GSMA Mobility Live Conference Recap
A Brief History
The GSMA is the largest producer of mobile and wireless-focused trade shows in the world. The GSMA Mobile World Congress is held each February in Barcelona, Spain and has over 175,000 participants annually.
Originally, General System for Mobile Association (GSMA) was made up of the major mobile operators in Europe and headquartered in London. General System for Mobile communications (GSM) was the technical standard for mobile 2G communications used throughout Europe in the early 1990s.
In Europe, the Telecommunications Standards Institute (ETSI) created a single standard under which all operators and mobile device manufacturers complied, and mobile grew at a much faster rate than in the US. The US lagged in mobile adoption because two different wireless technologies competed for market adoption: CDMA (led by Sprint and Verizon) and TDMA/GSM (led by McCaw Cellular, which became AT&T Mobility and T-Mobile). Almost nothing was compatible between these two technologies, making it difficult for the different players in the ecosystem.
It wasn’t until the adoption of Long Term Evolution (LTE) in 2014 that all US (and worldwide) operators agreed to a single standard for the wireless ecosystem.
Here is a summary of the wireless technology history for each of the four major US operators: (source: Wikipedia)
- AT&T: 2G service used GSM, 3G service used W-CDMA, and 4G service uses HSPA+ and LTE technology
- Sprint History: 2G service used cdmaOne, 3G service used CDMA2000, and 4G service uses LTE technology
- T-Mobile History: 2G service used GSM (same as in Europe), 3G service used W-CDMA, and 4G service uses HSPA+ and LTE technology
- Verizon Wireless History: 2G service used cdmaOne, 3G service used CDMA2000, and 4G service uses LTE technology
GSMA expanded a few years ago and set up its North America headquarters in Atlanta. Just recently, GSMA agreed to take over the annual CTIA conference and establish a central, coordinated Mobile World Congress (MWC) show for North America next September in San Francisco to balance the MWC in Barcelona (which will be held February 27 – March 2, 2017).
Mobility Live Conference
A few years ago, the Atlanta Chamber of Commerce began a regional conference called Mobility Live to help promote Atlanta as a hub for mobile and wireless and as a great place to live, with attractive housing prices near Lenox square where AT&T Mobility is headquartered.
Recently, GSMA agreed to take over the management of Mobility Live. This year’s Mobility Live Conference was held in the Georgia World Congress Center next to the Georgia Dome and the new Mercedes Benz stadium under construction, which is soon to become one of the largest and highest technology-enabled stadiums in the world. The stadium is host to the Atlanta Falcons and will host the Super Bowl in February 2019.
This year’s Mobility Live conference was very professionally managed. GSMA brought conference logistics, program management and experienced AV staff over from its London headquarters. The panel itself was well-organized and the program went off without a hitch. Kudos to Roisin Hartshorn, Georgia Mould, and Karen Bowman in the GSMA and Hillery Champagne from the Metro Atlanta Chamber of Commerce (My apologies if I left off anyone in the program management team).
The conference held a number of plenary sessions in the morning covering a range of hot topics. Glenn Lurie, President of AT&T Mobility, interviewed Greg Lee of Samsung who was completely apologetic over the problems with the Galaxy Note 7 batteries subsequent recalls, and finally, the cancelation of the product altogether. He emphasized that Samsung was going to work hard to earn back the trust of the public.
Another plenary panel that drew a lot of interest was the Content & Media Strategies session hosted by Todd Beilis of Accenture with Michael Archer (Akamai Technologies), James Prolizo (CNN) and Jeremy Legg (Turner). This was a classic dialog addressing whether media content (video, movies and TV production) has a better opportunity by working with operators in packaged deals, or whether it is better for them to go via the Internet over-the-top (OTT) direct to consumers.
Both Jeremy (Turner) and James (CNN) believe that the world is moving toward content that reaches parties that are looking to consume media on whatever device they’re using, at any time they want to consume it. That means that content should play out via broadcast TV with bundles, as well as OTT in other distribution pricing to consumers on whatever device they are using.
I asked Jeremy if he felt that broadcast was essentially dead as OTT slowly takes over. He surprised me when he said that he thought broadcast would survive because people are willing to put up with commercials (or skip them with their DVR) and not have to go through the effort of finding the content online and having to figure out how to play it on their HD TV.
They all confirmed that they wanted to have technology that will serve up content starting on one device – and then be able to continue consuming the content on another device.
There were a number of other good conference sessions including IoT, connected vehicles, wearables, augmented reality (consumer and enterprise), mobile advertising, the connected home, 5G (what it is and when it will happen) – all good sessions. I really commend AT&T as the top sponsor for helping GSMA produce a world-class conference.
With the need to prevent threats from doing any more harm to information systems (including mobile devices), it was natural and important that GSMA and the Mobility Live team included a session on cybersecurity. I moderated this panel, which included three speakers:
- Paul Royal, Affiliate Researcher, Georgia Tech Information Security Center (GTISC).
- Rajiv Dholakia, VP of Products, Nok Nok Labs.
- Bryan K. Fite, Account CISO, Assure Intelligence, BT America.
I asked the panel what kind of threats – mobile and otherwise – they see causing the security problems for information systems today. All the panelists felt that there was not just one kind of threat; but a whole battery of threats causing problems. It was agreed that the target for most security attacks is the valuable information that resides in the server or, to be more precise, accessing the information on hard drives connected to the server.
The most alarming threats are:
- Stolen Identity – This includes stolen user names and passwords and other information that enables the hacker to gain access to the information system and extract desired information (e.g. Sony’s intellectual property hack). They obtained the identity of a contractor, logged in, and were able to get access to all of Sony’s movies and TV shows. For some reason, Sony didn’t partition the intellectual property or, if they did, it wasn’t secured via alternate procedures and access points.
- Malware – Using some means such as email or FTP, the user places malware on the server or on a client that will migrate to server.
- Ransom Attack – Using some means such as email or malicious websites, the attacker infects the victim’s computing device with malware designed to steal data or otherwise cause negative impact (harm) to the victim.
- Denial of Service (DOS) – This is really not an access method, but it does work to prevent anyone else from gaining legitimate access.
Rajiv from Nok Nok Labs pointed out that over 60% of cyber-breaches of security involve the use of stolen credentials (like username / password). He recommended the use of stronger and easier-to-use credentials as it is vital to security. If stronger credentials are deployed that are much harder to use, they will be ignored and the overall security is lowered. He also recommended that multi-factor authentication (MFA) must be implemented before single sign-on (SSO). Choices for standards-based MFA such as the FIDO Alliance to achieve security and simplicity can vary by using a combination of these factors:
- What you have (a mobile device, a token, a wearable, etc.)
- Who you are (a biometric such as a fingerprint, face, voice, eye print, etc.)
- What you know (e.g., a pin, passphrase, etc.)
The panel then discussed the need for backup of information in a physically separate facility; stressing the importance of administering back-ups in both an individual and enterprise environment just as you would a desktop or laptop.
Overall, you need layers of authentication in the company’s information system access procedures, not just one layer for all information. It can be segmented by line of business (e.g. finance vs. marketing) and/or by importance or value of the information. Thus, someone might get access to some information, but only a few people can get access to information that is more valuable to the company (e.g. intellectual property, engineering designs). You can also set up physical perimeters so that access is only provided if you are inside a perimeter.
Mobile brings more and different kinds of threats. There are remote access issues (to the company and to Wi-Fi hotspots), encryption issues for the mobile device, and protecting the wireless link. IoT only makes the challenge of protecting information in mobile and remote devices (e.g. sensors) more difficult.
Everyone on the panel seemed to agree that no single security system can protect all of a company’s information assets. There might be one security system that will help divert DOS attacks, another to protect the intellectual property, another to help protect mobile devices, and others that will help take care of the special situations in mobile.
It’s clear that there are both a significant number of threats that must be addressed and that it takes many kinds of threat deterrents to keep most threats from causing harm. Continued diligence in data protection across all mobile platforms is essential as threats evolve. Just as data and information security is a must-have for desktops, laptops and servers, data security for mobile platforms is required.