Guest OpEd by Gilad David Maayan
Digital transformation is sweeping over the world, demanding new and better solutions for connectivity, user experience, and communication.
5G is a new cellular networking standard, built for the purpose of improving mobile connections.
However beneficial, the software-based nature of 5G, as well as its usage of distributed routing, poses critical threats on worldwide networks and users.
In this article, you will learn about the main 5G threats, and discover possible cyber security solutions.
What Is 5G?
5G is the newest standard for cellular networks.
It defines the radio frequencies, technical components, and data exchanges involved in mobile communications data.
This technology can drastically improve current mobile connections, providing 100 times faster data transfer than 4G.
To give an idea of how fast this is, with 5G, you should be able to download full length movies in seconds rather than minutes.
(5G networks are slowly rolling out. It will be 10 times faster than 4G LTE, which will open up possibilities for wireless VR experiences, reliable driverless cars, and medical advances. But there are a few hurdles 5G needs to overcome before consumers can really take advantage of it. Courtesy of Tech Insider and YouTube. Posted on Apr 21, 2019.)
5G Technology Cybersecurity Threats
While 5G technology can provide significant benefits to users, it can also present substantial risks.
You can learn about some of the most prominent risks below.
Distributed routing
Currently, networks are based on centralized switching, accomplished with hardware.
All traffic passes through a central hub. This limits how data can enter and creates gates that data must pass inspection or cleaning to enter.
It also enables administrators to easily quarantine data that fails to pass security tests.
5G networks, however, are software-based and use a distributed, digital routing approach.
This method creates more points of entry for data and requires security checkpoints to be more widely distributed.
This distribution makes it more difficult to identify and restrict malicious data.
Bandwidth expansion
Often, network security solutions are designed to monitor network traffic in real-time, inspecting each packet as it comes in.
This is possible because the rate of data is limited by network connections, preventing solutions from getting overwhelmed.
While these limitations aren’t great for customer experience, limits are necessary to keep networks secure.
The increase in speeds that 5G provides, however, allows data transfers that are faster than current solutions can handle.
This creates a situation where networks are either less secure or have to be externally slowed to remain secure.
(A report cautioning against posing peace sign in photos has triggered heated discussions on China’s social media platforms. Chinese security experts warned that the popular pose might reveal one’s fingerprints which could be used by cyber criminals. Courtesy of CGTN and YouTube. Posted on Sep 20, 2019.)
Internet of things (IoT) vulnerabilities
IoT device capabilities stand to grow considerably from 5G enhancements.
Currently, these devices are used to control a wide range of functions and processes, from traffic signals to factory machinery.
Increased performance enables IoT devices to be used with more advanced Artificial Intelligence (AI) and can provide higher volumes of sensor data.
Unfortunately, this creates opportunities for l impacts that were previously impossible.
IoT devices are already frequent victims of attack, such as the 2017 WannaCry ransomware.
(Tens of thousands of organizations were caught out by a computer virus called WannaCry. The malicious software locks data away and demands a payment of up to $300 (£230) a time before it will restore scrambled files. In the UK, many hospitals fell victim and some health organizations diverted ambulances and cancelled non-essential services as they sought to contain and clean up the infection. Infections in more than 99 nations are being reported by security firms. It appears that the hardest hit are Russia and Spain. Courtesy of BBC News and YouTube. Posted on May 13, 2017.)
Making devices more powerful creates a more appealing target for attackers.
Software virtualization
5G technologies replace hardware appliances with virtualizing software for high-level network functions.
This software performs functions based on common Internet protocol languages and operating systems.
Since functionality isn’t physically restricted by hardware, it is more remotely accessible to attackers.
This opens security concerns that were not previously present and which many security solutions aren’t prepared for.
(Verizon, a global communications and technology leader, has worked tirelessly to roll out its 5G Ultra Wideband service and first-ever 5G home service. One of the foundations of Verizon’s 5G service is its virtualized network, which allows Verizon to move workloads across the network to deliver new experiences such as single-digit-millisecond network latencies and drive broader application innovation. Verizon is driving virtualization from the core to the far edge with its focus on Open and virtualized RAN, and Intel has been a key partner in that transformation. Courtesy of Intel Corporation Newsroom and YouTube. Posted on Nov 25, 2019.)
5G Cybersecurity Solutions
While 5G does present some risks for users and organizations, these risks are manageable.
With the right preparation and care, you and your users can still benefit from this emerging technology.
Below are a few solutions you can consider implementing.
Ensure you aren’t underinvesting
5G represents a new set of technologies and vulnerabilities, meaning you likely need to invest in new security technologies as well.
These investments may be easy for larger companies but small to medium organizations and consumers are less likely to invest enough.
Unfortunately, attackers know this and often target these less protected devices accordingly.
Good security isn’t cheap but failure to properly protect your systems and data typically costs much more.
You are much better off spending on security upfront than trying to recover from an attack later.
(Barmak Meftah, President of AT&T Cybersecurty, talks cybersecurity in the era of 5G. Courtesy of AT&T Business and YouTube. Posted on Dec 2, 2019. See ‘Security at the Speed of 5G’ – the ninth edition of the AT&T Cybersecurity Insights Report here.)
Endpoint protection for IoT devices
Many security experts believe IoT devices must be protected by dedicated security solutions.
This reflects how computers were historically protected by antivirus software and later by full-featured endpoint protection platforms.
Agents can be installed on IoT devices that provide many protective measures against cyber attacks, as well as real-time endpoint detection and response (EDR).
EDR gives security staff the ability to investigate attacks as incidents are happening and respond by taking remote action on the IoT devices.
For example, isolating it from the network or wiping and reimaging it.
Endpoint protection and EDR solutions are being adapted to run on lightweight devices with limited memory and compute capabilities.
These solutions will also need to be installed and updated over the air (OTA).
(Recording from RSA 2020, Carolyn Crandall and Tony Cole sit down to discuss Attivo Networks’ newest product announcement: Endpoint Detection Net, which tackles endpoint security challenges head-on by making every endpoint a decoy designed to disrupt an attacker’s ability to break out and further infiltrate the network. It does this without requiring agents on the endpoint or causing disruption to regular network operations. Learn more at https://attivonetworks.com/product/endpoint-detection-net/. Courtesy of Attivo Networks and YouTube.)
Built-in 5G hardening
Luckily, many 5G planning, development, and provider organizations understand the importance of security.
These organizations are working to harden technologies from the start, providing sufficient monitoring and protocols on the back-end.
As the case with security investment, however, smaller developers and providers are less able to provide this support.
To adapt to these differences, is it important for you to understand what built-in controls are already provided and where security needs to be improved.
If you are providing services, you should be making your customers aware of their risks and providing guidance or recommendations for security.
(As 5G networks based on millimeter wave and sub-6 GHz frequencies scale out and move indoors, the need for strong radio planning processes, for both outdoor and indoor networks, has never been more important. Learn more from iBwave’s Marc-Antoine Lamontagne. Courtesy of RCR Wireless News and YouTube. Posted on Jan 21, 2020.)
Emerging best practices
5G is an emerging technology and security standards and best practices will continue to change as it is rolled out.
To remain protected, you need to stay on top of these changes and implement practices when developed.
Consider following sources such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
This and similar oversight organizations can help you implement practices uniformly. Such organizations can also provide security information and expertise that you may not otherwise have access to.
(A RSA Conference presentation by Srinivas Bhattiprolu, Senior Director – Solutions, Nokia Software, will provide a perspective of security and trust model in the 5G realm, why 5G security requires flexibility? What are the new security paradigms, approaches for 5G, how are they different from 4G ? How are the latest technologies like AI utilized in 5G security? What are the best practices and recommendations towards integration, orchestration and automation. Courtesy of RSA Conference and YouTube. Posted on Feb 25, 2020.)
Conclusion
5G technology can improve communications and connectivity, and provide improved services for users throughout the world.
It is especially important for implementations of smart city solutions and connected health systems.
To ensure that 5G is not turning into a critical security risk, you need to apply appropriate security measures.
You first need to assess your situation and then set an appropriate budget for cyber security.
The next step is to create a strategy that includes endpoint protection, built-in 5G hardening, and the implementation of 5G security practices as offered by organizations like NIST.
About the Author
Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
- Provides named sources
- Reported by more than one notable outlet
- Includes supporting video, direct statements, or photos