Many countries have been involved in the race towards realizing 5G networks. 5G or fifth-generation is an advanced wireless network technology developed based on 802.11ac IEEE wireless standard. It will replace its predecessor, the fourth-generation network, and expected to increase the data transmission and communication by over three times. Most countries are already implementing plans to facilitate a global rollout of the technology by 2020, and industry experts agree that 5G will offer unlimited potential towards enhancing human life. It is considered to be a key enabler of developing more reliable and fast connections to smartphones and all other smart devices. Some of the key advantages of the network include:
- Ability to expand thus increasing its capacity to connect more people and devices
- A lower latency of 1 ms, which will enable users to come across lesser lags and delays when attempting to access data through the network. A latency of one millisecond is impeccable for fast speeds
- 5G networks will provide higher rates of data, which can range between 1 and 20 Gbit/s, thus enabling users to download massive content quickly.
5G network development is still ongoing as most organizations strive to ensure their networks and IoT devices are 5G-ready by the time the technology goes live in 2020. It will work alongside the existing 4G and 3G technologies to help drive an unprecedented increase in IoT innovations. It will provide the platform required to process vast data amounts to help realize a more connected and smarter world. To mention just a few applications, 5G will connect everything, including connected autonomous vehicles, enable a surgeon to operate on a patient in a different country in real-time, and enable the realization of smart factories, homes, and cities.
However, the 5G network also raises considerable concerns in the cybersecurity sector. Launching the technology will be a complete physical overhaul of other existing networks that have had huge impacts over the past or so decade. Also, since 5G will be a conversion of most software-related networks, implementing future upgrades will be like installing new updates to a smartphone or computer program. This will breed numerous cyber vulnerabilities such that security professionals will have to contend with retooling tools and procedures to secure this essential network in the 21st century. Pursuing a fully connected future requires the world to place equivalent or greater focus on ensuring the security of the connections, applications, and devices. Building 5G networks on a weak cybersecurity foundation can only be likened to building a storied house on sand. It will come crashing down. Here are the top reasons why the 5G network will redefine cybersecurity approaches.
Possible 5G cybersecurity use cases
The 5G technologies will be applied in numerous industries to promote the development of better and quality services. As a result, they will have widespread use case scenarios that will need improved security levels. The following use cases are some of the top reasons why 5G networks will lead to a redefinition of cybersecurity approaches.
5G application in IoT
5G rollout will connect billions of IoT devices to the internet, and support interconnection between them. It will also contain faster internet speeds, thus allowing the simultaneous link of multiple IoT systems. However, this opens up many avenues and risks of cybercriminals executing different attacks. As a preventive measure, the sensors, radars, and IoT devices will need more sophisticated authentications and complex security controls to protect against unauthorized access and attacks.
Vehicles with the ability to move from point A to B without a driver is one of the incredible technologies that will be possible under 5G networks. The vehicles will use data communicated with other vehicles regarding traffic, weather conditions, and best routes to get around and prevent accidents. They will also move around with the help of sensors and radars. One can hence only imagine how such smart transportation systems will be prime targets of attacks. As the autonomous vehicles become a reality and more ingrained to transportation in the future, cyberattacks will also increase in intensity and sophistication. Robust security systems will, therefore, require evaluation and implementation.
Applying 5G in healthcare
Integrating 5G technology will revolutionize the care process. Currently, physicians can use wearable technology to monitor patients remotely. Such wearables collect sensitive information such as blood pressure, heartbeats per minute, and others needed to monitor patients. With 5G, the care processes will expand to include activities like precision medicine administration, medical prescriptions in response to chronic illnesses, and online consultation and treatment. The data used for remote care provisions must be transmitted securely and be stored safely. Various privacy invasion possibilities might spring up, including theft and compromise of medical data or identity. Prevention will entirely rely on well-established cybersecurity measures.
Expanded cyber risks
5G networks, similar to all new technologies, will result in an expanded cyber risk surface. The following are some of the widely expected reasons why 5G networks will result in expanded cyber risk surfaces, and why new cybersecurity approaches will be required.
New network architectures
The 5G network infrastructure will be different from that of its predecessors. It has moved from a hardware-based and centralized switching and distribution to a software-defined digital routing approach. The former allowed for the implementation of hub-and-spoke designs such that all activities in a network could be subjected to cyber hygiene practices in hardware choke points. This is not the case for 5G networks. 5G networks are based on a software-defined network where activities will be pushed towards digital web routers that are spread throughout the entire network. As a result, it will be impossible to identify or allow the deployment of chokepoints to be used in security inspection and control. Since it must be secured anyway, it will be vital to identify new ways of ensuring cyber hygiene practices are observed.
5G network technologies will lead to more complicate cybersecurity vulnerabilities by virtualizing software to high-level network functions. In older networks, physical appliances were designated to perform such functions. Most of the activities are developed and performed based on the Internet Protocol common languages as well as popular operating systems. As a result, it will be easier for cyber adversaries to attack the software and manipulate them to performing activities aimed at causing harm. Hackers will attempt to compromise virtualized software functions since they can be controlled remotely as opposed to physical appliances, hence bringing to light the need for better and more sophisticated security solutions. In spite of whether criminal actors or nation-states will target the virtualized software, it is clear that the standardized building systems and block protocols will provide malicious users with tools for committing crimes. Thus, cybersecurity solutions for countering them will need to be developed.
5G networks will have a dramatic bandwidth expansion. This increased bandwidth will provide attackers with new avenues for launching cyber-attacks. For example, one of the critical infrastructure requirements for implementing 5G networks is installing physically, short-range, low cost, and small-cell antennas within the area the 5G network should cover. These will become the center of attacks as whoever controls them can control some of the network’s aspects. For the cell sites to be functional, they will require to use 5G’s feature-capability known as Dynamic Spectrum Sharing. These allow multiple information streams to share the same bandwidth in the “slices,” and each slice contributes its own cyber risk degree. What this means is the cyber protection practices must become dynamic as 5G will see more software permitting network functions to shift more dynamically. Besides, cyber protection should be dynamic rather than depending on the uniform approach of the lowest common factor.
Even before the 5G network technologies can be deployed, plans are already in place to try to implement a diverse list of IoT-based applications. These range from use in military operations, transportation, public safety, healthcare, and smart urban centers. The devices will permit individuals and organizations alike to run critical processes. However, adding billions of IoT devices also introduces numerous vulnerabilities. All the devices are hackable, and this intonates the need for ensuring they contain the best controls, have access to the latest security patches, and are protected using robust anti-malware/antivirus solutions.
In spite of this, there are many instances where vendors fail to support their devices. This lack of support results in a failure to mitigate any existing vulnerabilities. This will provide hackers with stronger motivation for developing new exploits and using them to hack into the network. As the world embraces 5G networks, it will be necessary to adopt new approaches that ensure vendors prioritize IoT security before releasing and deploying devices on the network.
There are other reasons why 5G technology will cause cybersecurity concerns. In a 2019 global survey, at least 80% of the involved risk and cybersecurity leaders firmly believe that rolling out 5G networks will cause their organizations to experience increased cybersecurity challenges. The leaders stated that the topmost concerns are more targeted attacks on IoT technology and networks, 5G firmware and hardware lacking the requisite security architecture in their designs, and a larger attack surface. The survey report further stated that “the vulnerabilities in 5G appear to go beyond wireless, introducing risks around virtualized and cloud-native infrastructure”. These and other security challenges are significant reasons why the cybersecurity industry will undergo tremendous changes to match up the level of the cyber risk environment the 5G network deployment will cause.
Yet, having recognized that 5G technology has challenged the traditional assumptions made regarding network security, and application and IoT devices attached to the network, it is difficult to address them. This is due to the following three factors:
- Procedural rules in the industrial era that make it cumbersome in any rulemaking process
- Malicious actors have a higher incentive to overcome the currently deployed solutions compared to the incentives for maintaining security
- Stakeholders fear that risk factors identified internally can be exposed. This comes precisely at a time where sharing such information regarding risk factors can facilitate a collective defense resulting in greater security value
How can the world win the 5G race?
This remains to be the million-dollar question today. The real race, in what is considered to be the most valuable or important network of the future, is how to achieve sufficient cybersecurity solutions to realize the unprecedented technological benefits. Answering the question requires government and the private sectors to combine new efforts and have a better cybersecurity relationship. The answer? New approaches towards securing 5G technologies. Here are some of the widely expected techniques that will redefine cybersecurity approaches once 5G networks go live.
Reversing the underinvestment in reducing cyber risks
The importance of proactive investment in cybersecurity cannot be underscored. A continuously changing environment, even in the current network topologies, requires organizations to make substantial investments in new technologies, processes and complying with emerging regulations. For most of the public companies and huge private corporations, cyber investments are often driven from corporate board levels all the way down to management. Small and medium-sized enterprises, on the other hand, lack the resources and capacity to invest in IT security, causing cybercriminals to prefer them as the favorite entry points for attacks. 5G technologies will require substantial security investments since it will breed new risks that can’t be contained using the current traditional means. SMEs, homeowners with smart technologies, and all companies play a role in providing a critical infrastructure product or service must heavily invest in new processes to proactively address identified cybersecurity risks.
Cybersecurity begins with the 5G technologies themselves
Most of the leading organizations and network providers involved in 5G planning and implementation have committed valuable resources towards ensuring 5G network security. This will be a crucial enabler for the technologies to be secure. However, a vast majority of small and medium-sized internet service providers that serve rural and remote areas may be hard-pressed in rationalizing robust cybersecurity processes. For example, a necessary requirement is appointing a dedicated security officer or implementing a cybersecurity ops center that monitors network activities 24/7. Companies having 15 employees or less can find this to be an immense challenge, but will still provide 5G network services anyway. Now that all businesses are aware of the 5G cyber risks, they will expect companies providing the network’s services to demonstrate sufficient cybersecurity defenses that can sustain 5G network security. Whether small local ISPs or renowned brand names, they must implement successful cybersecurity programs to stand out.
Adopting lead indicators rather than log indicators
A 2018 report released by the White House indicated that the pervasive underreporting of incidences related to cybersecurity inhibits the ability of stakeholders and involved actors to respond immediately and effectively. Using log indicators regarding cyber-preparedness (post-attack logs) to respond to cyber occurrences has mostly defined the traditional approaches. Some affected companies fail to report some of the log incidences to relevant authorities, thus hamp,ering efforts to remediate them. In such cases, cyber adversaries often get away with their crimes. This cannot be afforded in 5G networks, especially where critical infrastructure is concerned.
As such, the deployment of 5G networks will require the adoption of a leading indicator method in communicating cyber-preparedness between government entities responsible for oversight functions, and interdependent commercial enterprises. One example through which will be made possible is prioritizing shared cybersecurity risk assessments as a best practice for companies and their supply chain partners. Observing a regular program where government regulators and company boards frequently engage by using leading indicators will develop trust, accelerate the 5G gap closure, and lean more towards constructive outcomes in case attackers are successful.
Growing need for DevSecOps
For most software developers today, creating secure apps requires them to integrate DevSecOps in their development processes. This is the practice of building security in every aspect throughout the entire development life cycle rather than incorporating security in an already finished product. It entails inserting cybersecurity in the development process as a design, sustaining considerations, and deployment for all new projects. Since 5G is expected to be software-driven, it is more important than ever to integrate security, not only in the software but also in hardware and firmware development. This might see regulations springing up where regulatory bodies might enforce the minimum-security requirements in all 5G hardware and software creation environments and centers. Similar to the GDPR or the California Consumer Privacy Act, both which stipulate the minimum-security guidelines for data protection.
Implementing AI and ML in security
One undeniable fact is the central role of artificial intelligence and machine learning in 5G realization. As much as innovations like driverless vehicles rely in 5G networks for real-time communication, they also require AI and machine learning technologies. They will use a combination of AI, sensors, radars, and cameras to get around in a smart urban center without requiring human operators. From a security perspective, most of the attacks in 5G networks will be targeting software used to drive important processes. They will, therefore, need software-based and intelligent solutions countermeasures. It would be illogical to deploy people as countermeasures for machine-based attacks. The advantage of using AI-powered solutions is that the security products will continue self-learning and updating to fit in a given environment effectively.
Emerging best practices
Best security practices must evolve as new technologies emerge. Most of the current network security standards will be inapplicable to 5G technologies since they will be having entirely new infrastructures and threats. In the NIST (National Institute of Standards and Technology) Cybersecurity Framework, the best security practices are identify, protect, detect, respond, and recover. These might apply in securing organizations from external and internal risks, but cannot be used in developing 5G IoT systems and devices. However, while industry-specific best practices are somehow effective, they can only be as strong as a weak link. They will place the largest burden on poorly informed users who might be unaware of whether they are fulfilling the best practices.
How will 5G impact government approach to cybersecurity
Harmonizing cyber regulatory relationships
Currently, cybersecurity structures prevent governments from getting ahead of 5G threats and determining detailed compliance requirements where adversaries will use the technology to change their tactics rapidly. Therefore, new cybersecurity paradigms need to be developed, where the main goal would be to de-escalate adversarial relationships between regulators and organizations. This would ensure regular cybersecurity engagements between network providers and regulators.
Recognizing shortcomings in the marketplace
Economic forces often define corporate behavior towards factors like cybersecurity. For example, cybersecurity costs can determine whether Corporation A will invest in specific cybersecurity controls, irrespective of whether they will affect Company B. As such, it is only fair that organizations will step up their cybersecurity efforts in 5G not to be punished by those that fail to do so. Governments should hence outline the security requirements for different industries in the race towards 5G security. Non-compliance should be met with the appropriate punishments, whereas a reward scheme should be used to appreciate complying entities. This will ensure that businesses operate within the same security baseline.
The leading cause of attacks is ill-informed customers who purchase technology based on cost rather than security. As 5G becomes global, numerous IoT devices and software will be used for critical tasks. Governments have the prerogative to ensure consumers have the necessary insight and awareness to ensure informed purchase decisions. This way, security will increase.
Inspecting and certifying devices
Protecting 5G networks from equipment vulnerable to attacks is essential to ensuring network security. Governments should hence inspect as well as certified all devices before they can connect to the 5G technologies. Certification should begin at the production level by verifying secure DevOps and end to the consumer level, where only certified items should be retailed.
Other important government contributions to 5G security are:
- Stimulating closure of security gaps in 5G supply chains
- Re-engaging international bodies to ensure 5G security practices are up to standard
I am a cyber security professional with a passion for delivering proactive strategies for day to day operational challenges. I am excited to be working with leading cyber security teams and professionals on projects that involve machine learning & AI solutions to solve the cyberspace menace and cut through inefficiency that plague today’s business environments.