5G is set to revolutionise our telecom network: facilitating the transfer and proliferation of big data, reducing energy consumption, and increasing connectivity performance. This new paradigm will enhance broadband speeds and capacity, in some cases by more than 100 times. It’ll also facilitate greater reliability and lower latency, taking response times down to single-digit milliseconds. This creates the potential for use cases like autonomous vehicles or lights-out factories.
It also has the potential to support massive machine-type communications (mMTC), connecting millions of devices per square kilometre. This supports the expansion of IoT at a never-before-seen scale. With these new communication capabilities comes a different breed of architecture: more distributed intelligence on “the edge”; greater possibilities for third party intervention; and a network that’s more flexible and adaptable.
However, with these new capabilities come new risks. With greater connectivity and more entry points, there are more opportunities for malicious actors to hack networks. Thus, as much as the 5G revolution presents a remarkable opportunity, it has to be approached strategically. Here, we discuss the challenges and the routes to adaptation.
Table of Contents
Exciting opportunities on the horizon
The G in 5G stands for generation. The release of this technology marks the fifth iteration of wireless mobile communications. Since 1G was developed in the 1970s, each generation has facilitated greater data transmission speeds, changing the way that we communicate.
However, 5G will go one step further. This next generation in mobile connectivity will bring more than mere bandwidth improvement or speed; it will facilitate ultra-low latency, intelligent power consumption, network slicing, and high-density device communication. All of these things account for a significant technological breakthrough, changing a telecom network’s core capabilities.
This is because it’s not only the radio waves that have developed; the network architecture has also evolved. Like other networks, 5G uses a system of cell sites that cover certain areas. However, this next generation of wireless technology will rely on hundreds of thousands of ‘small cell’ transmitters. These transmitters can be placed anywhere in cities and buildings, which Forbes magazine described as, “the biggest shift in telecommunications since the invention of the cellphone.”
The enhanced speed these distributed transmitters will provide will allow for significantly faster data transmission, depending on the application. Often, 5G is described as 100 times faster than 4G; however, in some use cases, it can be as much as 1000 times faster. This has the potential to facilitate never before seen connected technologies, like self-driving cars. Equally, it could provide critical services for healthcare professionals.
5G will be the essential connective tissue for the Internet of Things, enabling the exponential growth of a worldwide network of internet-powered devices. Estimates project that by 2025, IoT will grow threefold, linking everything from mobile devices to robots, to complex industrial machinery.
The cybersecurity risks coming with these benefits
A recent long-read in The New Yorker published statistics that suggest 5G has the potential to pump $12 trillion into the global economy over the next 15 years. This won’t only be value created via automation; 5G is also set to create 22 million jobs in the US alone over the same period. This will usher in what’s been dubbed the fourth industrial revolution or Industry 4.0.
However, the greater the connectivity, the greater the risk. In a hyper-connected mMTC environment, the likelihood of a security breach increases exponentially. Even ahead of the 5G era, hackers have wreaked havoc on infrastructure, homes, and businesses. According to the same New Yorker report, the average American is now more worried about cybercrime than violence.
Considering the risks, public and private organisations alike are analysing how to address these new, complex security threats. The Brookings Institution, a non-profit public policy think tank, has identified five key ways in which 5G networks are more vulnerable to cyberattacks.
As the network relocates from centralised, hardware-based architecture to distributed, software-powered digital routing, the potential for hardware ‘chokepoints’ is lost. This diminishes the capacity for cyber hygiene as there are fewer obstructions between devices.
This virtualisation of higher-level network functions also standardises previously complex physical systems. Where once every physical building block of a network presented a new barrier for cybercriminals, now, these tools have been standardised to allow for greater interoperability. This, naturally, cuts out a lot of work for those seeking to do ill.
Early generation AI
Even outside of the possibility of mitigating all the software vulnerabilities in the wider network, the network is also managed by software. Frequently, this will be early generation artificial intelligence, which can be vulnerable to attack. If a hacker gains control of this software, they could take over the entire network.
New avenues of attack
The significant increase in bandwidths associated with the 5G rollout creates new avenues of attack for cybercriminals. This is, once again, because of the greater distribution of nodes. According to Brookings’ report, “small-cell antennas deployed throughout urban areas become new hard targets.”
The proliferation of smart devices
The tens of millions of hackable devices in the Internet of Things are creating a whole host of new opportunities for hackers. From devices in public infrastructure, hospitals, homes, even battlefields are all, in the words of the report, “wonderfully and uniquely vulnerable.”
As is evident from the risk factors described above, the chief benefits of 5G are also its biggest downsides. With the ability to connect more devices, comes an increase in threat vectors for cybercriminals. Equally, faster networks also mean the potential for the rapid spread of viruses and malware. The more users in the network, the greater the potential for infected devices and systems to spread malign software to others, making botnet attacks a particular concern.
In the face of new threats, the cybersecurity community needs to reappraise strategy and shore up defences. This means that the future of cybersecurity will be inextricably linked to the understanding of the risks associated with 5G and having the capacity to counter constantly emerging threats. This will begin with some foundational principles, which we will discuss next.
Measures every telecom network should take to adapt
As connected devices play an increasingly integral role in peoples’ homes, businesses and cities, every telecom network has a duty to ensure cybersecurity. Experts suggest that regulators should seek to incentivise telecom networks to invest insecurity, instilling a duty of care for their customers. This would begin with the following investments, implementations and strategies.
Invest in cybersecurity
A proactive approach to cybersecurity is absolutely essential, although right now, this tends to be the exception rather than the norm. Statistics from the United States suggest that public organisations are investing heavily in cybersecurity ahead of the dawn of 5G. Meanwhile, the private sector is lagging behind, particularly smaller businesses. As part of a duty of care to their customers, every telecom network should invest heavily in cybersecurity R&D.
For example, small- and medium-sized wireless ISPs – which often serve remote communities – are falling behind when it comes to 5G-ready security. For some, this is due to a lack of manpower and financial resources, and yet, they are still implementing 5G networks. If they want to serve their communities properly, it is essential these small telco players rethink their budgets.
Fight fire with fire
The key vulnerability in 5G networks is software, and thus, they must be shored up with software protections. Machine learning and artificial intelligence will be crucially important in this fight, as cybercriminals develop fast-spreading malware and malign bots. These programs work with speed and scale; therefore, we need protections that can mirror this capacity.
Incorporate security into the DevOps cycle
In software, developers have lived by the Agile methodology for decades now. This means sprinting to deploy minimum viable products, accepting risk, and upgrading later according to consumer feedback. However, in the wake of 5G, DevOps teams need to incorporate security into Agile processes. Sustainment also needs to be taken into account as part of their duty of care for customers.
Collaborating to define best practice
The National Institute for Standards and Technology (NIST) Cybersecurity Framework has identified five areas for best practice in cybersecurity. These are: identify, protect, detect, respond, and recover, which could become the basis of an industry standard. For example, “identify” focuses on determining a company’s cyber threats, and vulnerabilities in order to identify cyber risk reduction investments. Equally, the Consumer Technology Association (CTA), which represents the $377 billion U.S. consumer technology industry, produced an anti-botnet guide. This document outlines best practices for device manufacturers.
However, the problem with industry-led best practice initiatives is there’s no way of telling if they’re being followed. Although the CTA initiative, for instance, may have been well-intentioned, there’s no way for consumers to check compliance. Really, we need legislation to protect the consumer; and only then, with full industry buy-in, can we establish best practice. As part of their duty of care, 5G networks need to own the residual risk and work together with government oversight to assign cross-sector mitigation responsibilities.
Harmonising the regulatory environment
If indeed governments have a vital role to play in the new cybersecurity landscape, telco and regulators need to establish a collaborative relationship. In the past, governments and companies have had somewhat of an adversarial relationship, where corporations perceive legislation as a roadblock to innovation. However, considering the fresh threats that face both states and companies, a new paradigm in cybersecurity needs to develop, where regulators and executives work together to protect data.
Consumer education and full transparency
One of the leading causes of security breaches is ill-informed consumers who purchase technology based on cost over security. As 5G goes global, various IoT devices and software will be implicated in critical tasks. Equally, consumers tend to be vulnerable to social engineering attacks, which are becoming an increasingly prevalent strategy for cybercriminals. Therefore, it is essential that regulators and businesses alike ensure consumers are aware of the risks associated with their actions, whether it be purchases or online activity.
Collaborate and innovate to protect 5G networks
With the arrival of 5G, the digital landscape will radically change. A software-based network built on a distributed architecture is uniquely vulnerable. As software operations are vulnerable by nature and distributed topologies forego the centralised chokepoints that 3 and 4G offered, 5G gives hackers fresh opportunities to invade. Given that the principal cyber threats come through commercial networks, devices, and apps, a comprehensive approach to cybersecurity will happen through collaboration. Telecom networks, app developers, and device manufacturers alike need to act on a duty of care for their users.
The regulatory environment also needs to evolve along with the new 5G landscape. National and transnational legislative bodies need to incentivise companies to address the vulnerabilities they create. The moment is now for unilateral action to address exposures, structural shortfalls, and funding gaps – or else the unique benefits of a 5G enabled future could leave consumers, businesses, and organisations uniquely vulnerable.
Sourcing the expertise you need
5G will revolutionise connectivity. With the low latency, the potential for mMTC, and network slicing, every telecom network can significantly expand its capabilities and offering. However, as the cliche goes, with great power comes great responsibility. With this new structure comes new threats and companies need to reappraise their security strategy. This requires expertise.
Identifying a cybersecurity specialist is crucial to a successful 5G rollout, as choosing the defence strategies relevant to your business needs is essential. Cybercriminals strategies are evolving all the time, so you need experts that are one step ahead. But where can telco find these experts? How can networks identify professionals that have experience relevant to such novel technologies?
Outvise was founded to forge relationships between businesses and experts. With a curated network of more than 30,000 fully-certified TMT and digital specialists, businesses can identify an expert with the relevant expertise in as little as 48 hours. With profiles ranging from cybersecurity experts to data architecture specialists, to Scrum masters and project managers, Outvise connects telco with best-in-class talent.
During his career, he supported several Multinationals including Govt. organizations in Middle East Asia, South East Asia, India, the USA and Europe by providing them Security advisory services focusing on Cyber Security Strategy, Digital Transformation, Security Adoption, amongst other services leading to improved cybersecurity posture aligned with business & regulatory needs. He is currently based in India and supports his clients in South East Asia and the USA.