This Internet of Things (IoT) reality has dramatically expanded the cybersecurity threat to the manufacturing supply chain for the “things.” As the virtual and physical worlds merge, the manufacturing industry has accelerated its focus on adopting robotics, enhancing supply chain visibility, and operationally leveraging digital-twins technologies.
Manufacturing is by far the biggest spender on IoT technologies. While all this change is exciting headline news, it highlights the industry’s growing dependence on information and communications technology (ICT). This IoT reality has also dramatically expanded the cybersecurity threat to the manufacturing supply chain for the “things.”
There are many new challenges manufacturing leaders face in effectively executing this transition. Two of the most critical are directly related to the use of telecommunications networks.
- The first is the security of the network itself and the many devices that make up the IoT. Successful IoT programs will drive manufacturers toward scaling up the most profitable solutions. This expansion adds more complexity to an IoT solution in the form of additional devices, heterogeneous networks, and even more challenges around ICT security.
- The second is the implementation challenge caused by the lack of standards in IoT, especially for hardware. Many of these systems are unique and proprietary, making these network devices nothing more than a black box. Tools and best practices for software development are also still largely absent from IoT hardware design.
The Telecommunications Industry Association (TIA) initiated the SCS9001 Supply Chain Security Standard development to address these crucial challenges. Enjoying a global membership of more than 400 companies, TIA is at the core of a globally connected ecosystem of ICT manufacturers and suppliers, network operators and service providers, distributors and systems integrators.
To meet the industry’s obligation to ensure trust in the devices, equipment and networks relied on by businesses and consumers, this developing standard specifies verifiable and measurable criteria to verify trusted telecommunications network suppliers. This initiative was the spark that ignited the development of the Enhanced Mobile Equipment IDentifier (E-MEID)
The E-MEID represents a new approach to IoT security because it records each network device’s Mobile Equipment IDentifier (MEID) number on a shared digital ledger or blockchain. MEID numbers are globally unique 56-bit identifiers for a physical wireless-network device. Globally administered by the TIA, MEIDs typically show the manufacturer code and the equipment serial number. The number is permanently affixed to most wireless devices and used to facilitate the identification and tracking of mobile equipment like your smartphone. Assignments are coordinated with International Mobile Equipment Identifiers (IMEIs) to enable global roaming and harmonization between 3G, 4G, and 5G technologies.
An E-MEID is a digital representation of the MEID. The blockchain is capable of verifying IoT network devices. It can also record, verify and cryptographically protect the communications between these devices. This globally unique digital token represents the associated physical or digital asset. With the MEID attached to a blockchain, device and network security documentation capabilities expand to include hardware bill-of-material (BOM), Software BOM, and software remediation activity.
This additional capability can enhance hardware and software supply chain visibility, component provenance, and internal change-management processes. These additions can dramatically improve security and provide near-real-time operational options based on the location of the associated physical or virtual asset. An organization, for example, could disable software running on an E-MEID provisioned piece of equipment based on its geolocation.
If deployed across an IoT implementation, E-MEID can help prevent the use of counterfeit wireless devices and reduce device vulnerability due to malware and ransomware. Its ability to document and monitor hardware and software BOM changes can also help manufactures monitor network supplier adherence to the newly developed ICS supply chain security standard.
Other industry verticals are also exploring this new network security approach. Crypto Gabriel from Forward Edge AI uses the E-MEID to digitally document smartphone device identification, verify personal contact devices, and detect counterfeit smartphones on the wireless network. This advanced smartphone security suite also uses Swarm Intelligence, AI, machine learning, natural-language processing, and the power of 5G networks to stop Vishing and SMiShing on all devices and across all service providers.
COMSovereign, a US-based pure-play communications provider, is pairing its eSIM technology with the E-MEID to deliver next-generation wireless network security. The eSIM can deter SIM-jacking, but the COMSovereign eSIM also collects pertinent network security data for immutable and cryptographically protected storage on the E-MEID blockchain. This data can provide a verifiable record of network security operations, automated software vulnerability alerts, software provenance insight, change-management process documentation, hardware or software component changes, and mobile device traceability data.
Total Network Services and Rypplzz are looking to use the E-MEID to guard against unlicensed digital streaming content use. The companies combine $DigitalNames and a new media file format, called MFX, to prevent steaming-content piracy caused by lost or stolen passwords, rootkit modified smartphones, or other malicious or illegal acts. The E-MEID documents and verifies licensed content consumption from the device while $DigitalNames documents authorized access to the content by the user.