates to many devices across a far-reaching IoT network. “Instead of going device by device,” Corey says, “some network enhancements can be pushed out with a click of a button.”

IoT devices are sure to have a growing impact on business operations. Connected devices of all shapes and sizes are getting smarter, offering richer experiences, and generating more data.

Securing the network and all of that data is, and will continue to be, a challenge that requires an organization’s undivided attention. The potential points of vulnerability include physical devices, software/firmware, and security settings. 

But because 5G is designed to provide robust security, protecting an extensive IoT network has become that much more manageable. With proper awareness, best practices, and partnerships in place, business managers can confidently forge ahead into the fast-emerging world of IoT to pursue the new opportunities this technology makes possible.