Many countries are investing heavily in their 5G network, especially in Asia. However, increasing connectivity through 5G networks also comes with heightened cybersecurity threats. As the new technology links both the physical and virtual world, 5G security risks will have societal-wide impacts. To overcome these challenges, authorities need to build security regimes that protect not only 5G infrastructure and services, but the applications and IoT devices that run across 5G rails.
Technology of the future
It is undeniable that 5G technology will be essential to transform our way of living in the modern era, from waking up to sleep. An AI system attached to a smart refrigerator will collect users’ data. It will automatically monitor available grocery supplies, order, make an automatic payment, and get foods delivered directly to customers’ doorsteps. 5G-connected autonomous vehicles will take passengers to their destination and pay toll automatically. The smart office system will enable people to collaborate with colleagues and machines from all over the world.
The development of 5G networks is not limited to smart home and smart offices, but also be useful for large scale industries and the development of infrastructures as parts of smart economy and smart cities. The development of 5G therefore becomes the goal of increasing the competitiveness of many economies around the world.
5G networks and cyber risks
The shadow issue of 5G network technology is the greater risks for cyberattacks. Although 5G is susceptible to many of the same cybersecurity risks found in today’s existing telecommunications and enterprise networks, it’s also subject to new avenues of attack against core network services due to a more complex ecosystem of technologies and operations. The cybersecurity issue becomes even more critical, given the importance of technology on human life during the COVID-19 pandemic. In general, there are three main reasons why 5G systems are sensitive to cybersecurity risks
5G connects the virtual and real worlds: 5G is based on decomposed, virtualized, and distributed network functions. This type of convergence both exposes new points of cyberattack and leads to challenges in cybersecurity management. Moreover, the connection of virtual and real worlds by 5G means If a particular network infrastructure is compromised, the consequence will not only be limited in the digital world. On the other hand, attackers can target connected physical devices such as sensors and cameras and enable them to be taken over and used for distributed denial-of-service (DDoS) attacks.
5G is linked through an Application Programming Interface (APIs): 5G leverages APIs to enable communications between service functions. Insecure APIs can expose core services to attack and place the entire 5G network at risk. The example of SolarWinds, NotPetya and CCleaner shows that an attack on a single API could jeopardise the entire infrastructure.
5G is linked with enterprise, industrial and IoT services: As 5G expands to include advanced enterprise, industrial, and IoT use cases, breaches can put critical infrastructure services at greater risk. The more complex 5G networks make it a bigger target for hackers. Therefore, the impact of 5G cyber risks will not be limited to networks providers and users but much larger systems.
5G cybersecurity policy going forward
To make the most of this technology, policy makers should work with the private sector to implement effective 5G prevention and control measures.
First, to build a safe and secure 5G networks, governments have to adopt zero-trust frameworks. A cybersecurity system using this framework has four characteristics: i) limiting access to all interactions ii) regulating all interactions iii) partitioning assets through small segments, and iv) regularly monitoring security systems. The end-to-end protecting and monitoring mechanisms of the zero-trust framework will ensure that every activity on the 5G network is secure.
Second, the authorities have to verify the security of the supply chain. Recent examples of major cyberattacks, including Solarware attack, show that supply chains are the primary target of hackers. Therefore, leveraging trustworthy components and vendors is the foundation for 5G cybersecurity. Regulators need to continuously monitor how 5G vendors secure their corporate environments from being attacked. The government has to look at the way 5G vendors protect their entire supply chains: from development to delivery to implementation.
Lastly, cybersecurity policy must focus on preventive security controls and periodically monitor and respond to actions. In this regard, machine learning capabilities and AI are going to be essential tools that help regulators monitor the security system and prevent potential cyberattacks. Moreover, regulators should also focus on monitoring physical devices that are connected to 5G networks. To monitor these devices, regulators should consider adopting a Manufacturer Usage Descriptions (M-U-D) policy. Under this framework, manufacturers need to embed certificates to identify the class and model of all IoT devices.
A secured 5G network will not only benefit vendors and service providers, but also build consumer confidence. Therefore, being a 5G leader is not limited to the ability to implement nation-wide network capabilities, but also the effectiveness of its cybersecurity ecosystem.