Introduction
5G builds upon existing telecommunication infrastructure to improve bandwidth and capabilities and reduce network-generated delays. However, 5G also carries over and introduces new risks that must be addressed to ensure its secure and safe use by the government and private sectors, including everyday citizens.
The complete evolution to 5G will take years but its goals are to meet increasing data and communication requirements, including a capacity for tens of billions of connected devices that will make up the internet of things, ultra-low latency—the delay in communications between connections—required for near-real-time communications, and faster speeds to support emerging technologies. 5G networks currently are in development; right now, availability is limited to urban areas around the country.
5G Security
5G security is going to become increasingly important. As major network operators launch new services around the world, much of the debate surrounding the network has been around the 5G security risks it represents.
And as 5G opens up more opportunities in areas such as healthcare, manufacturing, and transport, the reality is that it is becoming an increasingly attractive target for cyber criminals, as it increases the available threat surface along with the consequences of any damage inflicted. 5G is secure by design, ensuring that vertical industries’ high-security requirements are met.
Is there a concern about 5G security?
Clearly, governments are concerned about the security of 5G and the impact on data sharing down the line, dictated by the choices they’re making now.
In October 2019, the AT&T Cybersecurity Insights Report in the US suggested that businesses aren’t yet ready for 5G. While nearly all of the 704 respondents expected to make 5G-related security changes within the next five years, only 16 percent had started preparing. Participants were also concerned about the greater potential for attacks as well as the increased number of devices accessing the network.
5G Risks and Managing Vulnerabilities
5G implementation will introduce vulnerabilities in the following critical areas:
- Supply Chain: The 5G supply chain is susceptible to the malicious or unintentional introduction of risks like malicious software and hardware, counterfeit components, and poor designs, manufacturing processes, and maintenance procedures.
- Deployment: 5G will use more information and communication technology (ICT) components than previous generations of wireless networks. Improperly deployed, configured, or managed 5G equipment and networks may be vulnerable to disruption and manipulation.
- Network Security: 5G builds upon previous generations of wireless networks and is currently being integrated with 4G LTE networks that contain some legacy vulnerabilities, such as Distributed Denial of Service attacks and SS7/Diameter challenges. These vulnerabilities may affect 5G equipment and networks even with additional security enhancements.
- Competition and Choice: Despite the development of standards that encourage interoperability, some companies are building proprietary interfaces into their technologies, which limits customers’ choices to use other equipment. Lack of interoperability with other technologies and services limits the ability of trusted ICT companies to compete in the 5G market.
Telecomm service providers focus on 4 key topics in 5G
- MEC (Multi-Access Edge Computing)
Mutual trust between carriers and enterprise networks becomes a key focus. In particular, enterprise data should not leave the campus borders, carriers should satisfy the various vertical industries security requirements as well as ensure their own networks are protected from malicious enterprises trying to exploit the core network. - Slicing
5G Slicing enables end-to-end network monetization including security services monetization with greater utilization. It provides end-to-end encryption and strong isolation ensuring operators can support the different vertical industries’ security requirements. - Massive Connectivity
5G supports massive connectivity with higher bandwidth. Such traffic can be used maliciously to DDoS the operator’s network over both signaling and data planes. (Operators explore 5G anti-DDoS solutions that can mitigate these threats.). - Security Management
5G networks are complex, which require a centralized security management solution. Such a solution must support automatic patch management, situational-awareness capabilities, security orchestration, automation and response (SOAR) tools as well as AI-driven security capabilities.
5G Expands Cyber Risks
There are 5 ways in which 5G networks are more vulnerable to cyberattacks than their predecessors:
- The network has moved away from centralized, hardware-based switching to distributed, software-defined digital routing. In the 5G software-defined network, however, that activity is pushed outward to a web of digital routers throughout the network, thus denying the potential for chokepoint inspection and control.
- 5G further complicates its cyber vulnerability by virtualizing in software higher-level network functions formerly performed by physical appliances. These activities are based on the common language of Internet Protocol and well-known operating systems. Whether used by nation-states or criminal actors, these standardized building block protocols and systems have proven to be valuable tools for those seeking to do ill.
- Even if it were possible to lock down the software vulnerabilities within the network, the network is also being managed by software—often early generation artificial intelligence—that itself can be vulnerable. An attacker that gains control of the software managing the networks can also control the network.
- The dramatic expansion of bandwidth that makes 5G possible creates additional avenues of attack. Physically, low-cost, short-range, small-cell antennas deployed throughout urban areas become new hard targets. Functionally, these cell sites will use 5G’s Dynamic Spectrum Sharing capability in which multiple streams of information share the bandwidth in so-called “slices”—each slice with its own varying degree of cyber risk. When software allows the functions of the network to shift dynamically, cyber protection must also be dynamic rather than relying on a uniform lowest common denominator solution.
- Finally, of course, is the vulnerability created by attaching tens of billions of hackable smart devices (actually, little computers) to the network colloquially referred to as IoT. Plans are underway for a diverse and seemingly inexhaustible list of IoT-enabled activities, ranging from public safety things to battlefield things, to medical things, to transportation things—all of which are both wonderful and uniquely vulnerable. In July, for instance, Microsoft reported that Russian hackers had penetrated run-of-the-mill IoT devices to gain access to networks. From there, hackers discovered further insecure IoT devices into which they could plant exploitation software.
5G Threats and Challenges
- Access network threats
- Fake base station.
- Air interface/transmission attacks.
- RAN DDoS.
- MEC (Multi-Access Edge Computing) Threats
- Enterprise/Operator Network Attacks.
- Untrusted/Malicious 3rd-party Apps / MEC infrastructure attacks on Apps.
- Distributed network architecture.
- Core Network and Slicing Threats
- SBA (Service Based Architecture), slice resource sharing
- Border attack and penetration
- Further centralization and a wide range of fault impacts.
- External Threats
- Internet DDoS attack.
- Capability exposure API attack.
Conclusion
5G wireless technology will introduce a wealth of benefits that will pave the way for new capabilities and applications, transform the digital landscape, and be a catalyst for innovation, new markets, and economic growth. But first, we should track to ensure its safety and security before 5G’s widespread availability across the country and certainly prior to the introduction of 6G technology, which already is in development.