Cyber security compliance standards for 5G and IoT devices can have overlapping jurisdictions in terms of applications and sectors. For example, the Payment Card Industry Data Security Standard (PCI DSS) applies to 5G networks and IoT devices involved in financial transactions conducted with credit or debit cards, and the FedRAMP cyber security standards apply to transactions involving the federal government. However, the evolving status of 5G standards and fast-changing nature of IoT devices make these kinds of compliance rules and regulations “very cumbersome and overweight,” according to Protocol, and not designed for environments that change regularly.
Nevertheless, the need to manage the risk of billions of IoT devices will continue to change the requirements and scope of 5G security. Consequently, development organizations need a proven, scalable, standards-based technology solution going forward, according to Risk & Insurance.
The National Institute of Standards and Technology (NIST) recently posted a set of draft recommendations regarding IoT cyber security. Though not enforceable, it calls for IoT manufacturers to design cyber security capabilities into their systems, including baselines for data protection, logical access to interfaces, software and firmware updates, and cyber security state awareness.
Even in existing technologies, researchers continue to discover unknown problems. For example, researchers at the Korea Institute of Science and Technology discovered 36 security flaws in 4G last year. So the reality of 5G is that as a new technology, it’s bound to have security vulnerabilities.