How to handle cybersecurity in a 5G world

others   |   
Published July 24, 2020   |   

The 5G mobile network will revolutionize the world with its ability to connect virtually everyone and everything together including devices, machines, and objects. Sadly, the countries engaging in the “race” of deploying 5G technology are missing the bigger picture in a useless competition.

We all know that the United States, South Korea, and China are leading the world in building 5G technology, but which nation gets 5G built first; is controlling and overshadowing, other important factors, concerning the deployment of such a massive overhaul for the entire world.

The hyperfocus on Huawei by the Trump Administration to diminish China’s authority is nothing but kiddish gimmicks. Policy leaders need to move beyond this petty war and conduct a balanced risk assessment, with a broader focus on the impact drivers, threat probabilities, and vulnerabilities of 5G.

And, the time to address these concerns is now, before we become reliant on insecure 5G services with no strategies on how to sustain the cyber readiness of the 5G ecosystem, as a whole. With that said, let’s start with the cyber risks of 5G and how to tackle them (or in other words; win the real 5G race).

Top 5G Security Concerns

As 5G will become commonplace in voting machines, IoT, drones, hardware, retail call centers, privacy, automobiles, aviation, and pretty much every other industry, there are plenty of risks that make 5G networks may prove to be more vulnerable to cyberattacks, as compared to their predecessors.

  1. The network is migrating to the distributed-software-defined digital router than the traditional centralized, hardware-based switching. Previous networks utilize hub-and-spoke designs that brought with it hardware choke points to practice cyber hygiene. In 5G networks, the activity passes through a web of digital routers, hence preventing chokepoint inspection/control.
  2. Software higher-level network functions will be virtualized by 5G networks. Previously these activities were performed via physical appliances. Since they are based on the common language of well-known operating systems and Internet Protocol, these standardized building block systems and protocols have proven to be valuable tools for malicious activities.
  3. If it were possible to even confine the software vulnerabilities of 5G within the network, it is important to note that the network is also managed by software, which is often early generation artificial intelligence. This itself can be quite vulnerable and attackers may be able to gain control of the software managing networks to control the entire setup.
  4. The huge expansion of bandwidth that makes 5G possible can create extra risks and areas of attack. The physical, small-cell, short-range, and low cost antennas that will be deployed could become hard targets with varying degree of cyber risks. We need to assess how 5G software will allow the functions of the network to shift dynamically.
  5. The deployment of 5G will also lead to the production of billions of hackable smart devices to the network colloquially referred to as IoT (that still has many cyber risks in itself). Microsoft reported that Russian hackers gained access to private networks by penetrating run-of-the-mill IoT devices. This is a risk we cannot afford at any cost.

How to Win the Real 5G Race

5G has challenged our previous assumptions about network security and the cyber atmosphere of applications and devices connected to the network. To help organizations tackle the above concerns, here are a few steps you can follow for a solid 5G network security plan:

  1. Organizations around the world must recognize the shift in dynamics of network security to adhere to a “cyber duty of care”. This involves reversing chronic underinvestment in cyber risk, implementation of machine learning and artificial intelligence protection, inserting security into the development and operations cycle, and being more cyber-prepared overall.
  2. Companies must urge their governments to establish a new cyber regulatory paradigm reflective of new realities. Most current laws/rules were developed in an industrial environment, with almost no focus on security and related threats. Other steps involve stimulating closure of 5G supply chain gaps, re-engaging with international bodies, and inspection and certification of devices.
  3. The increased surface area of a 5G network also calls for more automation to help manage the environment and be wary of cyber threats instantly. Focus on implementing automated remediation and virtualized security controls to mitigate the above risks, especially in a world where cyber criminals keep on adapting to new technologies and becoming more clever overall.
  4. Invest in machine learning and threat detection, as the increase of MEC and 5G on the network will certainly be generating large amounts of information. By acquiring threat intelligence and detection, organizations can keep up with the sophisticated strategies for identity and authorization on a 5G network, where a zero-trust approach is the best bet.
  5. While the 5G network does come equipped with its own set of security features, you may still be vulnerable to numerous threats that even VPNs can protect you from. Make sure the deployment is a joint effort between your enterprise and the network operation, as there has to be a sense of shared responsibility between the two, otherwise things may not work out that smoothly.

Wrapping Things Up

Bear in mind the deployment of 5G will completely change the way we operate and even life-sustaining devices could be connected to the internet. If that isn’t enough for people to start thinking of the cyber implications of such a technology, then maybe we don’t deserve its implementation yet.

We should not be shushed into complacency because the network is new, but instead, try our best to pass legislation that acts on 5G cybersecurity. This is greater than a race of who successfully deploys the technology first, and the sooner we realize that, the better!