5th generation or 5G is the next generation of wireless technology that represents a complete transformation of telecommunication networks. With the combination of legacy and new technology and infrastructure, 5G is built upon utilizing existing infrastructure and technologies. The goal is to meet the increasing data and communication requirements capacity of tens of thousands of connected devices that will make up the Internet of Things (IoT) with ultra-low latency required for critical near real-time communications and faster speeds to support emerging technologies.
5G’s higher speeds, increased bandwidth, and lower latency will advance emerging and evolving technologies like autonomous vehicles, augmented reality, virtual reality and IoT at the scale. For example, augmented reality, factory automation, smart electric grids, and smart cities will require high upload and download speeds, while autonomous vehicles will require ultra-low latency to ensure near-instantaneous responses with 5G networks enabled by artificial intelligence (AI).
Like previous generations of mobile technology, 5G could have numerous impacts on people’s daily lives, irrespective of where they live — beyond simply economic. Depending on the different use cases and verticals, advantages could include increased access and availability to more advanced healthcare, education, increased efficiency in transportation and enhanced capabilities to quickly respond to issues of public safety.
Threats to 5G Technology: The 2016 Dyn Cyberattack remains the most notorious DDoS incident in history — the attack was facilitated by the compromise of thousands of vulnerable internet-connected devices such as baby monitors and, security cameras which resulted in a massive army of zombie devices identified as Mirai botnet. Large-scale attacks can come from anywhere, even from within the provider’s own networks, through a botnet comprising tens of thousands of large-scale, weaponized IoT devices or compromised cloud infrastructure such as IaaS network. 5G radio network deployments include a significant expansion of small cells connecting over untrusted networks, greater use of cloud radio access network (RAN), 5G across the unlicensed spectrum, machine-to-machine communications, and devices connecting to multiple cells. The RAN links individual devices to routers and switches that compose the “core” network, where data traffic is transported to and from other devices and the internet (or the cloud). This evolution further intensifies the impact on the security landscape with growth in the number of potential intrusion points. IoT infected with malware can produce huge signaling storms impacting outages or service degradations.
Potential Vulnerabilities to 5G Networks: 5G represents tremendous opportunities to enhance security and create a better user experience. However, it could result in vulnerabilities related to supply chains, deployment, network security and the loss of business-critical data and privacy concerns. Network equipment produced or handled by untrusted partners presents more risk of malicious or inadvertent introduction of vulnerabilities. Such as counterfeit components and the insertion of malicious software and hardware are few examples of such vulnerabilities. These compromised components could affect network performance and compromise the confidentiality, integrity and availability of network assets and core infrastructure. In addition, compromised devices may provide malicious actors with persistent access to 5G networks and the capability to intercept data that routes through the devices.
Despite the security improvements as well as new technologies, it is likely that 5G equipment and protocols will inadvertently contain vulnerabilities that could expose components and data to exploitation. Even when security updates are released, some companies may be slow to implement them for a variety of reasons example, the potential impact on operations and taking systems offline for a period. Therefore, any vulnerability inherent in 5G technologies may be exploitable even after fixes are available.
While the new types of applications will offer new revenue opportunities for the service providers, the explosion of low cost, low power and unsecured IoT/sensors using Narrowband IoT will pose expanded security risks for the provider’s network and end-users. Establishing the right security approach across 5G networks is critical and requires consideration of some new requirements and challenges.
Governance, Supply Chain and Privacy Risk: The subject of security and privacy continues to provoke a passioned response and high expectations from citizens and governments alike. At the same time, information security is a top concern among enterprises that are embarking on a digital transformation journey. It’s imperative, therefore, that IoT is secure from the start, protecting personal data, business-sensitive information, and critical infrastructure. To succeed with 5G transformation, industries need to gather competence, understand new threats and learn how to mitigate them.
The complexity of ensuring the security and reliability of 5G networks calls for a multilayered approach that includes technical measures, regulatory adjustments, a legal liability regime, diplomacy, and investments in research and cybersecurity skills training.
The governments around the globe can take steps to act to limit the adoption of 5G equipment that may contain vulnerabilities. For example, The United Statue’s Section 889 of the 2019 NDAA prohibits federal agencies from procuring certain telecommunications equipment and services. The Federal Acquisition Supply Chain Security Act provides the government with important new authorities. These authorities address risks presented by the purchase of technologies developed or supplied by entities whose manufacturing and development processes, obligations to foreign governments, and other factors raise supply chain concerns. The advanced countries such as the United States can help secure its overseas communications by working with international partners to limit the installation of untrusted equipment abroad. The United States can also promulgate and promote technical best practices for mitigating aspects of 5G risk.
The government agencies can continue to work with the private sectors to include information and communication technology partners to help mitigate vulnerabilities. The private sector industry can provide insights on where government support or intervention such as through the development of best practices, the convening of industry and government patterners, and the prohibition on untrusted equipment will help secure 5G technologies and the network.
The U.K government has published a review of the telecommunication supply chain which concludes that policy and regulation in enforcing network security need to be significantly strengthened to address security concerns. The review suggests that the government is considering introducing GDPR level penalties for carriers that fail to meet strict security standards.
The government around the world should work closely with allies, partners, and industry to jointly develop common risk-based principles of supply-chain integrity, and regulatory policies focus on transparency a global framework.
Strategy to Address Cyber Security Challenges: With the rise of botnets and DDoS attacks globally, it is important for every organization with an online presence to have DDoS protection in place to mitigate service outages risks. The DDoS attacks create massive business risks for any enterprise small or large. To effectively prepare for these attacks, organizations must have a mitigation strategy to prevent their systems from being hijacked into these massive botnet farms as well as response plans in the event that they become victims of a DDoS attack. IoT devices manufacturers must also improve the security of these devices instead of functionally vs cost over security mentality.
DDoS Mitigation services minimize the impact of distributed denial of service attacks by providing protection far above the organization’s infrastructure, at the core-infrastructure level and re-routing potential DDoS attack traffic away from the intended target. By addressing attacks quickly in this manner, businesses can reduce downtime and the added cost of bandwidth-spikes commonly associated with DDoS attacks while allowing legitimate connections to be processed as usual. The emerging cybersecurity models powered by AI and machine learning can help identify behavioral anomaly techniques, to help improve attack-traffic filtering and prevent future DDoS exploits by automated fashion and incident response if the threat gets detected early on.
Adopting preventive security approaches example application-layer visibility and control across all layers, including application, signaling and data at all locations is required to reduce the attack surface, find anomalies and malformed traffic to become much more equipped to proactivity handle the threats on the RAN and roaming interfaces. Security automation & orchestrion (SOAR) technology can play a big role in detecting & responding to the threats in the networks by utilizing cloud-based threat detection, prevention — powered by big data analytics and machine learning technique is critical to provide a swift response to known and unknown threats in the real-time. At the high level, trust in IoT will be based on the trustworthiness of the device’s hardware, software, configuration, etc. Hence, trustworthiness is cumulative and will be defined by how well network operators and those who manage IoT devices govern the:
• Identities and data
• Security and privacy
• Compliance with agreed security policies end-to-end
In Summary, 5G technology will provide tremendous opportunities to revolutionize ultrafast data upload & download speeds with low latency to unlock experiences of the future such as virtual reality (VR) autonomous cars and connected buildings in smart cities. Applications specific to industry such as healthcare organizations continue to innovate and digitize operations by transferring the large set of data from one location to another and it continues to increase over time — 5G will help hospitals and other healthcare providers meet these growing demands and help things such as quick transmission of large files in real-time, expansion of telemedicine and utilization of artificial intelligence. At the same time, Security professionals will need the technical skills and specific knowledge to implement the appropriate tool & technologies that can identify and contain threats before new vulnerabilities being exposed. A new set of issues such as security, safety, novel types of attack, as well as new privacy and cybersecurity regulations may take many industries by surprise in days to come.