What 5G Technology means for cybersecurity risks
By Stephen M.W
Cyber Monday has arrived, and along with the billions of dollars spent online by shoppers today, there will be another price to pay: IT admins and InfoSec pros will not be surprised by the number of cybersecurity issues the day is also likely to bring. But as worrisome as cyberthreats are now, the stakes will soon get higher.
5G technology will drive an overhaul of telecommunication networks whose impact may run for decades. 5G holds mind-boggling promise. The machine-type communication is positioned to be the unique selling point and strategic difference 5G has over 4G. 5G networks will be at the core of mission-critical systems that facilitate the connectivity, automation, and digitization of robots, machines, transportation systems, and more. But with the tremendous 5G opportunities comes a greater need than ever to give weight to the security of devices, applications, and connections.
With China’s Huawei emerging as the world leader in 5G, plenty of cybersecurity concerns have revolved around the geopolitical intricacies of U.S.-China relations. However, 5G cybersecurity risks that will most affect the average person will be far less grandiose. The Huawei debate risks drawing attention away from the full spectrum of security risks 5G is associated with.
Unlike its predecessors, 5G is a software-driven network. That means future upgrades may not require changes to physical infrastructure but would rather be effected in much the same way as software updates to your smartphone’s OS and apps. While this dependence on software is going to mean a drastic reduction in upgrade costs for service providers, it also implies that any cyber vulnerabilities would have far-reaching long-term ramifications. It’s a complex challenge given the number of interdependent participants on a 5G network none of whom retain absolute and final responsibility for keeping the system secure.
The traditional enterprise network is hinged on hardware-based, centralized switching. It follows a hub-and-spoke configuration where all traffic passed through a limited number of hardware choke points where data packets could be inspected, cleaned, and/or quarantined.
The 5G network is software-centric and creates a distributed approach to digital routing. This distributed set of digital routers disseminates the task of cybersecurity to more nodes. With that, it loses out on the benefits of chokepoint control and inspection in enforcing security protocols.
Virtualization of networks
5G virtualizes higher-level network tasks previously executed by physical appliances. These tasks ride on standard Internet Protocol and commonly used operating systems. By transitioning from hardware to software-based operations, this inadvertently introduces attack convenience for criminal actors and rogue nation-states keen on exploiting network virtualization for ill intent.
At the physical level, the small cell, short-range, low-cost antennas that dot urban areas will be a lucrative target in the 5G dispensation. At the virtual level, cell sites will rely on the dynamic spectrum sharing (DSS) capability of 5G. The DSS involves sharing bandwidth between multiple streams of data with each bandwidth slice having its own level of cybersecurity risk. By allowing the network to shift dynamically, the cybersecurity controls must be dynamic too to accommodate the varying levels of risk. Enforcing a single lowest denominator cybersecurity solution will fall short of securing all slices.
Dramatic bandwidth expansion
5G technology is 100 times faster than 4G. It’s difficult for the average person to picture just how much faster this is given that 4G has proven itself pretty capable at handling video streaming, large file downloads, and other data-heavy everyday tasks. With 5G, downloading full-length movies will no longer be a minutes-long process but something that lasts seconds. This sudden, exponential growth in bandwidth will create new challenges for cybersecurity.
Many cybersecurity solutions rely on monitoring network traffic in real-time and identifying potential threats based on the signature of sniffed data packets. The effectiveness of these solutions has had a lot to do with bandwidth limitations that allow them to keep up with traffic. Bandwidth limitations have been a bad deal for the end-user experience but a great deal for network security. As 5G comes with incredibly faster network speeds, the capability of existing security solutions will be pushed well beyond its limits thus becoming inadequate.
The Internet of Things (IoT) has brought a plethora of ordinary household and workplace equipment online. But if the number of IoT devices seems large now, it pales in comparison to the diversity of gadgets 5G technology will unleash.
With this flood of devices comes new yet undiscovered backdoors that can serve as a channel for attackers to infiltrate business networks. As the threats will emanate from completely new sources, these cyberattacks will probably blindside many companies. And if this sounds a little farfetched, such incidents are already happening. For example, hackers used an unsecured smart thermometer in a fish tank to penetrate a Las Vegas casino’s network.
can be extremely difficult to pre-empt with current cybersecurity strategy approaches. Think about the smart Internet-enabled thermostats, door locks, coffee makers, lightbulbs, remote sensors, speakers, and office desks that will add tens of billions of new endpoints to a business network.
Physically consequential attacks
The enormous number and diversity of IoT devices spurred by 5G won’t only create new vulnerabilities. It will also be a catalyst for kinetic cyberattacks. That is a cyberattack that has physical consequences. IoT devices are increasingly facilitating or controlling various physical functions such as vehicle operations, air conditioning, door locks, and building access control systems.
If these systems are hacked, they can become weapons in the hands of an attacker to inflict physical harm. We’ve already seen a glimpse of these with the 2017 WannaCry ransomware attack that crippled police traffic cameras, blood-storage refrigerators, and MRI scanners.
The 2016 Mirai attack that halted or significantly impaired the operations of some of the world’s most high-profile websites demonstrated just how devastating botnets that leverage IoT could be. It’s a classic example of a DDoS attack.
As the Internet expands into the tens of billions of devices, the scale and ferocity of these attacks are only bound to grow. The entry of 5G network speed will only compound what will already be an overwhelming problem.
5G cybersecurity risks call for immediate action
5G is exciting but there’s a risk that hasty deployments could fail to adequately address the necessary cyber-risk mitigation measures. Mitigation should take into account the connected responsibilities of governments, telecommunication service providers, businesses, and consumers.
These issues aren’t to be addressed sometime in the distant future when 5G will be ubiquitous. The time for action is now so things are right from the get-go. An after-the-fact approach to 5G cybersecurity is much more expensive than conducting diligence upfront.