5th generation wireless networks are now part of our daily lives and make up an increasingly significant portion of each country’s telecommunications traffic and the circulating information.
5G wireless technology is a revolutionary transformation of network operation and comprehensive business practice. 5G networks aim to integrate telecommunications, computing, and storage resources into a programmable and integrated infrastructure, supporting very high transmission speeds, low latency, and a considerable number of devices, offering many different categories of services and applications.
The new generation of networks is based on new technologies and architectures. These technologies and architectures run through every part of the network, initially, through the radio access which is the part where the user is directly connected to the network. Then, the backbone network, which is the most remote part of the network, is responsible for user connectivity, internet access, routing, and a host of other essential functions, such as user authentication and multi-level cybersecurity support.
5G network security
However, along with the rapid development of networks, a corresponding growth of threats to systems security has also been recorded. As a result, cybersecurity threats have evolved steadily over the last ten years. In addition to the variety and complexity of system vulnerabilities, the mode of operation of attackers and cyber threats has changed significantly over time.
Due to the digitization of industries and public services, the increased frequency of attacks also implies an increased significance of the effects of cyberattacks. The confidentiality, integrity, availability, and privacy of information circulated or stored by users through 5th generation networks is vital for all network Operators and the whole social structure. Moreover, system security will be the backbone of many critical IT applications, such as e-commerce, electronic payments, and interaction with the healthcare system.
Security standardization
The specifications of the 5G networks are designed by the 3GPP organization. Of course, 3GPP includes a special section that concerns the network security architecture. The main purpose of this section is to protect the connectivity of the users and the availability of services and their management by network providers. It combines techniques and security solutions proposed by various standardization bodies (eg, IETF, ETSI ISG NFV, NIST). Therefore, it can be said that the methods and solutions that have been specified are very advanced, especially concerning similar strategies followed by the previous wireless networks. For example, new encryption and authentication techniques have been standardized, and new entities have been added to the network architecture to support an innovative Zero Trust model. This means that any exchange of information between entities of the same network involves entities of other stakeholders, e.g., other infrastructure and service providers follow specific rules and use cryptographic keys.
Security challenges
However, it should be noted that the new 5G networks are not being developed autonomously and distinctly from the beginning. Instead, the global practice is for network providers to slowly integrate portions of 5G networks into existing systems. This, in turn, suggests that it is impossible to support the entire security architecture of 5G networks from the beginning. Still, some security issues that plagued the networks of previous generations are necessarily left open.
The complexity of new networks and the use of new technologies offer substantial internet possibilities and incredible new services to users. Still, at the same time new possibilities of system attacks, are emerging.
Cyber security in the EU
The European Union has developed a strategy to address the challenges in cybersecurity to strengthen the resilience of systems and cyber defense, combating cybercrime, stimulating research and innovation in the field, and ultimately protecting critical infrastructure. In the area of communications protection, Directive 2018/1972 establishes a new European Code of Electronic Communications, Article 40 of which contains detailed security requirements for electronic communications providers, and Article 41 describes how the competent authorities will enforce these safety requirements. The European Cyber Security Agency (ENISA) supports the EU Member States in implementing Article 40 to ensure an effective, efficient, and harmonized approach to EU security surveillance. In January 2020, the European Network and Information Systems Cooperation Group (NIS Cooperation Group) published a toolbox with security measures for 5G networks, while recently proposed a new European Directive, which includes a revised set of rules to enhance resilience cyber threats. The new rules will impose stricter security obligations on companies, cover supply chain security, including network equipment suppliers, introduce more stringent oversight measures for national authorities and further enhance information exchange and cooperation.
Cyber Security awareness
The world is going through a period where rapid changes are taking place in the way networks operate. This requires increased reflexes from the companies involved and the institutions and regulators. Dealing with the problem and cyber security threats must be holistic. It requires the attention and cooperation of institutions not only nationally but also globally. But what needs to be imprinted as a perception among users today is the need for constant information and constant awareness on issues related to communications security. Only then will the digital transformation that is currently taking place be shielded against threats and leverage the expected development growth.