Search

5G Networks: What Are the Cybersecurity Implications?

Many countries have been involved in the race towards realizing 5G networks. 5G or fifth-generation is an advanced wireless network technology developed based on 802.11ac IEEE wireless standard. It will replace its predecessor, the fourth-generation network, and expected to increase data transmission and communication by over three times. Most countries are already implementing plans to facilitate a global rollout of the technology by 2020, and industry experts agree that 5G will offer unlimited potential towards enhancing human life. It is considered to be a key enabler of developing more reliable and fast connections to smartphones and all other smart devices. Some of the key advantages of the network include:

  1. Ability to expand thus increasing its capacity to connect more people and devices

  2. A lower latency of 1 ms, which will enable users to come across lesser lags and delays when attempting to access data through the network. A latency of one millisecond is impeccable for fast speeds

  3. 5G networks will provide higher rates of data, which can range between 1 and 20 Gbit/s, thus enabling users to download massive content quickly.

5G network development is still ongoing as most organizations strive to ensure their networks and IoT devices are 5G-ready by the time the technology goes live in 2020. It will work alongside the existing 4G and 3G technologies to help drive an unprecedented increase in IoT innovations. It will provide the platform required to process vast data amounts to help realize a more connected and smarter world. To mention just a few applications, 5G will connect everything, including connected autonomous vehicles, enable a surgeon to operate on a patient in a different country in real-time, and enable the realization of smart factories, homes, and cities.




However, the 5G network also raises considerable concerns in the cybersecurity sector. Launching the technology will be a complete physical overhaul of other existing networks that have had huge impacts over the past or so decade. Also, since 5G will be a conversion of most software-related networks, implementing future upgrades will be like installing new updates to a smartphone or computer program. This will breed numerous cyber vulnerabilities such that security professionals will have to contend with retooling tools and procedures to secure this essential network in the 21st century. Pursuing a fully connected future requires the world to place equivalent or greater focus on ensuring the security of the connections, applications, and devices. Building 5G networks on a weak cybersecurity foundation can only be likened to building a storied house on sand. It will come crashing down. Here are the top risks related to the 5G network.


- New network architectures


The 5G network infrastructure will be different from that of its predecessors. It has moved from a hardware-based and centralized switching and distribution to a software-defined digital routing approach. The former allowed for the implementation of hub-and-spoke designs such that all activities in a network could be subjected to cyber hygiene practices in hardware choke points. This is not the case for 5G networks. 5G networks are based on a software-defined network where activities will be pushed towards digital web routers that are spread throughout the entire network. As a result, it will be impossible to identify or allow the deployment of chokepoints to be used in security inspection and control. Since it must be secured anyway, it will be vital to identify new ways of ensuring cyber hygiene practices are observed.



- Software virtualization


5G network technologies will lead to more complicate cybersecurity vulnerabilities by virtualizing software to high-level network functions. In older networks, physical appliances were designated to perform such functions. Most of the activities are developed and performed based on the Internet Protocol common languages as well as popular operating systems. As a result, it will be easier for cyber adversaries to attack the software and manipulate them to performing activities aimed at causing harm. Hackers will attempt to compromise virtualized software functions since they can be controlled remotely as opposed to physical appliances, hence bringing to light the need for better and more sophisticated security solutions. In spite of whether criminal actors or nation-states will target the virtualized software, it is clear that the standardized building systems and block protocols will provide malicious users with tools for committing crimes. Thus, cybersecurity solutions for countering them will need to be developed.



- Expanded bandwidth


5G networks will have a dramatic bandwidth expansion. This increased bandwidth will provide attackers with new avenues for launching cyber-attacks. For example, one of the critical infrastructure requirements for implementing 5G networks is installing physically, short-range, low cost, and small-cell antennas within the area the 5G network should cover. These will become the center of attacks as whoever controls them can control some of the network’s aspects. For the cell sites to be functional, they will require to use 5G’s feature-capability known as Dynamic Spectrum Sharing. These allow multiple information streams to share the same bandwidth in the “slices,” and each slice contributes its own cyber risk degree. What this means is the cyber protection practices must become dynamic as 5G will see more software permitting network functions to shift more dynamically. Besides, cyber protection should be dynamic rather than depending on the uniform approach of the lowest common factor.



- IoT proliferation


Even before the 5G network technologies can be deployed, plans are already in place to try to implement a diverse list of IoT-based applications. These range from use in military operations, transportation, public safety, healthcare, and smart urban centers. The devices will permit individuals and organizations alike to run critical processes. However, adding billions of IoT devices also introduces numerous vulnerabilities. All the devices are hackable, and this intonates the need for ensuring they contain the best controls, have access to the latest security patches, and are protected using robust anti-malware/antivirus solutions.


In spite of this, there are many instances where vendors fail to support their devices.  This lack of support results in a failure to mitigate any existing vulnerabilities. This will provide hackers with stronger motivation for developing new exploits and using them to hack into the network. As the world embraces 5G networks, it will be necessary to adopt new approaches that ensure vendors prioritize IoT security before releasing and deploying devices on the network.


There are other reasons why 5G technology will cause cybersecurity concerns. In a 2019 global survey, at least 80% of the involved risk and cybersecurity leaders firmly believe that rolling out 5G networks will cause their organizations to experience increased cybersecurity challenges. The leaders stated that the topmost concerns are more targeted attacks on IoT technology and networks, 5G firmware and hardware lacking the requisite security architecture in their designs, and a larger attack surface. The survey report further stated that “the vulnerabilities in 5G appear to go beyond wireless, introducing risks around virtualized and cloud-native infrastructure”.


These and other security challenges are significant reasons why the cybersecurity industry will undergo tremendous changes to match up the level of the cyber risk environment the 5G network deployment will cause.

Yet, having recognized that 5G technology has challenged the traditional assumptions made regarding network security, and application and IoT devices attached to the network, it is difficult to address them. This is due to the following three factors:

  • Procedural rules in the industrial era that make it cumbersome in any rulemaking process

  • Malicious actors have a higher incentive to overcome the currently deployed solutions compared to the incentives for maintaining security

  • Stakeholders fear that risk factors identified internally can be exposed. This comes precisely at a time where sharing such information regarding risk factors can facilitate a collective defense resulting in greater security value



Credit: cyberexperts.com, Nasdaq


© De Angelis & Associates 2020. All Rights Reserved.

Contact

  • Facebook
  • LinkedIn

© De Angelis & Associates 2020. All Rights Reserved.

De Angelis & Associates New Logo (with w