Cyber risks for the emerging 5G era
Faster speeds and increased networks mean more access points for malicious actors.
With 5G being the fifth generation of wireless technology, we are now at the cusp of another digital revolution and the stakes couldn’t be higher. While 5G promises to transform communications, spur innovation and accelerate economic growth, it can pose a significant cyber risk, not only to individuals and businesses but also to nations. Let’s explore some potentially major cyber risks.
Larger attack surface
5G significantly differs from its predecessors (2G, 3G, 4G) in the sense that it’s built on virtualization technologies like network slicing, which creates virtual networks on top of a shared physical infrastructure. Such virtual networks and software-defined network partitions create more entry points for malicious actors. For example, attackers can compromise a network slice to monopolize computing resources such as crypto mining, or they can cause insufficient resources for critical services running on other virtual partitions and disrupt the availability of services.
Further, many latency-sensitive 5G applications, such as autonomous vehicles, video surveillance, and the internet of things (IoT), use multi-access edge computing. This means that instead of being consolidated in the cloud, data is stored, processed and analyzed at the network edge, closer to the endpoints.
While this enables real-time analytics and decision-making, it also expands the attack surface since critical data is distributed across an array of systems that can be compromised. Additionally, the sheer velocity of 5G networks combined with complex infrastructure, more routing points and heavy reliance on software creates an even more open network that is vulnerable to dangerous attacks.
Wide-scale disruption
Remember the time when we felt irritated or helpless if our Bluetooth didn’t connect with our car stereo or our ISP had a sudden outage, or our online deliveries got delayed? Now imagine if a cyberattack locks people out of cars, takes control of their vehicles and causes the braking system to fail.
Autonomous drones used in surveillance, deliveries, defense and agriculture are hijacked, manipulated remotely and knocked out of the sky. Distributed denial of service attacks (DDoS), whereby servers are overloaded by an abundance of incoming service requests, knocking them inoperable, can be targeted at such things as crop sensors, waste management systems and smart water meters, causing disruption. Factories are forced to shut down, power grids are taken offline and societies are brought to a screeching halt.
5G has already enabled latency-sensitive, mission-critical industrial control systems that run smart grids, smart cities and smart factories. Transportation systems like self-driving cars, semi-autonomous trucks, driverless trains and automatic pilot avionics are already being deployed and tested in the real world. Whilst connectivity and autonomy are extremely attractive to consumers and businesses, it’s equally attractive to those vying for control and chaos.
Hybrid threat landscape
As 5G technologies mature, cyber and physical domains will merge, giving rise to a hybrid threat landscape. In other words, cyberattacks that happen in cyberspace will have major ramifications in the physical space.
For example, in the case of connected or autonomous cars, the risk transfers from the end-users driving ability to a plethora of applications running proprietary software. In the case of robotic surgery, the sudden disruption in 5G connectivity or a cyberattack can lead to loss of life. If cargo ships carrying an entire continent’s supply chain are suddenly diverted or their GPS is manipulated, it can cause a major disruption in the food supply (remember the Suez Canal disaster?).
Preparing for the 5G revolution
Security is always a shared responsibility between governments, businesses and consumers.
While governments around the world formulate standards, frameworks and regulations around the security of 5G infrastructure, businesses must prioritize 5G security over their 5G rollout plans and their organizational processes must adapt accordingly.
For starters, businesses must conduct risk assessments to identify 5G usage, determine risk factors across the organization and update their business continuity plans. They must review contractual agreements and establish service level agreements with the 5G operators they’re using, as well as evaluate their vendor security standards and development processes across the entire supply chain.
Organizations that store and process data on the edge must ensure their security controls follow. Perhaps they should consider adopting the secure access service edge model. Remember that security isn’t something that can be offloaded onto somebody else. There’s a requirement for businesses to raise security standards before threats become incidents.
Lastly, businesses mustn’t view security as a 5G deterrent but as a source of competitive advantage. Organizations that embrace security ahead of 5G will be better equipped to handle cyber risks, win trust from customers, earn a reputation in their industry, and position themselves as leaders and innovators in the 5G era.
Steve Durbin is chief executive of the Information Security Forum, an independent, not-for-profit association dedicated to investigating, clarifying, and resolving key issues in information security and risk management by developing best practice methodologies, processes, and solutions that meet the business needs of its members. ISF membership comprises the Fortune 500 and Forbes 2000. Find out more at www.securityforum.org.
Related: