5G refers to the 5th generation of mobile phone wireless network capability. It has captured attention and excitement because of its ability to connect people, objects, and devices more frequently and seamlessly than ever, along with its higher network speeds, extremely low latency, and more reliable network performance.
It is relatively early in its evolution, but forecasts predict there will be more than 3.5 billion 5G connections worldwide by 2025. Governments and businesses anticipate many changes to how we live and do business. With this new iteration of mobile technology, 5G is expected to be in use for at least another couple of decades until 6G technology is developed.
As a result, it’s important to consider the impact and new challenges that 5G will bring and have on cybersecurity. Adopting new technology without cybersecurity considerations can significantly impact the safety and security of governments, the public, and businesses at all levels. Each must share responsibility for 5G cybersecurity awareness, taking steps to remediate vulnerabilities, and mitigating problems associated with 5G technology.
The 5G Network vs. Previous Generations
To fully explore what 5G means for cybersecurity, it’s helpful to take a closer look at past mobile technology and why the leap from 4G to 5G is unlike the difference between other cell phone network generations.
- First Generation (1G) - From the 1980s, the network retrospectively dubbed 1G offered users analog voice technology, working over a geographical area with low-power radio transmitters.
- Second Generation (2G) - In the early 1990s, the second generation introduced digital capability and SMS and MMS services. Phone conversations were encrypted between the phone and the cellular base station, if not throughout the network. Digital technology allowed cell phones to use radio frequencies more efficiently because more users could utilize each frequency band. General Packet Radio Service (GPRS) offered speeds of up to 5 kB/s, whereas adding Enhanced Data Rates for GSM Evolution (EDGE) improved speeds up to a theoretical maximum of 48 kB/s.
- Third Generation (3G) - Mid-2001 saw the introduction of mobile data, allowing video calls, mobile TV, and fixed wireless Internet access. The average connection speed was 3 Mbps, 30 times faster than the average speed of 2G, while top speeds were in the region of 7 Mbps. iPhone and Android technology were also pivotal in increasing the popularity of mobile communication, with the introduction of the smartphone and the use of the term mobile broadband for this wireless technology. 3G saw security improvements over previous generations because user equipment could authenticate a network before connecting. This generation of networks used an updated KASUMI block cipher to improve network infrastructure security.
- Fourth Generation (4G) - In the 2010s, consumers began accessing the 4G broadband cellular network. Meeting specifications from the International Telecom Union (ITU), 4G allowed users to access IP telephony, video conferencing, and gaming services. Maximum speeds were 150 Mbit/s for downloads and 5 Mbit/s for uploading, vastly improving user experiences. ITU included Long Term Evolution (LTE) in its 4G definition from 2010, enhancing typical speeds via core network improvements and using a different radio interface.
Learn how to choose the best attack surface management product for the tech industry >
Fifth Generation (5G)
5G represents enhanced mobile broadband, enabling more connectivity, including the Internet of Things (IoT) and other potential services and deployments. Such services may include digitized logistics, remote surgery (with latency as low as one millisecond), and more accurate agricultural processes using drones.
The 5th generation of mobile network technology is also intended to be more reliable for users with negligible latency (up to ten times less than 4G, typically around four milliseconds), offering a better experience for individual consumers and businesses with download speeds up to 10 gigabits per second, which is around 100 times faster than 4G.
The transition from 4G to 5G continues to be helped by the 3rd Generation Partnership Project (3GPP). Formed in 1998, the 3GPP is a global initiative uniting seven telecommunications standard development organizations. Together, they aim to maximize compatibility between 5G and legacy infrastructure and equipment to smooth the transition to 5G and future networks, ensuring a continuous, robust, widely-available, end-to-end ecosystem that is backward- and forward-compatible.
As an overhaul of traditional architecture, 5G can support services and emerging technologies that would have been impossible with previous generations. This means that 5G will have a massive impact on critical infrastructure. Compared with previous generations of cellular infrastructure, 5G is not only a faster network. It vastly differs in terms of functionality, capability, accessibility, scope, and potential.
Learn the features of an ideal risk remediation tool for the tech sector >
5G Cybersecurity Challenges
With 5G technology, it poses new cybersecurity challenges and security risks that need to be addressed before its widespread adoption. Because 5G implementation is essentially an entire overhaul of long-standing networks and older tech, the factors that make it an exciting and empowering technology also make it a concern for everyone, not just cybersecurity professionals.
Additionally, because 5G will be the first all-software network, developers will have no choice but to utilize the network and create apps on 5G. The implications of a potential network hack are huge, as software-based digital routing and network management create all-new vulnerabilities to secure.
The following are a few examples of the areas that are increasingly connected and thus at increased risk from 5G bandwidth and connectivity:
- Aviation
- Drones
- IoT
- Voting machines
The primary challenges of 5G cybersecurity could be categorized as follows:
- New technology
- Software vulnerability
- IoT and Connectivity
- Lack of in-built security
- Data protection issues
- DDoS potential
- Bandwidth
- Widespread availability
New Technology
Since 5G is at the early stage of its development, much remains unknown about its implementation. While organizations like the 3GPP and cybersecurity professionals worldwide are helping to make 5G safe, secure, reliable, and accessible, it’s still part of a rapidly changing technological landscape with plenty of unknown risks.
More awareness, investment, and government policies are required to identify and address the potential issues of 5G infrastructure, whose responsibility must be shared between governments and 5G businesses.
With cutting-edge cybersecurity techniques, however, including the use of artificial intelligence (AI), machine learning, real-time management, detection, and response services, comprehensive cybersecurity solutions can help steer 5G implementation and keep organizations as safe as possible from known and unknown threats.
Software Vulnerability
The security required for someone streaming a movie differs from the needs of someone controlling a home or traffic system. One way to solve the issue of needing more control over network speed and security is network slicing.
In this kind of network architecture, virtual and independent networks are maintained on the same physical network infrastructure, allowing each one to fulfill the various needs of an application on request.
5G network slicing is one of the major reasons 5G is so far removed from 4G and why 5G cybersecurity is so different from previous iterations. 5G uses software-defined networking (SDN) and network function virtualization (NFV). It offers various services, allowing network slices to be implemented and scaled dynamically on top of an existing network infrastructure.
How 5G technology impacts cybersecurity is significant because 5G is largely software-based. SDN functions replace hardware and upgrades to the network will, for the most part, be software updates. Unfortunately, this means 5G will face new vulnerabilities that many other software solutions face.
Furthermore, whereas 4G hardware networks featured a hub-and-spoke design, 5G networks support a transition to edge computing, where resources go wherever the infrastructure is and not to a central location.
A hub-and-spoke system has chokepoints where network architects can implement security. However, 5G exists on a web of digital router connections. Its distributed network deliberately eradicates bottlenecks, meaning far more traffic routing points and an additional requirement for end-to-end security.
IoT and Connectivity
While 4G provides access to the internet, 5G powers increasingly complex infrastructures. We are looking at a future of smart cities, for example, connecting IoT devices, smart homes, smart cars, and even traffic systems.
Billions of IoT devices exist worldwide, and while the possibilities are exciting, every connected device also increases the attack surface. Currently, the IoT ecosystem needs more organization and regulation. While internet service providers and manufacturers have a duty of care to consumers, it is unclear who has responsibility for IoT security.
Lack of Built-In Security
Many IoT devices lack any kind of built-in security. While authentication is sometimes required, often default passwords for these devices aren’t changed for the device to function. Furthermore, it’s possible for manufacturers to ship IoT devices containing malware unwittingly.
While IoT devices often have firewalls, they tend to lack the computational power for efficient security. Combined with poor access control and technical and financial limitations, this makes for a significant area of concern.
Without effective, in-built security, hackers can take control of IoT devices more easily, which means they could compromise connected cameras, modify the behavior of manufacturing bots, or hold smart homes to ransom via cyber attacks. Moreover, hackers could gain unauthorized access to 5G networks via unpatched vulnerabilities in IoT devices.
Data Protection Issues
98% of IoT traffic is unencrypted, revealing personal information and sensitive data. Not only do technical issues give cybercriminals easy access to 5G networks, but it’s also essential to consider the increased threat from nation-states. Bad actors can potentially use access to a 5G network to compromise the network itself and its connected devices, posing a risk to national security.
Distributed Denial-of-Service (DDoS) Potential
The uptick of IoT devices also increases the potential frequency and impact of distributed denial-of-service (DDoS) attacks. In 2016, for example, cybercriminals launched three DDoS attacks against Domain Name System (DNS) provider Dyn severely disrupting many major internet platforms and services for hours, including Amazon, CNN, The New York Times, The Wall Street Journal, and Twitter.
The attack was accomplished via DNS lookup requests from tens of millions of IP addresses from malware-infected internet-connected devices, including printers, cameras, and baby monitors.
Network operators, therefore, must also take consistent security measures to protect 5G infrastructure, including critical infrastructure such as energy, healthcare, and transport, which are increasingly connected.
Bandwidth
More bandwidth allows higher data transfer rates and shorter download times. From a cybersecurity perspective, more bandwidth in 5G networks also means potentially more attack pathways and faster attacks. Because 5G networks have a far expanded bandwidth compared to previous generations, it allows criminals to employ cheaper, lower-power tools that can reach far more people at a much faster rate.
Widespread Availability
With a record amount of users expected to join 5G networks compared to 4G numbers and a growing reliance on network connections, the attack surface will also grow significantly as a result, which creates more entry points for potential attackers. Many cybersecurity issues associated with 5G will result from poor development processes in the early stages.
Variation in Security
When considering the security of 5G infrastructure, a network can only be as strong as its weakest link. With so many predicted users and connected devices, performing regular third-party risk assessments and continuous monitoring of the digital supply chain will be more important than ever.
Unknown Threats and Vulnerabilities
It’s impossible to predict every vulnerability or issue before an individual, organization, or hacker encounters it. The 5G digital ecosystem will be vulnerable because the cyber risk is not static but part of an evolving cyber threat landscape.
How 5G Benefits Cybersecurity
Despite serious concerns regarding 5G and cybersecurity, several benefits are also evident. 5G cybersecurity offers improvements in speed, reliability, and security due to the greater bandwidth and the increase in connection points.
Improved Encryption
5G cybersecurity offerings will include international mobile subscriber identity (IMSI) encryption, known in 5G networking as the Subscription Permanent Identifier (SUPI).
While there are issues about how this can be used to track users and the potential for sensitive information to be captured with an IMSI-catcher, these problems are mitigated with the use of a Subscription Concealed Identifier (SUCI), protecting 5G users and the network. However, to implement improved encryption also requires strong knowledge of the practice and proper configuration and management to be effective.
Enhanced Threat Detection
The vast speed improvements of 5G over 4G will make it a powerful ally for Chief Information Security Officers (CISOs). It will make it quicker for organizations and cybersecurity professionals to identify threats and improve the speed with which data essential to cybersecurity is analyzed, downloaded, and transmitted.
Enhanced Cyber Audits
With more connected devices and the means to reach them, cybersecurity professionals will be able to perform more in-depth and broader audits, allowing them to mitigate vulnerabilities more quickly and across more devices and locations. Moreover, 5G will support using artificial intelligence and blockchain solutions integral to innovative cybersecurity techniques.
Solutions to Enhance 5G Network Security
In order to make 5G networks more secure and consumer-trustworthy, here are some ways businesses can try to enhance their network security:
Regular Risk Assessments
Periodic risk assessments have always been important, but perhaps never so critical as when facing new technology associated with 5G. Repeated risk assessments and analysis of 5G use cases will help stakeholders reduce or eliminate cybersecurity risks from non-trustworthy devices that a cybercriminal could exploit.
These risk assessments need to look not only at next-generation technology but also AT legacy networks whose connected components could increase cyber threats.
Built-In Security for IoT Devices
The simultaneous connections of IoT devices increase attack surfaces dramatically. One solution to handling the increased risk is to ensure stronger security at the design stage of IoT devices.
To achieve more and better built-in security, a specific regulatory body for IoT devices could help standardize the industry and protect consumers and infrastructure, including critical infrastructure.
New regulations may be most effective where the focus is on raising awareness and offering advice, support, and cooperation to businesses, especially low-end IoT brands, rather than over-reliance on issuing penalties for non-compliance.
An incentive to comply with new IoT cybersecurity standards might be advantageous recognition that a firm complies with a cybersecurity standard, similar to the nutritional color-coding system that helps consumers make healthy choices about what they eat. Another possible incentive could be included in a logistics support scheme for qualifying companies.
The Stand-Alone 5G Cellular Network
Ultimately, 5G infrastructure will be maintained the way other digital systems are maintained, with digital updates, patches, and upgrades. Currently, however, 5G exists in conjunction with 4G physical network infrastructure.
One of the issues with IoT devices is that they currently connect to 5G using existing 4G network infrastructure. Security transmissions between devices and nodes are sent in plaintext, making them vulnerable to being exploited by hackers. This issue will eventually be mitigated, if not fully remediated, by the time the wide use of a dedicated 5G stand-alone Radio Access Network (RAN) is deployed.
Improved Network Security and Data Transfer
While many security solutions focus on fixing identified weaknesses and vulnerabilities, fuzz testing is geared toward locating unknown issues across network layers. This is crucial in vulnerability management and will be critical to enhance the security of 5G networks and connected devices.
Dedicated endpoint security solutions can detect, identify, and monitor 5G security threats. Organizations may use technologies to allow remote responses to issues discovered by the system.
A zero-trust framework makes verification and authorization obligatory, benefiting network security on vast, ultra-fast networks. It eliminates implicit trust in favor of verifying and validating every stage of every digital interaction, reducing the threat surface.
One of the benefits of a zero-trust framework is that it works across devices, which is essential when considering IoT technology. This framework also requires continuous monitoring of security configurations for every user requesting or accessing data, whether internal or external to an organization.
Promoting Collaboration
5G offers unique possibilities but also presents unique challenges. Whichever techniques are applied, cooperation is required between manufacturers, governments, retailers, ISPs, and users.
Rather than the somewhat adversarial relationships between businesses and regulators, a transition to a more proactive and collaborative system might be beneficial, in which companies are incentivized to achieve minimum 5G cybersecurity standards rather than penalized.
Information Sharing
Information sharing will be critical to protecting 5G networks because the technology, and therefore its vulnerabilities, are new. It only takes one weak link to make others using the network vulnerable. To keep everyone up to speed, there needs to be a focus on prompt, full reporting of security issues.
This may mean increased reporting of issues even when there is no significant loss of service or serious risk to clients and customers. The more information cybersecurity professionals have about emerging threats, the more effectively they can respond.
Real-Time Threat Detection
Using AI to detect cyber threats improves the speed of threat detection and mitigation. While 5G means an increase in the attack surface, it also offers the potential to mitigate threats with faster detection and better management aided by AI and machine learning technologies.
Artificial Intelligence and Machine Learning for Network Management
Because 5G infrastructure is dynamic and capable of vast speeds, it requires equally effective network management systems. Software-based solutions can provide effective countermeasures to the next generation of cyber threats on 5G networks.
In addition to fast and automated responses, AI and ML technology is helpful because it can learn and update itself in response to emerging threats, making them powerful allies for maintaining 5G cybersecurity.
Implement Cybersecurity Best Practices
While 5G transforms the world’s cellular networks, necessitating new regulations and new cybersecurity techniques, many current cybersecurity best practices remain as relevant as ever.
Businesses and individuals should maintain established cybersecurity best practices to reduce their cyber risk, including the following.
- Using a VPN when connecting to any internet-connected device
- Using multi-factor authentication (MFA)
- Using strong passwords wherever a password is required for authentication and maintaining excellent password hygiene
- Implementing access control to restrict access to sensitive information and mission-critical data
- Updating devices and apps regularly to ensure any vulnerabilities are patched
- Installing anti-malware software, preferably with a threat detection system