Steve Durbin is Chief Executive of Information Security Forum. He is a frequent speaker on the Board’s role in cybersecurity and technology.
At its core, 5G network technology is all about blazing speeds, massive data volumes and interconnectivity at a scale never witnessed before. It’s been a true enabler, albeit with some risks and challenges.
Firstly, rolling out 5G means investing heaps in structurally different network hardware that can support the velocity and volume that 5G promises. And then, in addition to the significant capex, virtualization of traditionally hardware-embedded network functions opens up new exploitation opportunities for malicious actors.
And with 5G, the stakes are higher than ever because 5G could soon become the backbone of critical national infrastructure. A report by Ericsson ConsumerLab and Omdia on the information and communication technology industry uncovered $31 trillion in addressable consumer revenues that will flow over 5G networks by 2030. Service providers could secure $3.7 trillion of this, driven by 5G connectivity.
This tech has already enabled latency-sensitive, mission-critical industrial control systems that run smart grids, smart cities and smart factories. Autonomous systems like self-driving cars and automatic pilot avionics also rely on the speed, capacity and reliability of 5G networks. Any disruption to these systems and applications can quickly fail.
Yet, security often takes a back seat when speed and volume are the driving forces.
Taking A Fresh Look At Traditional Cyber Threats
5G differs significantly from its predecessors in that it centers on software-defined networking, network virtualization and network functions virtualization. Virtualized network core and radio access networks allow network slicing for segregation and optimal resource allocation for different types of devices and services. But on the downside, virtualized network segments are prone to software vulnerabilities that attackers can leverage to move beyond the virtualization layer and into the physical layer.
Despite the many benefits, there are some security risks associated with network slicing as well. Multiple virtual networks and RAN partitions essentially create more entry points for malicious actors. An attacker can compromise a network slice to monopolize resources for compute-intensive activities like crypto mining. Such attacks are not only expensive, but they can also cause insufficient resources for critical services running on other virtual partitions.
The increasing number of software components results in increasingly complex supply chains. Security flaws in the suppliers’ environments can have direct implications on the bottom lines of associated businesses. Further, many latency-sensitive 5G applications like autonomous vehicles, video surveillance and the internet of things use multi-access edge computing. Instead of being consolidated in the cloud, the data is stored, processed and analyzed at the network edge (closer to the endpoints). While it enables real-time analytics and decision-making, it also expands the attack surface since critical data is distributed across an array of systems.
Then, of course, the same lightning-fast speeds and low latency that enable real-time machine-to-machine communications can also allow attackers to enact extremely fast and powerful distributed denial-of-service attacks. Industrial IoT such as crop sensors, medical robots, waste management sensors and smart water meters can become a target to cause wide-scale disruptions and chaos. And when attackers target the availability or integrity of 5G-connected cyber-physical systems, such as robotic telesurgery systems or autonomous vehicles, threats can quickly escalate and become lethal.
Winning Half The Battle Through Preparation
Governments and organizations alike are eager to roll out 5G technologies. I believe 5G will surely become the new standard of broadband cellular networks within the next few years. But the sheer volume and velocity of 5G networks, combined with the complex infrastructure and heavy reliance on software, create a perfect landscape for threat actors. While the government can dictate standards and regulations for secure 5G infrastructure, individual organizations will also be held liable for potential data breaches. Therefore, they should raise their security bars before threats become incidents.
Given the high stakes, security should be at the forefront of 5G rollout plans. Before organizations adopt 5G, their organizational processes must adapt accordingly. Here’s how companies can prepare in advance for the inevitable 5G revolution:
• Conduct risk assessments to identify 5G usage and risks factors across the organization.
• Update business continuity plans accordingly.
• Carefully review contractual agreements and establish service-level agreements with 5G operators.
• Evaluate vendors’ security standards and development processes across the supply chain.
• Bring security controls closer to the edge where data is being stored and processed; consider adopting a secure access service edge model.
It’s going to be a bumpy ride.
Despite doing everything right, companies must acknowledge that mistakes will inevitably happen. Often, bad actors are the first to find security flaws in new technologies. But being prepared can mitigate the impact of potential attacks. It can allow companies to identify and contain security incidents with minimal monetary and reputational damage. It might take years before cybersecurity stakeholders can truly get ahead of the 5G threat landscape, but until then, let’s hope that the underlying vulnerabilities don’t cause any irreparable loss.