What should the organizations 'must do' to ensure a cyber-secure environment in the 5G world?
Protecting 5G systems will involve many components of enterprise infrastructure with which many are already familiar: HSM cryptography, public key infrastructure (PKI), certificate authority (CA), and effective cryptographic management tools. In our experience, 5G providers have been proactively using CAs to establish interagency trust. As part of a PKI, CAs also help digitally authenticate objects and devices, creating the infrastructure for a secure network. Investing in these cryptographic solutions — and ensuring that you go with a highly available and scalable solution —will be critical to maintaining trust as 5G networks evolve.
Are there any technology and policy related challenges Indian telcos are facing while implementing 5G? What are those challenges?
5G implementation will provide many benefits, but it is costly to replace existing 4G infrastructure, and the process is not instantaneous. For example, while 5G is currently being rolled out in India, it will start in select cities. On the enterprise side, larger organizations may choose to use 5G’s capability to serve as a private network, but more examples of this will need to be studied in order to observe the biggest challenges aside from cost alone. For consumers, there will be things to figure out, such as how proximity to 5G cellular towers affects wireless service, as well as the structure of wireless carriers’ 5G plans, and more.
Cyber experts believe that even with new safeguards, 5G networks will still be subject to many of the same data-targeted cyberattacks currently present. What is it so and how can these challenges be addressed?
Insofar as 5G technology uses some of the same tools as web technologies opens it up to certain vulnerabilities that we’ve come to expect on the web. Whereas in the IoT sector, vulnerabilities within unsecured devices — even seemingly minor occurrences such as outdated firmware — can open the door to devastating botnet attacks. At the end of the day, the overarching solution remains the same: to be proactive and invest in cryptographic infrastructure that will scale to meet future challenges, both in terms of throughput and processing power, but functionality as well. Agility is what’s needed to adapt to the changing data security environment.
Do you see demand for new security solutions from telcos and companies looking to benefit from 5G?
The Indian government instituted the Information Technology Act in 2000 (and an amendment in 2008), which proactively required PKI to be implemented to ensure message integrity and identity authentication. PKI is still relevant to telecos and 5G providers today, as it allows digital objects and devices to be authenticated across the network. Where there's a need for PKI, there's a need for HSMs to secure private keys and process encryption tasks. Telcos and 5G providers are looking for highly scalable cryptographic systems involving PKI and HSMs that can do all this in a simple and streamlined manner.
How is Futurex helping organizations to adhere to these directives?
India is well known for its comprehensive cybersecurity regulations. One such regulation involves data localization: consumer data at rest must be stored in data centers within the country. This is one reason why Futurex has established data centers in India. In telecommunications, however, the Indian Telecom Security Assurance Requirements (ITSARs) articulated by the Department of Telecommunications provide a framework for securing mobile device and network communications. Futurex offers a versatile range of solutions for ensuring cybersecurity best practices such as these.
Futurex being a global enterprise data security solutions firm is active in countries where 5G has already been launched. Are you replicating those services in the Indian market as well or the Indian market needs a different kind of approach?
Certain solutions that work in a region like North America will also work in India. For example, the Indian market relies on HSMs certified under PCI compliance standards, just like in North America. Even though India upholds rigorous compliance standards, the process of meeting those requirements is not too strenuous for vendors like Futurex, who design and manufacture cryptographic solutions that inherently meet the strictest international compliance requirements. Moreover, Futurex operates local data centers in Hyderabad and Mumbai, allowing our solutions to meet data localization requirements. In short, some small adjustments will be inevitable, but for vendors like Futurex — who already have a significant presence in India — the transition is expected to be smooth and straight forward.
How does Futurex provide a secure environment in the 5G world, while supporting all relevant 3G and 4G and protecting against physical attacks in compliance with regulations?
In its aim to design highly compliant cryptographic solutions, Futurex subjects them to rigorous physical and logical stress testing. This is why they are certified under strict compliance standards such as the US FIPS 140-2 Level 3 and the international PCI PTS HSM v3. The fact that our solutions meet criteria which satisfy these requirements helps them achieve compliance with a wide range of other standards, as well.
How do you assist policy makers globally and in India to facilitate data confidentiality?
It would be difficult to overstate the depth of Futurex’s commitment to data security. In addition to providing consultations and on-site assistance to clients, Futurex regularly publishes reports and writes posts about the most important issues in modern cybersecurity. Futurex also hosts yearly conferences in which it (and a roster of special guest speakers from across the global industry) share best practices and analyze global cybersecurity trends. In addition, certain Futurex executives have lent their expertise to industry standards bodies such as the Accredited Standards Committee X9 and the Payment Card Industry Security Standards Council (PCI SSC).