The power of 5G networks will one day usher in new generations of IoT applications, but large-scale adoption may still be a long way off. For one thing, none of the network providers is anywhere near full rollout. In the US, for example, the three biggest mobile network providers are ahead of the curve, but they still have a lot to do. According to software company WhistleOut, which compares internet and mobile phone providers, T-Mobile offers 5G coverage in 53.79% of the country, AT&T in 29.52%, and Verizon in 12.77%, as of June 2024.
CIOs do have the option of using a private 5G network, where 5G protocols are used with equipment like what’s deployed in public networks, but the network is run by either the end customer or a third-party provider, instead of a public operator. Whether the network is a public or private network, another big concern is that 5G may be overkill for most use cases. Moreover, enterprise use of 5G for IoT is so new that anybody who uses it now will have to face all the challenges that come with being an early adopter.
So CIOs looking to use 5G for IoT in the near term should first ask these three important questions.
Do other network protocols better suit my needs?
The three main use cases of 5G wireless technology were originally specified by the 3G partner program (3GPP). The first is enhanced mobile broadband for cell phone users. The second is for ultra-reliable, low latency data communication for applications like remote medical diagnosis and automated cars, where latency and reliability are tantamount. And the third is massive machine-to-machine communication, where a million devices can connect per square kilometer.
“If there’s an alarm and you want to take an action on it, you need to be able to take it within a few milliseconds to avoid potentially damaging an expensive asset,” he adds. “That’s an example of the mission-critical, ultra-reliable IoT that 5G can support. Then there’s massive IoT density, like a smart city or smart factory, for example, with up to millions of devices. Here, latency and bandwidth aren’t as important as connectivity to a large number of devices in a relatively small area.”
These are the two broad categories of use cases where 5G was originally specified to serve IoT. But over time, it became clear from looking more closely at the most prevalent IoT use cases that these two extreme categories wouldn’t be enough. Something else needed to be offered for lower-end applications.
To address this issue, the 3GPP standards committee last year introduced Reduced Capability, also called RedCap or NR-Light, in Release 17 of the standards. Reduced capability specifies throughputs of 150 and 50 Mbps in the downlink and uplink, respectively, which is much more than what’s needed by the current generation of IoT applications.
Other networking protocols that have been serving IoT applications for around two decades may still be the best solution. These technologies are specifically designed to serve simple battery-powered devices with limited processing power not made to be connected directly to the internet because they’re kept as basic and frugal as possible. A processor too busy communicating can’t do much else unless you beef it up, and handling sophisticated protocols would wear the battery down too quickly. Moreover, the devices sometimes operate in remote locations that are out of reach for public wireless networks. Specialized wireless protocols, like LoRa and Sigfox, were developed to support IoT with reduced communication over longer distances, using inexpensive base stations that are easy to deploy and operate.
“LoRa, Sigfox, and other existing IoT networks are still the best option for a lot of enterprise needs — and at significantly lower cost,” says Jeremy Prince, IoT consultant and former president of France-based Sigfox. “One of the features of these specialized protocols is the devices don’t pair with the network, which reduces the amount of processing on the device and the number of exchanges over the network. In existing protocols, very little data is sent from the server to the device.”
Sigfox is well established, with more than 70 national independent providers globally, and devices built for one network can be run on any of the others. Currently, over 13 million sensors are connected for 1,500 customers.
In 2022, Sigfox was acquired by UnaBiz, a global IoT service provider and integrator headquartered in Singapore. Even after buying Sigfox, the company remains network agnostic, working with a range of other protocols including LoRaWAN, LTE-M, NB-IoT and Satellite. “Sometimes, we use pure Sigfox or pure LoRaWAN, and sometimes we build a hybrid solution, like Nicigas, Japan’s leading LPG gas company that deployed 1.4 million sensors in Japan based on a combination of Sigfox and LTE-M,” says Alexis Susset, group CTO of UnaBiz.
One of the interesting things about the specialized networks, according to Susset, is that because they use unlicensed frequency bands, they don’t have high upfront costs. By contrast, public networks spend up to billions of dollars on 3G, 4G, and 5G licenses and have to recover that investment by squeezing as much usage out of the frequencies as possible. Moreover, because 5G chipsets and modems are still very costly today, devices that connect to 5G networks are very expensive.
“You need scale to make it cheaper,” says Susset. “But you can’t really scale because 5G is not available everywhere.”
What are the cybersecurity risks for the network I’ve chosen?
“With 5G comes more data exchanges in both directions, widening the attack surface,” says Dan Lohrmann, field CISO at IT consultancy Presidio. “Bad actors can more easily find a device and scan it for known vulnerability and missing patches. The large amount of data generated by IoT devices also presents privacy concerns as it’s transmitted and stored across networks. Plus, adversary-in-the-middle attacks can intercept — and sometimes alter — communication between IoT devices when authentication mechanisms are weak.”
But the more traditional IoT networks come with their own security threats, such as default passwords not being changed and passwords that are easily discovered and compromised with brute force and other attacks. Multi-factor security can’t be implemented with the traditional protocols where data flow is largely unidirectional from the device to the server. Moreover, security patches can’t easily be applied, and firmware updates or other hardware changes are difficult to deploy.
“Several significant security vulnerabilities have been documented against these lower-cost IoT solutions using these protocols,” says Lohrmann. “These threats include DDoS, bit-flipping where the attacker changes the encrypted message that results in predictable changes to the plain text, acknowledgment spoofing, and root key management attacks, which could undermine the benefits of encryption. While there are ways to protect against these cyberthreats, the current versions are not as secure as they could be.”
According to Lohrmann, new versions of traditional IoT network protocols are being developed and tested, but much of what’s operating today has demonstrated problems with security. “For CIOs interested in significant deployments using LoRa, Sigfox, and other traditional protocols, it’s important to determine if current versions meet their network security requirements,” says Lohrmann. “You might need to wait for new, more secure, upgrades.”
Can I build a solution, or should I outsource?
Regardless of the network, IoT is not yet mature enough to offer a lot of off-the-shelf solutions. Enterprises typically need to either build their own solution or outsource the work to an integrator. “Unless you have very simple use cases that other companies have already addressed, it’s probably best to use an integrator,” says Sigfox’s Prince.
When you start working with an integrator, try to understand what allegiances they have and which biases they bring to the conversation, adds Susset. Most solution providers have preferences for network protocols and operators, and they have expertise in certain types of cybersecurity. Unabiz tries to overcome bias by deploying teams with expertise in different protocols, in hopes that they’ll remain agnostic as a group.
Susset advises CIOs to ask integrators to explain why they think the technology they’re close to is the right fit for the use case at hand. “Very often they open up and tell you the pros and cons and help you make the right choice for your project,” he says.
https://www.cio.com/article/3477910/3-questions-to-ask-before-adopting-5g-for-iot.html