Members

Since its formation in June 2025, the MAWG focuses on ecosystem requirements, market needs, and the economic and technical factors that will drive 6G commercialization in North America. Its membership includes leading communications service providers, network infrastructure vendors, smart device and applications developers, and public safety organizations. The group works closely with industry partners to gather insights, evaluate emerging applications and use cases, and identify target customers and market opportunities.

The Mission

The mission of the MAWG is to clearly articulate the unique value 6G can deliver and to develop a practical blueprint that addresses ecosystem barriers, market readiness, and pathways to commercial realization for North America. The Group has prioritized verticals based on their economic impact, strategic importance to North American competitiveness, and readiness to benefit from 6G capabilities, including clear use cases that demand enhanced connectivity, measurable market size, and growth potential. The first phase of this work includes Utilities, Public Safety, and Agriculture verticals, with plans to expand into additional sectors, for example, Automotive, Smart Manufacturing, Transportation and Supply Chain, Mining, Oil, and Gas.

The Scope

For each vertical, the scope includes:

• Comprehensive analysis of use cases critical to business and operations within the vertical. First and foremost, it is important to understand key critical use cases for each vertical that are expected to utilize 6G networks. This is essential to understanding the corresponding technical requirements and the business case to justify investment in 6G technology for industry.
• Technical Requirements and Key Performance Indicators (KPIs). Distilling the technical requirements for vertical use cases is important to identify common needs across multiple industries. This will allow the cellular ecosystem to prioritize high-value features that will have broad applicability and larger economies of scale, while also helping inform decision-makers on what is critical for telecom standardization or may be best suited for industry-specific system integration.
• End-to-end blueprint including Proof of Concept (PoC) considerations and white papers. The MAWG will ultimately analyze the use cases and requirements to understand what needs to be proven and identify concrete actions, through PoC analysis or other activities, to build confidence in 6G-based solutions for each vertical. Once multiple vertical-specific blueprints are developed, a cross-blueprint analysis will be conducted to identify shared requirements across verticals, helping surface common 6G capabilities and enablers. This will help build realistic goals, desired outcomes, and concrete next steps to make our 6G future a reality.
• Funding landscape and academic research. The MAWG will catalog leading universities, research labs, and consortia active in wireless and vertical-specific domains (e.g., power systems, precision agriculture, emergency communications), highlighting key labs, recent publications, testbeds, and industry partnerships.
• Workshops and seminars. It will evaluate hosting workshops, presentations, or other seminars to communicate our results to the broader stakeholder community and to help identify next steps to further 6G’s market readiness in each vertical.

The MAWG is collaborating with academia and industry leaders through external speaker sessions to broaden perspectives, exchange ideas, and deepen its understanding of challenges and opportunities for North America.

Building the 6G Future

As it advances its vertical analyses, the Next G Alliance MAWG remains committed to fostering collaboration, driving innovation, and aligning diverse stakeholders toward a shared 6G vision. By bridging industry insights with academic research and transforming ideas into actionable blueprints, the goal is to ensure that North America not only leads in 6G technology adoption but also reaps the economic and societal benefits it promises. The journey to 6G is a collective endeavor. Together, we are building the foundation for a connected future that empowers every sector and community.

The post The Market and Applications Working Group — Bringing the Next G Alliance 6G Vision to Vertical Markets appeared first on ATIS.

From the core to the edge, from base stations to hyperscalers, cryptographic operations are embedded in every layer of the network. But how many telecom providers today can confidently answer: Where are we using cryptography? What algorithms are in use? Which are vulnerable? 

 Knowing What You Have 

The first step in any security transformation, especially one as consequential as migrating to QSC, is understanding your inventory of cryptographic assets. Without that visibility, it’s impossible to evaluate risk, plan migrations, or ensure compliance with emerging national and international mandates. 

That’s where the Cryptographic Bill of Materials (CBOM) comes in. 

CBOM is becoming an essential tool in the IT industry, allowing organizations to document and manage cryptographic algorithms, protocols, keys, and certificates embedded in their systems. By providing a machine-readable, standardized inventory of cryptographic usage, CBOM helps teams understand complex environments, identify weak cryptography, and plan for future transitions. 

Why Telecom Needs Its Own CBOM Standard 

However, telecom security differs from general IT. 

Telecom networks use a range of domain-specific cryptographic protocols, specifically within the Mobile 5G network. Protocols such as 5G-AKA, PRINS, MILENAGE, and EAP-AKA, that are not captured in general-purpose CBOM schemas. Furthermore, 5G network functions communicate over standardized interfaces (such as N1–N32 in 5G), each with unique trust and encryption requirements. Many cryptographic operations are offloaded to hardware (HSMs, TPMs, or embedded elements), making it more challenging to capture the cryptographic inventory of telecom networks. 

To truly support telecom providers in their transition towards implementing QSC, CBOM definitions must be extended to reflect the operational and architectural realities of the telecom domain. 

The ATIS Telecom CBOM Initiative 

To address this need, ATIS is working closely with leading telecom providers and ecosystem partners to define a Telecom-specific CBOM standard, one that builds on existing CycloneDX foundations while introducing the schema, context, and tooling necessary for 5G and beyond. 

This Telecom CBOM effort will enable the industry to: 

• Achieve meaningful cryptographic visibility across multi-vendor, multi-cloud, and multi-interface deployments 

• Support crypto-agility by making it easier to identify and plan upgrades of quantum-vulnerable algorithms 

• Align vendor practices and regulatory reporting through a common inventory and compliance framework 

By establishing a Telecom CBOM standard now, we lay the foundation for automated risk management, consistent cryptographic assurance, and confident migration planning is laid before quantum disruption becomes a reality. 

Get Involved 

This work is open, collaborative, and essential. If you or your organization is are interested in contributing to the development of the Telecom CBOM standard or participating in pilot implementations, we invite you to contact ATIS and get involved. 

The path to quantum-safe telecom begins with understanding your cryptography. CBOM is how we achieve that goal together. 

The post Preparing Telecom for the Quantum-Safe Future: Why a Telecom-Specific CBOM Matters appeared first on ATIS.

AI is set to transform the telecommunications industry—and ATIS is leading the way in advancing AI Network Applications. This work focuses on enabling networks to develop a semantic understanding of the physical wireless environment, allowing them to adapt intelligently to real-time conditions and user intent. These innovations lay the foundation for truly cognitive, AI-native wireless systems. One key area of progress is the development of the Wireless Physical-Layer Foundation Model (WPFM).

The Challenge

• • AI in wireless is currently task-specific and fragmented, with limited applicability across the wireless domain. For example, in indoor localization applications, tasks such as Non-Line-of-Sight (NLOS) detection, error correction, or beamforming solutions are typically built as bespoke models. Similarly, in spectrum management, tasks like wireless technology recognition, modulation recognition, and interference detection are typically built on separate AI models and do not share any knowledge.

• • AI models often fail to generalize across real-world conditions due to limited training data.

• • Wireless environments are dynamic, but current AI solutions lack adaptability.

• • Large Language Models (LLMs) understand language semantics; no equivalent currently exists for physical wireless signals.

The Solution – WPFM

A WPFM is a foundation model built specifically for the wireless physical layer.

• • A foundation model is (pre-)trained on a vast amount of unlabeled data and can be adapted (finetuning) to a variety of downstream tasks, even those involving different types of data.

• • Similarly, LLMs can be adapted to many different tasks, but work specifically with written language.

• • With the WPFM, the goal is to develop a foundation model capable of understanding physical-layer (RF) modalities, typically represented as IQ-based time series, through techniques such as pattern recognition, representation learning, embeddings, and generative AI.

Beyond the above factors, the WPFM aims to enable semantic association between RF signals and their wireless context (e.g., labels/text), moving beyond traditional pattern recognition. Similar to cross-modality encoders trained to encode raw data using contrastive learning approaches, such as CLIP (Contrastive Language–Image Pre-Training), the WPFM’s goal is to maximize cross-modality similarity between the environment and RF signals. This approach creates meaningful connections between RF patterns and visual or textual representations, enhancing the interpretability and contextual awareness of wireless signal analysis.

As such, WPFMs are designed to bridge fundamental gaps between RF signals and human-interpretable concepts through cross-modal learning techniques and symbolic reasoning. WPFMs can provide embeddings or symbolic structures to a neuro-symbolic pipeline. This not only allows the WPFM to classify the RF status but also explains why it was classified. This enables the creation of verifiable semantic descriptions of wireless network conditions, sensing applications, human behavior, and the simultaneous classification and localization of signals, among other applications, from wireless data. This granular understanding allows systems to comprehend signal relationships and contexts rather than merely identifying isolated patterns. In future work, the WPFM aims to be integrated with NeSy, a neuro-symbolic cognitive assistant.

In short, the WPFM is designed for multi-task learning, cross-environment generalization, real-time adaptability, and semantic RF understanding.

Key Advantages

Unified Model	Semantic RF Understanding
Scalable & Adaptable	Accelerates Innovation
Hybrid AI + Domain Expertise	Multi-task Capable

Why WPFM Matters for the Wireless Future

• • Zero-touch automation: Supports self-optimizing, intent-driven networks.

• • 6G readiness: A foundational enabler of cognitive and autonomous future networks.

• • Robust performance: Learns across spectrum bands, geographies, and topologies.

• • AI-native networking: Embeds intelligence directly into the wireless fabric.

• • A foundational shift for scalable, cognitive, and adaptive wireless networks.

WPFM for Wireless Networks: Help Shape Its Direction with Your Operator or Vendor Insight

The WPFM represents a new class of AI explicitly built for the physical dynamics of wireless networks. But its true value depends on how it addresses your toughest challenges.

We’re seeking input from network operators, infrastructure vendors, and others across the wireless ecosystem to help shape the direction of this innovation.

We invite you to reflect:

• • What wireless applications or use cases are you exploring where current AI tools fall short?

• • Are your models struggling to generalize across different environments, devices, or spectrum bands?

• • Do you face challenges with real-time adaptability, spectrum awareness, or efficient edge deployment?

• • Would semantic understanding of RF signals help your systems operate more autonomously or intelligently?

• • Are there other high-priority areas—technical, operational, or architectural—where a foundation model like WPFM could provide meaningful support?

WPFM is designed to be a flexible foundation, capable of supporting multi-task learning, real-time responsiveness, and integration with existing wireless architectures. For applications such as spectrum management, network control, or RF sensing, the WPFM provides a framework for incorporating semantic intelligence directly at the physical layer, enabling cross-task generalization and adaptive behavior within dynamic wireless environments.

Get Involved

The ATIS AI Network Applications (ANA) group is collaborating with imec and Ghent University to refine the requirements for the WPFM. To learn more about the WPFM initiative and how to get involved, please contact Rich Moran at [email protected].

The post Reimagining Wireless Intelligence: A Foundation Model for the Physical Layer appeared first on ATIS.

From Generative to Cognitive: The Next Leap in AI for Telecom

Generative AI excels at complex pattern recognition and intricate sequence generation. However, it suffers from three systemic problems:

1. Statistical correlation
2. Its lack of explicit causal understanding, and
3. Its “black box” nature when it comes to guaranteeing adherence to hard constraints or policies and providing verifiable explanations for the decisions it has made.

Cognition, in contrast, goes much further. It involves understanding not just from context, but from the current situation (e.g., what goals the system is trying to achieve). It learns from experience to improve its operation, reasoning through complex and sometimes conflicting trade-offs (e.g., latency vs. security vs. cost vs. energy savings), and adapting in real-time to dynamic, changing demands. That is the kind of intelligence future networks will require.

A cognitive assistant for telecom is not just a smarter chatbot; it is a foundational AI system that continuously senses the state of the network, learns from traffic and fault patterns, reasons through complex optimization trade-offs (considering latency, energy and security), and takes autonomous actions – configuring, optimizing, and healing the network – with minimal human intervention.

Toward Intelligent Autonomy: The Cognitive Network Vision

Cognitive networks represent a paradigm shift from pre-defined rules and automation scripts to intelligent, adaptive autonomy. These systems are architected to continuously sense real-time conditions across heterogeneous domains (e.g., RAN, transport, core, cloud, and services), learn from operational telemetry and fault histories to model complex behaviors, reason and decide based on operator intent and encoded knowledge (e.g., topology, policy constraints, and 3GPP technical specifications), and act and adapt autonomously through self-optimization, self-healing, and resource orchestration. The hallmark of the Cognitive Assistant is its ability to employ various types of logic to reason and to provide explanations. This intelligent autonomous system enables proactive and resilient network performance, even under unforeseen conditions and at the scale and complexity demanded by 5G-Advanced and future 6G systems.

Exemplary Use Cases

Spectrum Scarcity and Dynamic Spectrum Management

The proliferation of mobile devices and the explosive growth in data traffic are severely exacerbating the challenge of spectrum scarcity. Existing static spectrum management models are inherently inefficient, leading to wasted resources and an inability to adapt to rapidly changing service demands. The Cognitive Assistant enables real-time adjustments, moving beyond static rules to truly opportunistic and efficient spectrum utilization, which is fundamental for achieving the promised performance of 6G.

Energy Efficiency and Sustainability

The energy consumption of 5G networks is a growing concern, as it is estimated to be three to five times higher than that of 4G systems. This increase is due to wider bandwidths, more channels, and more complex equipment architectures. Additionally, the use of higher frequency bands in 5G necessitates a greater number of base stations for equivalent coverage, further increasing deployment costs and energy footprints. Current operational management systems often lack the flexibility and intelligence to dynamically adjust the operational status of base stations in response to real-time changes in user traffic, resulting in significant energy waste during periods of low demand.

The 6G era demands a commitment to “lower-carbon wireless coverage”. The Cognitive Assistant can dynamically manage network components for optimal energy consumption by understanding how the situation is changing and learning experientially from its operation. This capability positions cognitive AI not just as a performance enhancer but as a critical enabler for sustainable and cost-effective network operations, addressing a key strategic imperative for telecom operators.

Security and Trustworthiness

The inherent complexity of modern networks makes it increasingly difficult to manage and enforce security protocols effectively. Furthermore, the integration of AI into 6G networks introduces new concerns regarding data privacy and algorithmic transparency. The Cognitive Assistant includes the ability to provide an “audit trail” and “explain” decisions to engineers and auditors. In an environment with complex cyber threats, the proliferation of AI for detection and response necessitates a high degree of trust in AI decisions. The Cognitive Assistant inherently supports auditability and explainability, meeting EU AI ACT requirements and addressing a gap in existing 5G AI/ML frameworks. This directly addresses the need for algorithmic transparency and trustworthiness, making the Cognitive Assistant uniquely suited for high-stakes security applications where accountability is non-negotiable.

This capability elevates the role of the Cognitive Assistant beyond merely detecting threats to building inherently trustworthy and auditable autonomous security systems, a foundational requirement for critical infrastructure. In addition, it supports dynamic microsegmentation aligned with Zero Trust principles, preventing lateral movement in Mobile Edge Computing (MEC) . By continuously assessing device posture and user behavior, the Cognitive Assistant enables adaptive access control, the core principle of Zero Trust security. The Cognitive Assistant can also integrate fragmented data from Security Information Event Management (SIEM), Endpoint Detection and Response (EDR), and Network Data Analytics Function (NWDAF), a gap noted in the ATIS 5G Enhanced Zero Trust analysis.

Network Complexity and Interoperability

Modern telecom networks are characterized by extreme complexity, encompassing multiple layers of virtualized resources, software-defined components, and a diverse mix of new technologies and legacy systems from various vendors. The Cognitive Assistant can continuously sense the network state across heterogeneous domains (RAN, transport, core, cloud, and services) and learn from these diverse environments.

Skills Gap and Workforce Transformation

The inevitable shift towards automated and AI-driven networks creates a significant skills gap within the telecom workforce. The Cognitive Assistant is designed to understand natural language queries and explain decisions to engineers and auditors. These human-centric interaction features directly mitigate the skills gap. Engineers do not need to become AI developers; rather, they need to become proficient operators and interpreters of AI-driven insights. Successful AI adoption in telecom, therefore, is not solely about technological advancement; it is equally about enabling effective human-AI collaboration and ensuring a smooth workforce transformation.

The Solution: A Neuro-Symbolic Cognitive Assistant (NeSy)

To realize this vision of intelligent autonomy, the industry needs more than traditional AI. As telecom networks grow in complexity, there’s a rising need for AI systems that can go beyond pattern recognition to support contextual, rules-based decision-making. A Neuro-Symbolic Cognitive Assistant (NeSy) represents a next-generation approach—combining machine learning with symbolic reasoning to meet the specific demands of telecom operations. NeSy combines the fluency and learning power of transformers with the structure, reasoning, and verifiability of symbolic AI. This hybrid approach embodies two fundamental aspects of intelligent cognitive behavior: the ability to learn continuously from experience and the capacity to reason based on acquired, structured knowledge. This integration leads to enhanced generalization capabilities, improved interpretability, and greater robustness. NeSy integrates:

• Mixture-of-Experts Transformers (MoE) provide scalable, multimodal understanding. This type of transformer enhances traditional transformer models by incorporating multiple expert networks. Instead of processing all input data through a single dense feed-forward layer, MoE models utilize a router to dynamically select and activate only a subset of experts for each input token, thereby making computation more efficient.

• Knowledge Graphs and Ontologies support grounded, rule-based reasoning, which is a structured approach that applies logical rules to real-world data or predefined knowledge bases to derive conclusions. This method ensures that reasoning is explicit, explainable, and verifiable.

• Additionally, Contrastive Learning helps bridge RF signals, text, and image semantics, functioning as a translator between RF signals and network semantics. This hybrid approach enables real-time, context-aware decision-making that is both adaptable and accountable. In practice, that means NeSy can understand natural language queries from engineers, forecast congestion, recommend optimization strategies, and enforce policies such as emergency traffic prioritization—all while providing an audit trail.

Why This Matters

Let’s take 5G network slicing as an example. Slices must be dynamically allocated and optimized for various services, including gaming, IoT, and emergency response. NeSy can:

• Learn usage patterns and predict congestion (neural)
• Generate adaptive recommendations in real-time (neural)
• Validate actions against telecom policy and regulation (symbolic)
• Explain decisions to engineers and auditors (symbolic)
• Optimize resource allocation across heterogeneous domains
• Apply enhanced Zero Trust security principles
• Facilitate communication between legacy and modern systems
• Use novel closed control loops to implement meta-cognition (i.e., regulate their own cognitive processes)

The result? Fewer outages, better resource use, and full transparency.

Regulatory and Compliance Functionality

NeSy interoperates with and enhances the functionality of key 3GPP Network Functions by enabling causal reasoning and refining policies using symbolic logic. The symbolic component, with its explicit reasoning and structured knowledge, is particularly valuable in telecom scenarios where certain critical data might be sparse, sensitive, or require strict adherence to pre-defined rules, thereby enhancing robustness and efficiency where purely data-driven approaches might fall short. For example:

• NWDAF is significantly enhanced. Traditional NWDAF leverages statistical and machine learning models to predict traffic loads, detect anomalies, and optimize network slicing and QoS. However, these models often operate as “black boxes”. NeSy models correlations and causal relationships between network events (e.g., “Congestion in Slice A is caused by a misconfigured IoT device in Cell X” rather than simply “Slice A and Cell X have high traffic”). By incorporating domain knowledge (e.g., 3GPP policies, network topologies, known failure patterns) and using symbolic representations, NeSy can explain predictions and root causes in terms understandable to humans. NeSy can synthesize diverse data sources—telemetry, logs, SIEM/EDR alerts, and even external threat intelligence—using neural networks for pattern extraction and symbolic logic for high-level reasoning and policy mapping. For example, suppose NWDAF observes an unusual traffic spike. A neural model detects the anomaly, but the symbolic layer reasons that the spike coincides with a recent policy change and a surge in IoT device registrations. NeSy infers a likely causal chain—new devices, misapplied policy, or congestion—and produces an explanation and remediation plan (e.g., “Rollback policy X for device group Y to restore normal operation”).
• Policy Control Function (PCF) Traditional PCF implements static or semi-dynamic policy rules for session management, QoS, and network slicing, often based on pre-defined templates or operator input. NeSy’s neural models continuously learn from evolving network conditions and user behavior, proposing policy adjustments (e.g., new QoS profiles, access controls) in real time. Symbolic logic checks these AI-generated policy suggestions against regulatory requirements, operator intent, and business constraints, ensuring compliance and preventing unsafe actions. When multiple policy recommendations or conflicting requirements arise (e.g., security vs. latency), the symbolic layer can reason through trade-offs and prioritize based on explicit rules or operator-defined goals.

What’s Next?

Cognitive autonomy is no longer optional. As networks become more dynamic and service demands escalate, telecom operators must adopt AI systems that can reason, learn, and act with intent. The ATIS AI Network Applications (ANA) group is advancing the requirements for NeSy, a neuro-symbolic cognitive assistant designed to serve as the intelligent fabric of next-generation networks—self-evolving, highly autonomous, and deeply aware of the complexities of wireless environments. This work aligns with and extends industry efforts such as ETSI ENI (Experiential Networked Intelligence), which defines an extension of the Observe-Orient-Decide-Act (OODA) closed-loop AI mechanisms for network cognition and adaptation. In particular, NeSy extends ENI’s OODA implementation to include meta-cognition and advanced reasoning and planning, providing explainable, knowledge-driven reasoning.

In future work, NeSy will be integrated with the Wireless Physical Foundation Model (WPFM). This work will kick off exploring various architectural integration strategies that enable the WPFM to play the role of a foundational “sensory” layer that perpetually enriches NeSy’s cognitive core. This approach is grounded in established principles of cognitive science and advanced AI system design, which advocate for a clear separation between low-level perception and high-level reasoning.

Join the Conversation

If you’re interested in shaping the future of cognitive autonomy in telecom networks, we invite you to get involved in the ATIS AI Network Applications (ANA) group. Help define the next generation of intelligent, explainable AI for network operations. Contact Rich Moran at [email protected] to learn more about participation opportunities.

The post Beyond Chatbots: Why Telecom Needs a Cognitive Assistant for the 6G Era appeared first on ATIS.

In the telecom ecosystem, establishing trusted identities for individuals and organizations is essential to addressing challenges including spoofed calls or SMS messages, impersonation, and ensuring regulatory compliance.

However, not all verifiable credentials can be trusted equally. Verifiable credentials are issued across a variety of ecosystems, such as government authorities, industry-specific governance bodies, or independent organizations. Without proper oversight, telecom service providers verifying presented credentials face a challenge: how to know which credentials meet the necessary security and trust requirements.

This is where the concept of Telecom Verifiable Credential (VC) Governance becomes essential. The role of telecom VC governance is to sanction and authorize the use of credentials issued under the control of external governance authorities. Rather than setting standards for external governance itself, the telecom governance framework establishes criteria for identifying credentials backed by strong governance and robust vetting, thus establishing a foundation of trust and reliability.

For organizational identities, this means that the telecom VC governance authority can endorse credentials issued by external governance bodies — such as those managing LEIs or business certifications—provided their policies meet telecom-specific standards. These external bodies operate independently, but their vetting and verification processes align with the telecom VC framework to ensure interoperability and trust. Similarly, organizational attributes, such as business licenses, industry certifications, and operational details, can also be endorsed. Once properly governed, the telecom VC governance authority can maintain and share a list of endorsed externally issued verifiable credentials with telecom verifiers. This enables telecom verifiers, such as service providers or end-user devices, to confidently identify which credentials can be trusted and verify the presented information as both accurate and reliable within the telecom domain.

What makes this approach particularly powerful is that any entity in the call path — whether a telecom service provider, an intermediary, or even an end-user device — can act as a verifier. When a verifiable credential is presented during a call setup or transaction, it can be authenticated using cryptographic proofs and governance policies. This ensures that all parties involved can trust the presented identity or organizational information. For instance, a telecom provider receiving a VoIP call can validate the business’s verifiable credential indicating their identity, business name, and purpose of the call, ensuring the call is legitimate before connecting it to the recipient. The telecom VC governance framework ensures that this verification process is reliable, secure, and scalable across the entire ecosystem.

By endorsing trusted verifiable credentials that are already in the public domain and aligning with external governance bodies, the telecom industry can create a foundation for trusted identity verification. This not only enhances security by reducing fraud and impersonation but also improves the efficiency of telecom operations by enabling streamlined and automated verification processes. Furthermore, integrating these credentials into the telecom framework offers greater interoperability across different domains, ensuring that trusted identities can be verified seamlessly, whether for regulatory compliance, enterprise communication or consumer services.

In conclusion, verifiable credentials have the potential to transform the telecom industry by providing a trusted, secure, and scalable method for verifying individuals and organizational identities along with their attributes. However, this trust relies on a robust governance framework that authorizes the use of externally issued credentials backed by strong governance, rigorous vetting processes, and robust policy controls, enabling telecom verifiers to authenticate these credentials with confidence. The ATIS Enterprise Identity Working Group is actively examining how a Telecom VC Governance Framework can bring these trusted verifiable credentials — backed by strong governance from governments and industry associations — into the telecom domain. By taking a proactive role in managing credential governance, the telecom industry can address long-standing challenges such as call fraud and identity spoofing, while creating a future where trusted digital identities form the backbone of secure and seamless communication.

The post The Value of Verifiable Credentials in Telecom – Building a Framework for Trust appeared first on ATIS.

The post Navigating the Quantum Leap: PQC Migration and What It Means for the ICT Industry appeared first on ATIS.

Crypto Agility: Beyond Buzzwords

Enter Crypto Agility — not just a buzzword but a strategic move that is imperative for business continuity. It is about swiftly adapting new cryptographic strategies in response to evolving quantum threats. Crypto Agility is not just about the technical deployment of new cryptographic algorithms; it reaches across every aspect of an organization’s business and its operations; it is a proactive stance, a commitment to staying ahead of the curve.

The Role of Crypto Agility KPIs

At the heart of our strategy are Crypto Agility Key Performance Indicators (KPIs). These are not mere metrics; they are the linchpin for our quantum risk assessment. They provide measurable insights into an organization’s readiness to counter this quantum threat. It is about understanding, measuring, and fortifying crypto agility.

But how do we practically implement this strategy? Here is the breakdown:

1. Establish a Dedicated Crypto Agility Team
2. Composition: Assemble a dedicated task force comprising cybersecurity experts, IT professionals, and representatives from various organizational departments. This diverse team ensures a comprehensive approach, considering both technical and business aspects.
3. Roles and Responsibilities: Clearly define the roles and responsibilities of team members. Designate leaders who can spearhead crypto agility initiatives and coordinate efforts across departments.
4. Adopt a Quantum Risk Assessment Framework
5. Structured Approach: Incorporate a robust Quantum Risk Assessment Framework (QRAF) that provides a structured and methodical approach to evaluating your organization’s crypto agility.
6. Identification of Vulnerabilities: Use the framework to systematically identify vulnerabilities in your cryptographic systems. This involves assessing the cost, complexity, required skills, and timelines for implementing crypto agility measures.
7. Understand and Quantify the Crypto Agility Transition
8. Cost Analysis: Conduct a thorough analysis of the financial implications of transitioning to crypto agility. Understand the costs associated with acquiring new technologies, training personnel, and potential business disruptions.
9. Complexity Assessment: Evaluate the complexity of implementing crypto agility measures. This involves assessing the intricacies of integrating new cryptographic algorithms into existing systems.
10. Skills and Training Needs: Identify the skills required for successful crypto agility implementation. Develop training programs or recruit personnel with expertise in quantum-resistant cryptography.
11. Implement Systematic KPI Monitoring
12. Establish a Monitoring System: Set up a consistent and automated process for monitoring Crypto Agility Key Performance Indicators (KPIs). This system should cover the entire organization as well as products and interactions with stakeholders.
13. Timely Adjustments: Design mechanisms for real-time monitoring and analysis of KPIs. This ensures that any deviations or emerging threats are promptly identified, allowing for timely adjustments to security measures.

By following these steps, organizations can systematically and comprehensively manage the implementation of a crypto agility strategy, from forming a dedicated team to monitoring KPIs for ongoing adaptability.

A Strategic Framework for Crypto Agility and Quantum Risk Assessment

Successfully meeting the challenges present in the quantum era demands an approach that is not static. Crypto Agility KPIs are not just metrics for measuring past efforts; they are tools for proactively planning a resilient future. It is about engineering our operations not just for imminent threats but for the enduring quantum era. Amidst this transformative journey, adopting a strategic framework for Crypto Agility and Quantum Risk Assessment is paramount. This framework not only allows organizations to measure and report on Crypto Agility KPIs but does so through a lens of standardized metrics. It introduces common ground, enabling interoperability and facilitating a shared language across the industry.

Industry-Wide Adoption of Unified Crypto Agility Metrics for Collective Progress

In the dynamic cybersecurity landscape, achieving quantum resilience is not a solo endeavor. It requires collaborative efforts and shared commitment, especially when interacting with vendors and third-party entities. The integration of Crypto Agility Key Performance Indicators (KPIs) in these collaborations becomes paramount. These shared metrics serve as a common language, providing a unified understanding of the progress made collectively toward achieving cryptographic agility. By fostering a consistent approach to tracking and interpreting these KPIs, organizations and their collaborators can align their strategies, reinforcing their joint dedication to the implementation of quantum-resistant cryptographic solutions. This collaborative stance ensures a robust and unified defense against emerging quantum threats, laying the foundation for a secure digital future.

Navigating the Quantum Era Securely

In summary, the significance of Crypto Agility KPIs for an organization and their risk managers goes beyond bureaucratic measures. It is our essential toolkit for not just surviving but thriving in the face of quantum challenges. Embracing a standards-based framework for Crypto Agility KPIs is our unified commitment to building a future that is both resilient and secure against evolving threats. It is not just a strategy; it is our collective pledge to safeguard the integrity of our digital landscape in the quantum era.  

For a Deeper Dive: Explore the Comprehensive Insights in the ATIS Report

This article only scratches the surface of the critical role Crypto Agility KPIs play in fortifying organizations against the impending quantum threat. For a more in-depth exploration of this imperative strategy and a comprehensive guide to implementing a standards-based framework, we invite you to download ATIS’ Strategic Framework for Crypto Agility and Quantum Risk Assessment, which introduces crypto agility metrics that ICT organizations can use to proactively measure, assess, and enhance their preparedness for the shift to quantum-safe cryptography. Delve into detailed analyses, practical recommendations, and real-world examples that will empower you and your organization to navigate the quantum era securely. The ATIS report will be your resource for building a resilient and quantum-ready future. Download now for comprehensive insights.

The post Navigating Quantum Risks: The Imperative of Crypto Agility KPIs for Risk Managers appeared first on ATIS.

With the aim of establishing a resilient solution to combat SIM Swap fraud, ATIS’ User-Controlled Privacy Using Self-Sovereign Identity (SSI) initiative is exploring ways in which SSI can enhance security and maintain identity verification integrity. An SSI-based solution would provide cryptographic linkage between the proof of identity and the telephone number utilized, offering a formidable measure to combat SIM swap fraud.

Understanding SIM Swap Fraud

SIM swap fraud, a form of identity theft, occurs when cybercriminals use stolen personal data to impersonate a targeted victim and request the transfer of the victim’s mobile telephone number to a new SIM card. Once in control of the victim’s telephone number, the attacker can intercept calls, messages, and even two-factor authentication (2FA) codes, thereby gaining access to a multitude of the victim’s personal accounts.

The Crucial Role of Secure Identity

SIM swap attacks are becoming increasingly sophisticated in how they target consumers. This means there is an urgent need for secure identity verification processes for mobile network operators. These processes need to be more robust and less prone to manipulations by fraudsters, while also being user-friendly for both the mobile customers and the operators to operate.

Enter Self-Sovereign Identity

In the pursuit of a more secure and reliable identity verification solution, SSI emerges as a compelling contender. SSI is an approach to digital identity that empowers individuals with ownership and control over their personal data, dictating when and where they provide it, such as to a website or in person. The user’s digital identity, along with personal data, can be conveniently selected via a mobile wallet application and is cryptographically signed by the user to affirm its origin. This information, when received, can be cryptographically verified against the individual’s digital identity, ensuring that the data comes from the legitimate owner and has not been spoofed by an attacker.

Utilizing SSI Digital Identities to minimize risks from SIM Swap Attacks

By applying SSI identity verification for telecommunication customer authentication, we can mitigate risks associated with SIM swap fraud. Here’s how:

• Cryptographic binding of identity and the use of a telephone number: In an SSI-based solution, a cryptographic link is established between an individual’s identity and the telephone number they use. This cryptographic association provides absolute proof of the identity of the individual requesting the transfer of the telephone number, confirming their authority over that telephone number. This arrangement makes it extremely difficult for a fraudster to impersonate an individual and their associated telephone number without access to the cryptographic keys tied to the individual’s identity.
• Decentralized Control: With SSI, individuals maintain control over their identity data, making it far less susceptible to unauthorized access and manipulation. Verification does not rely on one centralized source but on a network of decentralized nodes, adding multiple layers of security.
• Enhanced Verification: An SSI model uses verified credentials (VCs), which are tamper-evident and impossible to forge attestations of information associated with the users SSI digital identity. VCs store information about the individual, such as name, address, and date of birth, previously verified and assigned to the digital identity by a government authority (such as a digital driving license). This allows individuals to confirm personal details, adding an extra layer of trust to the identity verification process. The mobile network operator can authenticate these VCs without needing to directly contact the government issuer, resulting in a more streamlined and secure process.
• Non-repudiation and auditability: Every interaction using SSI verification requires the user to sign using their digital identity. This provides the carrier proof that the user has requested the service, change of service, purchase or other action effectively eliminating spoofing or fraudulent activities without a signed proof.
• User Consent: One of the foundational principles of SSI is user consent. No data is shared without the explicit consent of the user, thus reinforcing trust in the system and reducing the risk of unauthorized data access.

Benefits of Using SSI Digital Identity

In the era of rising digital threats, such as SIM swap fraud, the importance of secure identity cannot be overstated. SSI offers an effective solution, enhancing security and maintaining identity verification integrity. By adopting SSI, mobile network operators can step up their defense against identity theft, secure their operations, and, most importantly, safeguard their users. The future of identity verification lies in empowering individuals with control over their data, and SSI provides the framework to make this possible.

For a more comprehensive understanding of how SSI can enhance security and maintain integrity in identity verification for the telecommunications industry, view ATIS’ Self-Sovereign Identity in Telecommunications Services white paper.

[1] Jones, David. “Hackers steal thousands of dollars through victims’ cell phones using SIM swap fraud, Mar. 17, 2023, Fox 8 Live.

[2] https://www.fcc.gov/document/chairwoman-proposes-rules-protect-consumers-cell-phone-accounts

The post How Self-Sovereign Identity Can Provide an Effective Defense Against SIM Swap Fraud appeared first on ATIS.

Much tougher challenges lie ahead, however. For example, how will industry players agree on interoperability standards for portals, or walled garden metaverses? Will service providers agree on a standard for location information to support teleporting across the digital universe? These issues question whether participants can agree on scalable and industry-wide standards in “pay-to-play” or restricted-participation standardization bodies.

Consumer and Industrial Metaverses

A common perception of the metaverse is one of consumers operating their avatar presences in digital worlds. Typical examples apply to multi-player games in online worlds. A different example, from the education sector, involves a science student interacting with a digitally rendered plant in a game-like setting to see how well they could nurture it. In time, novel interfaces and sensors will add touch and smell sensations to this learning experience.

A second metaverse category applies to industrial users. A simple version might involve immersive training. This is where technicians use an augmented reality application to practice a complex maintenance procedure in a controlled environment before they tackle any real-world repairs.

IoT and the Metaverse

Both consumer and industrial examples make use of digital representations of physical objects. These are commonly referred to as digital twins. In a predictive maintenance situation, a digital twin mimics the behavior of a “healthy” machine. Comparing the dynamic behavior of a device and its digital twin allows operational staff to detect the onset of failure and to schedule preventative maintenance. Consider the example of an automatic door in a subway train or an elevator. If the pattern of a door’s opening and closing movement deviates from the prediction of its digital twin, an automated system would detect speed or jerkiness differences. This might trigger an alert about an incipient motor failure or the need for cleaning to remove an obstruction. Allowing technicians to enter this industrial metaverse and visualize what might be happening can also lower the cost of human validation and prevent unnecessary shutdowns.

The value of a simulated engine or the digital twin of a smart city’s infrastructure depends on how well physical and virtual worlds are connected. IoT sensors, connected devices and interoperable data models are, therefore, critical components of industrial metaverses.

Interoperability and Standardization

In practice, metaverse scenarios involve multi-stakeholder collaboration, often involving completely new use cases. By way of illustration, consider the case of a private car or a delivery truck passing through a city. There are many opportunities for data interactions between the vehicle owners and operators as well as municipal agencies in charge of traffic management and public safety, for example. This requires some infrastructure for data exchanges as well as capabilities to ensure trustworthy data sharing and mechanisms to share value among participants. The many stages in exchanging data lend themselves to a system of authentication marques and fractional payments.

The same pattern applies to condition monitoring insights in a manufacturing facility. The site manager would want condition monitoring information for pumps and motors supplied by different vendors as well as a consolidated picture for each manufacturing line.

Growth in the number of IoT devices and decentralized networks is taking place against a backdrop of rising concerns about data privacy. This creates a requirement for secure and reliable digital identities linked to personal data management. As a result, there is a need for traditional identity systems to adapt.

In anticipation of emerging requirements, ATIS launched an initiative focusing on User-Controlled Privacy Using Self-Sovereign Identity.  Its aim is to examine the use of Self-Sovereign Identity (SSI) to provide a portable and interoperable identity and authentication solution that can function across both physical and virtual domains. SSI can unlock personal data in a way that fosters greater trust between consumers and businesses, while also helping companies comply with privacy regulations. The metaverse presents new challenges for portable identity and authentication across both physical and virtual domains of which SSI can provide an effective solution. A recent ATIS paper explores how SSI can help communications service providers comply with new data privacy mandates and create value for their customers.

At the same time, broader needs for interoperability standards are driving industry alliances such as the Metaverse Standards Forum and the Open Metaverse Interoperability Group. The close interdependencies between metaverse and IoT sectors motivated oneM2M to explore these issues. Several organizations from Korea, a country that is firmly on the metaverse path, are involved alongside oneM2M members from other countries. Andrew Min-gyu Han of Hansung University and France-based Shane He from Nokia are co-leading the effort. Their aim is to identify and assess the feasibility of key use cases and requirements to enable metaverse services based on IoT.

An important aspect of the work will deal with metaverse devices. Standardizing the definition of information models will create the foundations for easy data interoperability. Following best-practice standardization procedures, findings from the initial research will be published in a technical report. This will feed into the next step to define technical standards. As with other oneM2M publications, these are openly accessible and free to download, which increases the prospect for scalable and economically affordable solutions. To stay updated, follow oneM2M’s regular posts on IoT standardization.

The post In Anticipation of Metaverse Standardization appeared first on ATIS.

Delivery drivers can defeat fleet timing and tracking with a $30 device ordered off the internet. For just a few dollars more, criminals can get a device that will shift time and location to lure those drivers into areas where they can be easily hijacked. The government of Mexico says 85% of all cargo thefts involve a GPS disruption device of some kind.  These disruptions can also affect air travel. Most folks don’t even know they are vulnerable.

In 2011, Todd Humphreys showed how manipulating time in an exchange could enable someone to reverse the trade sequence, allowing them to sell something before they bought it, potentially reaping millions. Now, twelve years later, exchanges and the core financial industry have multiple resilient time sources and sufficient algorithmic protections to prevent that from happening. Yet 99% of retail financial service customers are outside the New York, Chicago, and San Francisco core financial enclaves. Most likely lack authenticated and resilient time. For them, over-dependency, complacency, and false trust are still real issues.

Resiliency and sync tend to be local (or relative) and costly. Synchronization has enabled innumerable applications and technologies over the last 30 years. How could we have cell phones without precise time sync?

Yet, in the absence of a sufficiently accurate, resilient, and widely distributed national time scale, that synchronization has tended to be intra-system, rather than to an external common standard. This adds a layer of complexity and difficulty when systems try to operate nationally and/or with each other.

It also inhibits innovation, makes those without great timing more vulnerable, and limits sales of some equipment and services to the few users and environments which already have authenticated, and resilient timing.  It also means sync is more costly and difficult for innovators and startup entrepreneurs.

Our technology needs to operate nationwide, operating efficiently, and avoid conflict. We need to synchronize operations across industries and the nation. To do this we need to democratize precise timing.  Easily accessed national timing at an acceptable level of precision is needed if America is going to foster innovation and keep finding efficiencies to improve the way we operate. It’s about time for a Resilient National Timing Architecture. We at the Resilient Navigation and Timing Foundation (RNTF) have supported this for some time. We published a white paper on the topic in October 2020, and followed it up in 2021 with another on how government could lead establishment of the architecture easily and inexpensively.

While we urge government leadership, we don’t think the government should build anything. There are more than enough companies that can provide timing services more economically and efficiently than the government ever could.

The government should support the effort with commercial contracts and subscriptions. The RNTF’s proposed architecture provides multiple diverse methods of delivering time that could be accessed by as many Americans as possible. It includes fiber connections; suites of existing atomic clocks at USNO, NIST, national labs, and elsewhere; L-band signals from space; and terrestrial broadcast.

We weren’t the only ones who thought this. Three months after we published our paper, the Department of Transportation released its report on GPS Backup Technologies. They also said the nation needed L-Band from space, fiber, and terrestrial broadcast.  Also agreeing with us is a group of CEOs and senior executives from major telecom companies acting as the National Security Telecommunications Advisory Committee (NSTAC).

In their May 2021 report to President Biden, they discussed GPS vulnerabilities and threats, urged establishment of a national timing capability, and funding. They recommended a structure, and I quote:

“…similar to that reflected in the Resilient Navigation and Timing Foundation’s paper entitled “A Resilient National Timing Architecture.” Further, to enhance the ability of commercial entities to afford leveraging this architecture, the Administration should appropriate sufficient funds to lay the foundation for creating this timing architecture, with the Federal Government being the first customer for what will ultimately become a resilient, interconnected network for PNT delivery.”

Very few in government, notably in the Office of Management and Budget, assert that government involvement and leadership is not needed. A resilient national timing architecture will grow organically as a result of free market forces.

Among the most important reasons why this is wrong is that there are no commercial incentives to create this kind of fundamental tech infrastructure for broad adoption and use. As the NSTAC mentioned in its report, it is not possible to compete with free GPS. Even if it were, the kind of broad adoption needed to ensure innovation and national resilience would be stifled by charging fees for basic, utility-level timing. And even if such an architecture did arise organically as a result of market forces, would it really meet the nation’s needs?

Some form of government policy and financial leadership is needed to make a resilient national timing architecture happen. That was recognized by the capitalist CEOs that make up the NSTAC and has been reinforced by industry groups since then.

It’s about time for us to establish a resilient national timing architecture.

(Adapted from Goward’s presentation at ATIS’ Time and Money Workshop, held at the New York Stock Exchange, 17 January 2023)

The post It’s About Time – For a National Resilient Timing Architecture appeared first on ATIS.