5G is on the cusp of widespread adoption, set to bring about large-scale shifts such as an exponential increase in the number of devices connected to the network and the availability of massive bandwidth and ultra-low latency. Moreo­ver, the technology underlying 5G marks a fundamental reconceptualisation of the network architecture from the previous fo­ur generations of mobile technology, whi­ch were founded on physical architecture. Al­though 5G incorporates new hardware, it is essentially a virtual network.

These shifts, however, have brought intense scrutiny on the cybersecurity as­pe­ct of 5G. Technological advancements and new architectures and features such as network slicing, virtualisation and cloud will introduce new threats requiring new types of controls to be implemented.

A look at the built-in security in 5G, potential threats, possible measures and the way forward…

Built-in security in 5G

5G is designed to be inherently secure. It comes with many built-in security controls developed to address the threats faced in previous generations and increase the protection of mobile networks and individual consumers. 5G’s resilience to cyberattacks is based on the isolation of certain network functions. Among these functions, communication security protects against eaves­dropping and modification attacks through encryption of all data traffic moving from the device to the cell tower. Identification and mutual authentication on both ends of the communication, that is, subscribers and internet of things (IoT) devices, ensures on­ly legitimate users are granted access. Mo­­re­over, security assurance is based on using network equipment that meets security standards and is properly implemented. Furthermore, 3GPP’s 5G system standards provide security mechanisms based on well-proven 4G security mechanisms, with additional enhancements such as encryption, authentication and user privacy.

Cybersecurity risks of 5G

Despite the built-in security features of 5G, there are several concerns that must be addressed.

Vulnerabilities in IoT systems

IoT systems are gaining traction, driven by an increase in consumer electronics, network appliances, and industrial IoT de­vices. 5G technology is expected to en­han­ce various IoT use cases and accelerate the proliferation of IoT devices. How­ever, individuals and organisations may not be prepared to fully defend this phenomenon in the short term. IoT devices are inherently insecure and notoriously vulnerable due to misconfigurations, in­ade­quate se­cu­rity or patching. The risk of more so­phisticated botnets, privacy violations and quicker data extraction can further es­calate with 5G. Threat actors can also spread malware through IoT networ­ks, disrupt supply chains in development, and use a fleet of routers as an IoT botnet to launch a distributed denial-of-service (DDoS) attack.

Compromise in network slice

Network slicing has been hailed as a lucrative aspect of 5G. Network slicing splits the physical infrastructure into multiple virtual networks so enterprises can use ea­ch slice or portion of the network based on the specific needs of a use case or customer. However, each network slice will have unique security requirements commensurate with the use case it is allocated to and will need its own device authentication for user validation. Moreover, network slicing can initially add complexity and result in insecure implementation.

The absence of secure implementation guides or standards for network operators may lead to unauthorised access to threat actors and data breaches. Similar to IoT, the scaling factor in network slicing introduces billions of new attack vectors. Also, a successful attack from a central 5G network management point can infiltrate several slices and network domains simultaneously.

NFV, SDN and microservices

Network functions virtualisation (NFV) is a virtualised network infrastructure in which network functions, including firewalls, routing and software-defined wide area network (SD-WAN), can be installed as software through abstraction. 5G virtualisation involves the whole connection being based on software, which is inherently risky. Complementary to NFV, software-defined networking (SDN) is useful for microservices developing and deploying 5G. However, SDN also poses threats to the network such as traffic spoofing and forwarding device attacks. Further, application programming interface (API) security can be a critical concern, as APIs linking microservices across multiple virtualised systems are exposed to vulnerabilities. This may lead to NFV data breaches, resource exhaustion and DDoS attacks.

Threats at network edge

Edge computing goes hand in hand with 5G and will drive the expansion of IoT de­vices. Mobile edge computing offers distri­buted support for low latency, capacity for rapid delivery of massive amounts of da­ta, and scalable cloud-native architectures to enable mission-critical applications. Most edge applications are machine-to-machine or IoT variations with insufficient security capabilities. Edge computing decreases the vulnerable attack surface of these applications by terminating local connections to th­e­se devices and adding encryption bet­ween the edge and the cloud or the data centre. Other edge security objectives in­clu­de secure access to devices, safe application use, threat detection, vulnerability ma­­­­na­­gement, and patching cycles. How­ever, more nodes in edge computing will re­quire more monitoring and maintena­nce, and will introduce more attack vecto­rs. Edge computing also brings cloud into the equation, creating several security ri­sks such as ransomware and sniffing at­tacks. Further, since data and credentials are stor­ed and transmitted closer to the user, they can be more accessible to hackers.

Formulating security strategies

Fortunately, cybersecurity challenges in 5G networks can be overcome to provide a solid foundation for innovations and realise the full potential of the technology. A coordinated approach will be needed among all participants in the 5G ecosystem – including mobile operators, network vendors, system integrators and end businesses – to identify, profile and assess the health of every component before permitting it to connect to the network, and, if necessary, limit access to the 5G service. This can be achieved by formulating a strategy based on the following elements:

Zero-trust approach

Many security leaders are advocating zero trust as an effective approach, suggesting that devices should only be allowed access to the network or resources based on their needs and after a thorough assessment of their security health. Moreover, all software provisioning – from the core to the devices, and from devices to the cloud – must be treated with a degree of sceptici­sm, with the verification of resource hubs and checking of code bases for malware before deployment. APIs should be seg­me­nted and access should be controlled based on the risk level.

Universal encryption

Telecom operators and other participants of the 5G ecosystem must apply strong en­cryption methods to secure traffic between services and endpoints and minimise the risk of data theft or corruption. This in­volves leveraging flexible methodologies that enable the progressive streng­thening of encryption over time as standards and risks evolve. Centralised key management processes can help prevent or mitigate “man-in-the-middle” attacks, wherein an attacker intervenes in communication between two parties.

AI and ML

Machine learning (ML) and artificial intelligence (AI) have a major role in identifying and mitigating the ever-evolving risks. These technologies facilitate the delivery of accurate and timely intelligence to manage security measures across hyperdense machine-type communication and ultra-low latency applications. The technologies also power anomaly detection techniques, which can mitigate unknown threats with the identification of abnormalities and draw the attention of security professionals to suspects at an early stage. Moreover, the transition to zero trust requires efficient computations powered by integrity monitoring, traffic analysis and threat detection models, enabled by AI and ML.

Industry viewpoint

According to a survey by AT&T Cyber­security, 72.5 per cent of enterprises rated their level of concern as high or medium high regarding the potential impact of 5G on security, while 76 per cent of the respondents expect completely new security threats to emerge out of 5G. Further, the study found that most respondents believed they need to update their security posture in response to 5G, with 22 per cent expecting to rethink their security policies altogether and another 53 per cent expressing that some adjustments would be needed. Only 25 per cent believed their current security policies to be effective un­der 5G. Also, nearly all respondents expe­ct to make 5G-related security changes within the next few years.

Future outlook

The advent of 5G undoubtedly represents the beginning of a new era in cybersecurity. Given the multifaceted nature of 5G and security, it is critical for cybersecurity strategies to meet end-to-end security de­mands across enterprise networks. Accor­ding to experts, service providers can supplement enterprise security with the features fully implemented in 5G. A model of shared responsibility for 5G security, similar to that of the public cloud, is likely to emerge. Such a model will enable enterprises to shift functions to operators and thereby improve enterprise security. Ulti­ma­tely, the promising future of 5G will be unlocked with an agile, end-to-end cybersecurity approach.