LIVE FROM MOBILE 360 SECURITY FOR 5G, THE HAGUE: Turkcell’s director of technology governance and security put the task of delivering protection in the 5G era into context, noting the key approaches will not differ greatly from those already deployed in the broader IT sector.

Feridun Aktas (pictured) told delegates the operator’s and his own experience suggests three main approaches will carry over from the IT world into 5G security: protecting endpoints; platform enablers; and the use of AI to secure the next-generation networks.

Turkcell, he noted, gathered broad expertise in the matter due to its push to “change the paradigm of operators from pipe enablers to digital operators”, a move which has highlighted the scale of the potential challenge in delivering 5G security: “We have roughly 50 million operator subscriptions, whereas we have roughly 94 million digital services”.

Aktas also noted the number of IoT devices in use today is 30-times greater than the global population, a factor which increases the potential attack plane as more operators deploy 5G networks.

The key to ensuring massive breaches such as high-profile DDoS attacks on critical systems are prevented in the new era is learning from the mistakes of the past, he argued.

Pointing to the Dyn cyberattack in 2016, Aktas explained this gained traction swiftly by exploiting a lack of security in CCTV and other cameras. Incorporating security chips in such products was deemed non-essential, something which simply pushed up the cost and time to manufacture a product built only to “transfer video to the servers or to your phones”.

He cautioned the same mistakes could be made with IoT devices, noting the same cost and production pressures apply across the board, from small devices to large-scale projects such as aircraft.

Fightback
Aktas explained AI is a key weapon in tackling the potential growing threat of cyberattacks in the 5G era, and a key focus on Turkcell’s current efforts.

The operator is on the brink of completing development of an AI-based system which can take into account the broad variety of data points its shift to becoming a digital services provider is generating. “We have so many different data sources and we are feeding them to our AI-based learning system and trying to get some security outcomes.”

An example would be a sudden spike in the amount of data used by a subscriber who regularly uses a banking app, he explained, adding a similar approach applies to devices connected to its network in terms of Turkcell being able to identify if it is genuine.

The scale of data sources is also being employed to develop an AI-based prediction system, which Aktas said will be able to “predict an attack before it happens, without any correlation”. Such systems will be crucial as the growing number of IoT devices makes identifying attacks manually like searching for a needle in a “big haystack”.