This year, after catching up with Friend’s Blogs about the Mobile World Congress and the latest security revelations which seem to be coming around frequently these days – apparently Cyber Security is the new “Thing”. Hardly surprising, as it something else for the Snake Oil sellers. More antivirus products I expect! And of course, 5G and now 6G: It’s the case of the Emperor’s new clothes every time. I remember when we were forced to call 2G GSM a new wonderful 2.5G – that was because of EDGE. Very silly!!
I agree that 5G is low latency (Good for cars, remote surgical operations and warehouses, otherwise things and people might get a bit cut up). Network slicing, maybe that might work: We do need a good QoS method. But do we really have good Security? Well, looking at the solutions coming to market, it seems that the present implementations do not really address the real security issues. We are still stuck in a world which for example doesn’t recognise the inherent risks of virtual software-based networks, and still depends on identifying individuals to manage it rather than roles.
My view is that we should start again: The real problem is legacy – every time we bring something new out, the old things still have to work. So, we are tied into repeating all the mistakes, by supporting all the old stuff. Also, the big manufacturers that control the Standards don’t want Revolution, they want Evolution: So that all their old stuff still works.
There is also the Marketing Hype, something new is required every time, remember WAP for browsing the Internet? (I wasted lots of time on WAP security: It never worked. The concept of having an untrusted insecure gateway where everything was readable, and every mobile could be switched to it via an unauthenticated SMS, was (I admit now) a trifle dodgy). It all makes verifying the security of a Telecommunications Network really difficult (and probably impossible), as it is so complex, and it is not possible to prove, or test it for correct operation.
I’d like to start again, with a proper Revolution: We did that with GSM, and it meant even at my myopic interest level we could have much better security, like encryption and SIM cards. I’d start with doing security properly again, and make it fit for purpose, Quantum resistant, not based on something 40 years old, with unfixable things like IMEI.
I’d also like to start the radio interface again, and make a mesh network, and properly work with new antennas and broad-spectrum efficiency. I’d also like to start on the infrastructure again to make it suitable for dynamic flexible functions in software, inherent security between functions, fix Signalling with SS7, SDRs for the RF, and software-based virtual networks etc.