Why 5G Requires New Approaches to Cybersecurity

A brief history of Wireless Networks

The University of Hawaii first developed the professional wireless network in 1969. The first commercial wireless network, WaveLAN product, was developed in 1986 by NCR. The second generation of wireless networks known as GSM was deployed in 1992. New standards were adopted every nine years, and in 2001, various 3G standards started popping up with equally competing deployments. After another nine-year cycle, wireless service providers deployed 4GLITE wireless technology, and it soon became the dominant technology. The fifth-generation technology for cellular networks, 5G, was deployed in 2019 and is currently expected to dominate the wireless technology market globally by 2025.

A New Era of 5G Wireless

News about fifth-generation technology (5G) is a fire in the digital world. 5G networks promise download speeds of 10 to 20 times faster than legacy networks. It aims to envelop the world, making it an international concern to ensure its integrity, availability, and confidentiality. It promises to deliver amazingly faster networks that will accommodate more devices than the existing telecommunication infrastructure. A forecast into potential use cases predicts that the 5G network is likely to aid in the efficient implementation of augmented systems and making the Internet of Things a reality. It foresees the network supporting millions and millions of devices, from smart kitchen equipment and phones to critical functions such as emergency communications and power plants. The fourth-generation (4G) infrastructure supports fewer devices and delivers fewer critical services. Dependence on 5G would increase the impact on societies if the infrastructure were to fail. However, some critics maintain that the risks from 5G are overhyped. So far, not so many new use cases have emerged. There’s a huge capital expense required for rollout, and approval from relevant authorities such as Information Technology, energy, and transport is needed.

The current 5G network infrastructure is not a revolutionary telecommunication transformation but an evolution or enhancement of the previous generations of telecommunication equipment. At present, 5G networks are non-stand-alone, implying that they depend on the earlier networks. Optimistically, future 5G networks are likely to be stand-alone due to revolutionary technologies, although this kind of network is not yet feasible. There is ongoing research to make stand-alone 5G networks a reality by several countries. Regardless, both stand-alone and non-stand-alone networks are characterized by their ability to accommodate more devices, minimal transmission delays, and high speeds. Achieving such characteristics requires a shift of focus from hardware to software. It relies on technologies such as virtualization and edge computing to move processing power closer to the end-user. From studies, I predict that this kind of advancement will enable this fifth generation of a telecommunications network to support even more functions globally, from smart autonomous house gadgets, self-driving cars, smart roads to smart cities.

5G Network Layers

5G comprises multiple “layers” that perform varying parallel functions across the network. Every layer has access to a given amount of data and can efficiently convey data packets within the network envelope. Additionally, every component within a layer also receives and transports data packets across the network depending on the degree of rights they have to access the other parts of the network.

Layer and examples*** Function Degree of Access to Data** Impact Radius Importance*
An end-user device such as IoT devices How the client carries out various functions using the network Varies Limited Varies
Access Layer Mostly categorized as edge as it communicates directly with the end-user device to transport packets. Low Local Medium
Transport Layer Moves information between nodes Low Local low
Switching and Routing Chiefly categorized as the core.

Determines which information is significant and where packets need to be conveyed.

Moderate Local or network-wide*** Medium
Management Pane Coordinates all other functions, often categorized as core High Network-wide High

5G networks are chiefly divided into two groups, that is, the core and the edge. The core consists of critical components or those components with significant control over the network than the edge components. Core components have much data about the network and include switching and routing functions on base stations. Because the core has functions that overlay and control the entire network, it would be a catastrophe if the network is compromised. The impact on the whole network would be extremely high. Network as the whole ceases to operate without these functions. For such reasons, 5G networks in the UK will have relatively more cores than the previous telecommunication generations, but the exact number and location depend on the operators’ purview.

Edge functions, however, are located at the periphery of the network. Although the definition of core and edge is not a precise science, this article describes edge components as those found within the network’s access layer, a definition derived from the National Computer Security Center. This part of the network is close to end-users and forms the link between the network and its clients. It contains and conveys data such as the type of information sent to and from the network by customers, the identity of who is accessing the network, etc. Failure of edge components such as radio access network (RAN) only affects a small local area of the network, which is easily identified, isolated, and rectified. Being at the periphery, the impact of an edge component’s failure has a limited impact radius, and limited access to the sensitive data helps run the network.

5G has brought with it the tremendous promise of efficiency and reliability. Although even as we race towards a connected future, we must place an equivalent focus on the security of those specific network infrastructure components, such as connections, applications, or software and devices within the network. The building or creating a network on top of a weak cybersecurity foundation is equivalent to building a luxurious mansion on sand that would be swept away with the slightest sea waves and tides. These risks, therefore, surpass just the end-user and can be considered a global concern.

Hyper-Focus on Huawei

The better part of the public debate on the cybersecurity of 5G networks relates to the implications of the continued provision of 5G infrastructure components by Huawei. Studies demonstrate low political and technical confidence in Huawei. The telecommunication company has been in the past accused of producing equipment of poor quality. According to HCSEC (Cyber Security Evaluation Centre), Huawei’s products and equipment for the 5G infrastructure have consistently demonstrated a significant number of defects. Poor quality and defects are attributed to poor processes in production. Finite State, a cyber-security firm, also discovered that Huawei software and hardware were more likely to have flaws than other competitors’ equipment. These defects pose a security threat to the entire network.

The presence of bug doors or backdoors may significantly affect the network’s infrastructure if a malicious intrusion or, even worse, allow Huawei to access customers’ confidential data. Despite all these serious allegations against Huawei, no one has ever presented concrete evidence on whether the company intentionally includes backdoors for malicious purposes or deliberately leaving backdoors in its equipment.

Also, the public discourse has considered the connection between the Chinese government and Huawei. China has a history of perpetrating hostile cyber-attacks against adversaries, including the UK and the United States. They have been several reports that there is a close relationship tie between Huawei and the Chinese government. Many people point out that they engage in malicious financial and trading practices. The legal environment in place also suggests that the Chinese government could share every access Huawei has to telecommunication networks. According to the Chinese National Intelligence and Cybersecurity Laws of 2017, it is a requirement that firms should comply with the demands from the national intelligence or military, and no information about the corporation should be disclosed. The laws do not provide for balancing measures such as having an independent judicial oversight or right of appeal that is a major feature of the Western Democratic legal regime.

As much as all the evidence, as mentioned above, is open for interpretation and public critic, the pattern is quite clear. Huawei maintains that it is a private company concerned about profit but has the utmost respect for the country’s laws in which it operates. The company also denies the claim that it’s subject to Cybersecurity Laws and National intelligence. However, the behavior and trading practice portrayed by Huawei to date leave ample room for doubt.

How 5G Expands Cyber Risks

Compared to its predecessors, 5G is more vulnerable to cyber-attacks in the following five significant ways.

  1. 5G uses a distributed software-based digital routing, unlike its predecessors, which utilizes centralized hardware-defined switching. The previous generations of networks were hub-and-spoke designs, in which all issues converged at choke points and cleaned away during cyber hygiene maintenance. However, 5G software-defined network does not provide for chokepoint inspection and control as such activities are pushed outward to a web of digital routers throughout the network.
  2. Change from physical appliances to virtualization further complicates the vulnerability of the 5G network. Software higher-level network functions are based on the well-known operating system and a well common language of the internet, making it a target for the black hats.
  3. Because the network also operates on software, protecting software vulnerabilities within the network is not an efficient means to provide security. Gaining control of the software managing networks implies that the hacker or intruder will also control the network.
  4. Additional venues of attack are created due to the expansion of bandwidth that makes 5G possible. Attackers will now aim at the small-cell antennas deployed throughout urban areas. The cells’ functionality is based on 5G’s Dynamic Spectrum Sharing capability, where various streams of information share the bandwidth in slices, and every slice has its varying degree of cyber risk. If the functions of a network are allowed by the software to shift dynamically, then there is a need to provide protection that is dynamic rather than relying on a common denominator solution.
  5. The last threat is caused by several devices that are part of the system. 5G networks can accommodate tens of billions of devices, all of which may act as attack surfaces. The range of connected devices may vary from medical things to transportation things, public safety things, and battlefield things, all of which have weak points that an individual may exploit with malicious intentions.

Fifth-generation telecommunication networks have therefore created a huge, multidimensional cyber-attack vulnerability. Because the nature of networks is redefined to form a new ecosystem of ecosystems, there arises a need for a new cyber-security strategy. Most of these vulnerabilities have been made known to manufactures and other producers, so they do in good faith what is right in an attempt to resolve the issue.

What You Should Know by Now

5G has changed every traditional assumption on network security, applications attached to the network, and security of the network’s relevant devices. Below is a list of some of the challenges experienced by Federal Communications Commission agents tasked with resolving the emerging threats?

  • Cumbersome rulemaking activity due to Industrial –era procedural laws, with less optimal non-rule making activities
  • High incentive by the bad actors in an attempt to compromise the entire process of maintaining the protection
  • Fear by major stakeholders of exposing their internally identified risk factors at the right time when a collective bargain by other stakeholders would be of great significance for the collective defense of the network

Also, the network operators who know the network infrastructure best exist as part of business structures that do not provide a conducive atmosphere for risk reduction. However, these challenges do not mean we suspend the race to harnessing the benefits of a challenge this fifth-generation network. Instead, it presents us with a challenge to solve the need for our status quo approach to 5G.

Two Elementals to Winning the Race to 5g Networks

The real race to the 5G network is whether the new infrastructure will be sufficiently secure in realizing its technological promises. As much as speedy and efficient connections may be a priority, security comes first. To ensure secure systems, there is a need to reevaluate the relationship between businesses and the government. The below suggestions may be too much of a departure from traditional practices, but so be it, as desperate times call for desperate measures. If 5G network security is treated normally, then the associated cyber-risks and threats will treat us abnormally. The new 5G reality justifies the below governmental and corporate actions.

1.  The organization must be held responsible for the new cyber duty of care.

This first key is a reward-based policy that will encourage companies to adhere to a cyber-duty of care instead of traditional penalty-driven measures. Traditionally, the duty of care was bestowed on those providing products and services to identify and prevent any cyber-harm that could result. With the new infrastructure, there is a need for a new corporate culture. The new culture must be where cyber-risks are treated as an essential corporate duty and rewarded with appropriate incentives. These incentives might be tax reduction, regulatory, or any other means to motivate societies to proactively adhere to cyber hygiene standards. Such a cyber-duty of care may include the following;

  • Implementation of artificial intelligence and machine learning protection
  • Reversing chronic underinvestment in cyber risk reduction
  • A shift from reactive measures to proactive measures that will ensure active cyber-preparedness
  • Cybersecurity starts with the 5G networks.
  • Best practices – identify, protect, detect, respond, and recover.
  • Incorporate security into the development and operations

2. An establishment of a new cyber regulatory paradigm by the government to establish new realities

The current procedural rules for government agencies were developed in an industrial environment where change and innovation developed relatively slow. With the advancement in technology, there is a need for a fast-paced approach to the rapidly evolving network infrastructure and a new approach to business-government relationships. Some of the methods to use may include;

  • Identification and recognition of marketplace shortcomings
  • More effective regulatory cyber relationships with those regulated
  • Consumer transparency
  • Enhancement of inspection and certification of connected devices
  • We need more than contracts.
  • Re-engage with international bodies

Also, there is a need for an informed third-party oversight early in the 5G industry’s design and deployment cycle to categorize cybersecurity in prioritizing what is critical and those to be given minimal attention.


As we increasingly connect life-sustaining devices to the internet, more people will be at risk, and others will probably die due to such impacts. This cold reality is because the internet’s connection to people and significant elements heavily rely on will be through vulnerable 5G networks. It is a situation that’s facilitated by a cyber cold war that is simmering below consumer awareness.