December 17, 2019
By Dan Brown, Security Consultant
Hailed as the fourth industrial revolution, the increasing trend towards automation and data exchange in manufacturing, cyber-physical systems and the Internet of things (IoT) has created a significant demand for ubiquitous, fast, low latency connectivity.
The performance and low latency promised by 5G mobile networks will propel the growth of connectivity for governments, enterprises and individuals alike. IoT devices will continue to grow exponentially, not only in numbers but also in where they are deployed and the wide range of use cases they will support. This new capability will be of tremendous benefit as we rely more on digitising every aspect of our lives and business. However, this capability also poses an increased risk to the networks that power our essential services, lifestyles, economy, even our national security.
In the 20 years since mobile devices have become an essential everyday item, the cybersecurity landscape has drastically changed. For network operators new and more complex issues arise every day, as legacy technologies get harder to support, with backwards compatibility to technologies like GPRS-2G constraining how newer technologies are implemented.
Despite the uncertainties of introducing new technologies, service providers and network operators (SPNO’s) have traditionally been able to inspect and control network traffic from control points in their networks. 5G networks however will no longer be hardware-based, centralised designs but rather massively distributed, software-defined networks, meaning no common control points for traffic to pass through. This means that SPNO’s will implement security in all aspects of their 5G systems to gain the same visibility as a control point provides.
Another significant change is how the network infrastructure is managed. Traditional networks rely on relatively isolated pieces of hardware for network function, whereas 5G will depend on software distributed throughout public and private cloud(s). A distributed, software-defined network that supports mobile devices will increase the attack surface of networks, potentially allowing attackers more entry points.
With these significant changes, software-defined networks provide benefits to network operators when compared to hardware-based approaches. Hardware savings reduced operating costs, simpler network management and more granular security controls do come associated with risks common to all software; the software itself can be vulnerable.
Even with the utmost vigilance and unlimited time and resources, there will be vulnerabilities in software. This risk becomes pertinent when considering that organisations such as Chinese multi-nationals Huawei and ZTE have developed 5G software-based solutions causing some governments and operators to revaluate where such vendors are deployed, particularly critical infrastructure. If an attacker gains controls of the software that controls the network, they control the traffic and everything that connects to it. Even the ability to increase latency in a mission critical network could result in significant operational issues.
The shared infrastructure that enables the benefits of 5G will also become a target for attackers. 5G infrastructure will utilise dynamic resource allocation to slice the network into different virtual networks based on quality requirements and associated risk. This means that traffic for consumer mobile Internet will share the same hardware as mission-critical automotive, medical and industrial traffic. When software allocated resources shift dynamically between slices, providers could rely on the lowest common denominator for security, rather than implementing dynamically managed security controls. Implementing a lowest common denominator approach would allow a vulnerability to have a significant impact regardless of network slice.
Despite the potential risks, 5G networks could provide network operators with far more security capability than ever before. The only way to do this is to provide a strong foundation to build secure 5G systems. 5G systems should be founded on strong authentication and authorisation to create a trustworthy platform on which large scale, secure networks can be made.
It may seem like all the risk is articulated toward SPNO’s, but 5G and the new technology developments it will support could well change the landscape of cybersecurity forever. Botnets pose the most significant risk to the Internet today. A botnet refers to a group of infected devices that have their computing power leveraged by a malicious actor to perform substantial cyber-attacks.
Botnets have already changed the threat landscape in recent years. 78% of current malware activity is from botnets. The massive expansion of billions of IoT devices that 5G is expected to support will make botnets more powerful and potentially numerous than ever before, ushering in a new era for cybersecurity.
The very nature of 5G networks and the devices they will support will change the threat landscape. Countries, cities and businesses looking to implement 5G are currently unable to adequately assess the threats posed by 5G, much less address them. Making the consumer responsible is not an option due to the complexity involved. A host of technology companies are scrambling to publish propriety secure 5G systems at the same time cities are moving with urgency to be the first in their region to be a 5G testbed. The current disparity is not one of building a strong foundation for security, but rather implementing the technology as a me-too, regardless of the growing cyber gap.