5G or fifth-generation is an advanced wireless network technology developed based on 802.11ac IEEE wireless standard. It replaces its predecessor, the fourth-generation network, increasing data transmission and communication by over three times. Most countries are already implementing a global rollout of the technology, and industry experts agree that 5G offers unlimited potential towards enhancing human life. It is considered a key enabler of developing more reliable and fast connections to smartphones and all other smart devices. 5G cybersecurity must be paramount. Some of the key advantages of the network include:
- Ability to expand, thus increasing its capacity to connect more people and devices
- A lower latency of 1 ms will enable users to come across lesser lags and delays when attempting to access data through the network. A latency of one millisecond is impeccable for fast speeds
- 5G networks will provide higher data rates, which can range between 1 and 20 Gbit/s, thus enabling users to download massive content quickly.
5G works alongside older 4G and 3G technologies to help drive an unprecedented increase in IoT innovations. It provides the platform required to process vast data amounts to realize a more connected and smarter world. To mention just a few applications, 5G connects everything, including connected autonomous vehicles, enables a surgeon to operate on a patient in a different country in real-time, and enables the realization of smart factories, homes, and cities.
However, the 5G network also raises considerable concerns in the cybersecurity sector. Launching the technology was a physical overhaul of other existing networks that have had huge impacts over the past or so decade. Also, since 5G was a conversion of most software-related networks, implementing future upgrades is like installing new updates to a smartphone or computer program. This is breading numerous cyber vulnerabilities such that security professionals have to contend with retooling tools and procedures to secure this essential network. Pursuing a fully connected future requires the world to place equivalent or greater focus on ensuring the connections, applications, and devices are secure.
Here are the top reasons why the 5G network is refining cybersecurity approaches.
5G cybersecurity use cases
The 5G technologies are being applied in numerous industries to promote better and quality services. As a result, they will have widespread use case scenarios that will need improved security levels. The following use cases are among the top reasons why 5G networks have created a redefinition of cybersecurity approaches.
5G application in IoT
5G rollout connects billions of IoT devices to the internet and supports interconnection between them. It will also contain faster internet speeds, thus allowing the simultaneous link of multiple IoT systems. However, this opens up many avenues and risks of cybercriminals executing different attacks. As a preventive measure, the sensors, radars, and IoT devices will need more sophisticated authentications and complex security controls to protect against unauthorized access and attacks.
Vehicles with the ability to move from point A to B without a driver are one of the incredible technologies that will be possible under 5G networks. The vehicles use data communicated with other vehicles regarding traffic, weather conditions, and best routes to get around and prevent accidents. They also move around with the help of sensors and radars. One can hence such smart transportation systems are prime targets of attacks. As autonomous vehicles become a reality and more ingrained in transportation, cyberattacks will also increase in intensity and sophistication. Robust security systems will, therefore, require evaluation and implementation.
Applying 5G in healthcare
Integrating 5G technology is revolutionizing the care process. Currently, physicians can use wearable technology to monitor patients remotely. Such wearables collect sensitive information such as blood pressure, heartbeats per minute, and others needed to monitor patients. With 5G, the care processes are expanding to include precision medicine administration, medical prescriptions in response to chronic illnesses, and online consultation and treatment. The data used for remote care provisions must be transmitted securely and be stored safely. Various privacy invasion possibilities might spring up, including theft and compromise of medical data or identity. Prevention will soon entirely rely on well-established cybersecurity measures.
Expanded cyber risks
5G networks, similar to all new technologies, results in an expanded cyber risk surface. The following are some of the widely expected reasons why 5G networks expanded cyber risk surfaces and why new cybersecurity approaches are required.
New network architectures
The 5G network infrastructure is different from that of its predecessors. It has moved from a hardware-based and centralized switching and distribution to a software-defined digital routing approach. The former allowed for the implementation of hub-and-spoke designs such that all activities in a network could be subjected to cyber hygiene practices in hardware choke points. This is not the case for 5G networks. 5G networks are based on a software-defined network where activities are pushed towards digital web routers spread throughout the entire network. As a result, it is impossible to identify or allow chokepoints to be used in security inspection and control. Since it must be secured anyway, it is vital to identify new ways of ensuring cyber hygiene practices are observed.
5G network technologies lead to more complicated cybersecurity vulnerabilities by virtualizing software to high-level network functions. In older networks, physical appliances were designated to perform such functions. Most of the activities are developed and performed based on the Internet Protocol common languages and popular operating systems. As a result, it is easier for cyber adversaries to attack the software and manipulate them to performing activities aimed at causing harm. Hackers will attempt to compromise virtualized software functions since they can be controlled remotely instead of physical appliances, hence bringing to light the need for better and more sophisticated security solutions. Whether criminal actors or nation-states will target the virtualized software, it is clear that the standardized building systems and block protocols provide malicious users with tools for committing crimes. Thus, cybersecurity solutions for countering them must be developed.
5G networks have a dramatic bandwidth expansion. This increased bandwidth provides attackers with new avenues for launching cyber-attacks. One of the critical infrastructure requirements for implementing 5G networks is installing physically, short-range, low cost, and small-cell antennas within the area the 5G network should cover. These are the center of attacks as whoever controls them can control some of the network’s aspects. For the cell sites to be functional, they require 5G’s feature-capability known as Dynamic Spectrum Sharing. These allow multiple information streams to share the same bandwidth in the “slices,” and each slice contributes its own cyber risk degree. This means that the cyber protection practices must become dynamic as 5G sees more software permitting network functions to shift more dynamically. Besides, cyber protection should be dynamic rather than depending on the uniform approach of the lowest common factor.
Plans are already in place to continue to implement a diverse list of IoT-based applications. These range from use in military operations, transportation, public safety, healthcare, and smart urban centers. The devices permit individuals and organizations alike to run critical processes. However, adding billions of IoT devices also introduces numerous vulnerabilities. All the devices are hackable. This intonates the need to ensure they contain the best controls, access the latest security patches, and are protected using robust anti-malware/antivirus solutions.
Despite this, there are many instances where vendors fail to support their devices. This lack of support results in a failure to mitigate vulnerabilities. This provides hackers with stronger motivation for developing new exploits and using them to hack into the network. As the world continues to embrace 5G networks, it is necessary to adopt new approaches that ensure vendors prioritize IoT security before releasing and deploying devices on the network.
Yet, having recognized that 5G technology has challenged the traditional assumptions made regarding network security and application and IoT devices attached to the network, it isn’t easy to address them. This is due to the following factors:
- Procedural rules in the industrial era make it cumbersome in any rulemaking process.
- Stakeholders fear that risk factors identified internally can be exposed. This comes precisely when sharing such information regarding risk factors can facilitate a collective defense resulting in greater security value.
How can the world win the 5G race?
In what is considered the most valuable or important network, the real race is how to achieve sufficient cybersecurity solutions to realize unprecedented technological benefits. Here are some of the techniques that have redefined cybersecurity approaches.
Reversing the underinvestment in reducing cyber risks
The importance of proactive investment in cybersecurity cannot be underscored. Even in the older network topologies, a continuously changing environment requires organizations to make substantial investments in new technologies, processes and complying with emerging regulations. For most public companies and huge private corporations, cyber investments are often driven from corporate board levels all the way down to management. On the other hand, small and medium-sized enterprises lack the resources and capacity to invest in IT security, causing cybercriminals to prefer them as the favorite entry points for attacks. 5G technologies require substantial security investments since they breed new risks that can’t be contained using the current traditional means. SMEs, homeowners with smart technologies, and all companies that play a role in providing a critical infrastructure product or service must heavily invest in new processes to proactively address identified cybersecurity risks.
Cybersecurity begins with the 5G technologies themselves.
Most of the leading organizations and network providers involved in 5G commit valuable resources towards ensuring 5G network security. This is a crucial enabler for the technologies to be secure. However, many small and medium-sized internet service providers that serve rural and remote areas are hard-pressed in rationalizing robust cybersecurity processes. For example, a requirement is appointing a dedicated security officer or implementing a cybersecurity ops center that monitors network activities 24/7. Companies with 15 employees or less can find this an immense challenge but still provide 5G network services anyway. Now that all businesses are aware of the 5G cyber risks, they will expect companies providing the network’s services to demonstrate sufficient cybersecurity defenses that can sustain 5G network security. Whether small local ISPs or renowned brand names, they must implement successful cybersecurity programs to stand out.
Adopting lead indicators rather than log indicators
A 2018 report released by the White House indicated that the pervasive underreporting of incidences related to cybersecurity inhibits stakeholders’ ability and involved actors to respond immediately and effectively. Using log indicators regarding cyber-preparedness (post-attack logs) to respond to cyber occurrences has mostly defined the traditional approaches. Some affected companies fail to report some of the log incidences to relevant authorities, thus hampering efforts to remediate them. In such cases, cyber adversaries often get away with their crimes. This cannot be afforded in 5G networks, especially where critical infrastructure is concerned.
As such, 5G networks require adopting a leading indicator method in communicating cyber-preparedness between government entities responsible for oversight functions and interdependent commercial enterprises. One example that will be made possible is prioritizing shared cybersecurity risk assessments as a best practice for companies and their supply chain partners. Observing a regular program where government regulators and company boards frequently engage by using leading indicators develop trust, accelerate the 5G gap closure, and leans more towards constructive outcomes in case attackers are successful.
The growing need for DevSecOps
For most software developers today, creating secure apps requires them to integrate DevSecOps in their development processes. This is the practice of building security in every aspect throughout the entire development life cycle rather than incorporating security in an already finished product. It entails inserting cybersecurity in the development process as a design, sustaining considerations, and deploying all new projects. Since 5G is software-driven, it is more important than ever to integrate security, not only in the software but also in hardware and firmware development. This might see regulations springing up where regulatory bodies might enforce the minimum-security requirements in all 5G hardware and software creation environments and centers. Similar to the GDPR or the California Consumer Privacy Act, both stipulate the minimum-security guidelines for data protection.
Implementing AI and ML in security
One undeniable fact is the central role of artificial intelligence and machine learning in 5G realization. As much as innovations like driverless vehicles rely on 5G networks for real-time communication, they also require AI and machine learning technologies. They use a combination of AI, sensors, radars, and cameras to get around in a smart urban center without requiring human operators. From a security perspective, most of the attacks in 5G networks target software used to drive important processes. They need software-based and intelligent solutions countermeasures. It is illogical to deploy people as countermeasures for machine-based attacks. The advantage of using AI-powered solutions is that the security products effectively continue self-learning and updating to fit in a given environment.
Emerging best practices
Best security practices must evolve as new technologies emerge. Most of the previous network security standards are inapplicable to 5G technologies since they have entirely new infrastructures and threats. In the NIST (National Institute of Standards and Technology) Cybersecurity Framework, the best security practices are identify, protect, detect, respond, and recover. These might apply to securing organizations from external and internal risks but cannot be used to develop 5G IoT systems and devices. However, while industry-specific best practices are somehow effective, they can only be as strong as a weak link. They place the largest burden on poorly informed users who might be unaware of whether they are fulfilling the best practices.
How is 5G impacting the government approach to cybersecurity?
Harmonizing cyber regulatory relationships
Currently, cybersecurity structures prevent governments from getting ahead of 5G threats and determining detailed compliance requirements where adversaries will use the technology to change their tactics rapidly. Therefore, new cybersecurity paradigms must be developed, where the main goal would be to de-escalate adversarial relationships between regulators and organizations. This would ensure regular cybersecurity engagements between network providers and regulators.
Recognizing shortcomings in the marketplace
Economic forces often define corporate behavior towards factors like cybersecurity. For example, cybersecurity costs can determine whether Corporation A will invest in specific cybersecurity controls, irrespective of whether they will affect Company B. As such, it is only fair that organizations who step up their cybersecurity efforts in 5G not be punished by those that fail to do so. Governments should hence outline the security requirements for different industries in the race towards 5G security. Non-compliance should be met with the appropriate punishments, whereas a reward scheme should be used to appreciate complying entities. This will ensure that businesses operate within the same security baseline.
The leading cause of attacks is ill-informed customers who purchase technology based on cost rather than security. As 5G becomes global, numerous IoT devices and software will be used for critical tasks. Governments have the prerogative to ensure consumers have the necessary insight and awareness to ensure informed purchase decisions. This way, security will increase.
Inspecting and certifying devices
Protecting 5G networks from equipment vulnerable to attacks is essential to ensuring network security. Governments should hence inspect and certify all devices before they can connect to the 5G technologies. Certification should begin at the production level by verifying secure DevOps and end to the consumer level, where only certified items should be retailed.
Other important government contributions to 5G security are:
- Stimulating closure of security gaps in 5G supply chains
- Re-engaging international bodies to ensure 5G security practices are up to standard