So, 5G is one of those once-in-a-generation types of leaps that will alter how we operate. However, 5G security comes with a lot of challenges. Private 5G networks require us to look at attack surface management in a different way. How do they change the way we need to defend our data? And, what is the best way to use them safely?

5G Security for Attack Surface Management

An immediate appeal of private 5G networks is the supposed cost savings from a capital cost perspective: you no longer need to bust up concrete and cut up walls to run cables. Why the italics though? Because the usual bean-counting does not take into account a hidden but brutal cost: the breach.

They say in life two things are certain: taxes and death. Perhaps for the enterprise nowadays, these two things are certain: taxes and breaches, meaning that 5G security concerns have an impact on your breach resilience.

Yet, 5G security is something different. The U.S. Cybersecurity and Infrastructure Security Agency give a good rundown of possible 5G attack vectors:

  • Policy and standards: fast deployment has led to open standards and inconsistent use of security controls.
  • Supply chain: counterfeit components and inherited components. Devices are not always certified, meaning: do you really know what’s in your network?
  • Architecture: software/configuration (plugging in a wire is easy by comparison), network security (exploits will always be there), network slicing (no clear standards, meaning you can move laterally in an easier manner), legacy infrastructure (bringing over any previous vulnerabilities), multi-access edge computing (core elements can now be at greater risk), spectrum sharing (frequencies are scarce) and software-defined networking (threat actors just need to inject some code to unleash havoc).

How 5G Security Adds to Other Risks

These come in addition to other risks today:

  • Manageability: Lots of devices, lots of data. Think endpoint security and traffic analysis.
  • Supply chain: Think hardware and software vulnerabilities. Lots of them. Wires are pretty easy things to trust, regardless of where they are made. Wireless nodes, not so much.
  • Usage: What will the network ultimately do and what will be allowed on it? If you decide to deploy a private 5G network, can you really risk having personal devices on it?

The Possible Hidden Risks

Some of these 5G security problems exist in a private wired network, while others are new. And think for a moment what all the 5G and Internet of Things devices will do for inventory management. Is your configuration management database ready for the influx of devices? The moment it becomes easier to connect, more devices will connect.

Are you ready to take the time to whitelist every device, or will you take your chances and hope you have a tool that discovers all assets? Pro tip: knowing an asset is on the network and knowing what that asset is doing while on the network are two very different things. Monitoring all that valuable data and sifting through the noise is no easy task.

There is another attack surface issue: physical changes. If you are on a private network with no outside connections, there is some peace of mind that wires will keep the data contained. But can you really say that about a ‘private’ wireless network? Wi-Fi has been around for a while and we still see attacks happening as a result of spoofing, misconfigurations, man-in-the-middle tactics and good old-fashioned jamming. What’s stopping somebody from parking a truck near your private network and cranking up some microwaves to degrade and interfere with your network? Almost makes a direct-denial-of-service attack look state-of-the-art. And let us not forget that frequencies are already scarce to begin with.

Finally, 5G security includes privacy concerns as well. Will you allow personal devices to be a part of your private network?  What safeguards do you have in place to ensure possible personally identifiable information does not get siphoned off on a much more highly exposed network?

Business Models Change With a Private 5G Network

Private 5G networks may look great out of the gate, but there is a lot of long-term thinking that needs to be done, especially considering we still fail with the basics. There are a lot of changes happening too, which need to be considered. Work-from-home and remote work has proven to be effective, meaning the business needs for a private network change, at least in the short-term.

Will a private network add a hidden cost to your ledger? Unknown, but it is something to consider.

So is the capital spent on a private 5G network really worth it? Perhaps it is. You have to do the math: understand the business and before you take the plunge, consider all the identifiable 5G security risks and associated costs.

 

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today