Overcoming cyber threats in a 5G world
With many countries now heavily investing in 5G networks. We are increasing seeing threats emerging from these connectivity networks. As the new technology links both the physical and virtual world, 5G security risks will have societal-wide impacts. To overcome these challenges, authorities need to build security regimes that protect not only 5G infrastructure and services, but the applications and IoT devices that run across 5G rails.
Technology of the future
It is undeniable that 5G technology will be essential to transform our way of living in the modern era, from waking up to sleep. An AI system attached to a smart refrigerator will collect users' data. It will automatically monitor available grocery supplies, order, make an automatic payment, and get foods delivered directly to customers' doorsteps. 5G-connected autonomous vehicles will take passengers to their destination and pay toll automatically. The smart office system will enable people to collaborate with colleagues and machines from all over the world.
The development of 5G networks is not limited to smart home and smart offices, but also be useful for large scale industries and the development of infrastructures as parts of smart economy and smart cities. The development of 5G therefore becomes the goal of increasing the competitiveness of many economies around the world.
5G networks and cyber risks
The shadow issue of 5G network technology is the greater risks for cyberattacks. Although 5G is susceptible to many of the same cybersecurity risks found in today’s existing telecommunications and enterprise networks, it's also subject to new avenues of attack against core network services due to a more complex ecosystem of technologies and operations. The cybersecurity issue becomes even more critical, given the importance of technology on human life during the COVID-19 pandemic. In general, there are three main reasons why 5G systems are sensitive to cybersecurity risks.
- 5G connects the virtual and real worlds: 5G is based on decomposed, virtualized, and distributed network functions. This type of convergence both exposes new points of cyberattack and leads to challenges in cybersecurity management. Moreover, the connection of virtual and real worlds by 5G means If a particular network infrastructure is compromised, the consequence will not only be limited in the digital world. On the other hand, attackers can target connected physical devices such as sensors and cameras and enable them to be taken over and used for distributed denial-of-service (DDoS) attacks.
- 5G is linked through an Application Programming Interface (APIs): 5G leverages APIs to enable communications between service functions. Insecure APIs can expose core services to attack and place the entire 5G network at risk. The example of SolarWinds, NotPetya and CCleaner shows that an attack on a single API could jeopardise the entire infrastructure.
- 5G is linked with enterprise, industrial and IoT services: As 5G expands to include advanced enterprise, industrial, and IoT use cases, breaches can put critical infrastructure services at greater risk. The more complex 5G networks make it a bigger target for hackers. Therefore, the impact of 5G cyber risks will not be limited to networks providers and users but much larger systems.
5G cyber security policy going forward
To make the most of this technology, policy makers should work with the private sector to implement effective 5G prevention and control measures.
First, to build a safe and secure 5G networks, governments have to adopt zero-trust frameworks. A cybersecurity system using this framework has four characteristics: i) limiting access to all interactions ii) regulating all interactions iii) partitioning assets through small segments, and iv) regularly monitoring security systems. The end-to-end protecting and monitoring mechanisms of the zero-trust framework will ensure that every activity on the 5G network is secure.
Second, the authorities have to verify the security of the supply chain. Recent examples of major cyberattacks, including Solarware attack, show that supply chains are the primary target of hackers. Therefore, leveraging trustworthy components and vendors is the foundation for 5G cybersecurity. Regulators need to continuously monitor how 5G vendors secure their corporate environments from being attacked. The government has to look at the way 5G vendors protect their entire supply chains: from development to delivery to implementation.
Lastly, cybersecurity policy must focus on preventive security controls and periodically monitor and respond to actions. In this regard, machine learning capabilities and AI are going to be essential tools that help regulators monitor the security system and prevent potential cyberattacks. Moreover, regulators should also focus on monitoring physical devices that are connected to 5G networks. To monitor these devices, regulators should consider adopting a Manufacturer Usage Descriptions (M-U-D) policy. Under this framework, manufacturers need to embed certificates to identify the class and model of all IoT devices.
A secured 5G network will not only benefit vendors and service providers, but also build consumer confidence. Therefore, being a 5G leader is not limited to the ability to implement nation-wide network capabilities, but also the effectiveness of its cybersecurity ecosystem.
To read more from #DiversifyingTelecoms Campaign Week check out our landing page here.
Latest News from
techUK sets out recommendations to help guide CISOs as organisations continue their digital transformation02/12/2021 16:25:00
techUK launches the second report in its Cyber People Series.
Regional leadership is key to a successful Digital Strategy02/12/2021 11:25:00
Guest blog by Helen Milner OBE, Group CEO, Good Things Foundation.
techUK joins Global Industry Statement in support of the moratorium on customs duties01/12/2021 11:25:00
techUK joins a Global Industry Statement in support of the moratorium on customs duties on electronic transmissions.
techUK, UKIBC and NASSCOM develop joint position paper to drive growth in digital trade29/11/2021 16:25:00
UKIBC, NASSCOM, and techUK have come together to develop a joint position paper on a policy agenda for both governments to consider in relation to cross-border data transfers between the UK and India.
Defence Secretary’s HoC Statement on Army Restructuring29/11/2021 13:33:00
HoC Oral Statement: Army Restructuring: Future Soldier (26 November 2021).
NCSC & KMPG UK launch results of second cyber Diversity and Inclusion Survey29/11/2021 11:25:00
Key findings from the 2021 help identify where progress has been made in the sector and where there’s more work to be done.
PSTI Bill reforms the Electronic Communications Code for telecoms infrastructure deployment26/11/2021 16:25:00
Reforms to the Electronic Communications Code are set to become law as DCMS introduces the Product Security and Telecommunications Infrastructure (PSTI) Bill, which government suggests will further accelerate the rollout of mobile and fixed infrastructure.
Ministry of Defence publishes modern slavery statement26/11/2021 14:38:00
The Ministry of Defence (MOD) is committed to playing its part in the eradication of modern slavery.
Edge computing will be a fundamental part of cloud adoption in 202226/11/2021 11:25:00
As a form of distributed computing that brings processing closer to the source of data, edge computing enables businesses to understand and unlock the value of data assets in real time to make key business decisions.