So, 5G is one of those once-in-a-generation types of leaps that will alter how we operate. However, 5G security comes with a lot of challenges. Private 5G networks require us to look at attack surface management in a different way. How do they change the way we need to defend our data? And, what is the best way to use them safely?

5G Security for Attack Surface Management

An immediate appeal of private 5G networks is the supposed cost savings from a capital cost perspective: you no longer need to bust up concrete and cut up walls to run cables. Why the italics though? Because the usual bean-counting does not take into account a hidden but brutal cost: the breach.

They say in life two things are certain: taxes and death. Perhaps for the enterprise nowadays, these two things are certain: taxes and breaches, meaning that 5G security concerns have an impact on your breach resilience.

Yet, 5G security is something different. The U.S. Cybersecurity and Infrastructure Security Agency give a good rundown of possible 5G attack vectors:

  • Policy and standards: fast deployment has led to open standards and inconsistent use of security controls.
  • Supply chain: counterfeit components and inherited components. Devices are not always certified, meaning: do you really know what’s in your network?
  • Architecture: software/configuration (plugging in a wire is easy by comparison), network security (exploits will always be there), network slicing (no clear standards, meaning you can move laterally in an easier manner), legacy infrastructure (bringing over any previous vulnerabilities), multi-access edge computing (core elements can now be at greater risk), spectrum sharing (frequencies are scarce) and software-defined networking (threat actors just need to inject some code to unleash havoc).

How 5G Security Adds to Other Risks

These come in addition to other risks today:

  • Manageability: Lots of devices, lots of data. Think endpoint security and traffic analysis.
  • Supply chain: Think hardware and software vulnerabilities. Lots of them. Wires are pretty easy things to trust, regardless of where they are made. Wireless nodes, not so much.
  • Usage: What will the network ultimately do and what will be allowed on it? If you decide to deploy a private 5G network, can you really risk having personal devices on it?

The Possible Hidden Risks

Some of these 5G security problems exist in a private wired network, while others are new. And think for a moment what all the 5G and Internet of Things devices will do for inventory management. Is your configuration management database ready for the influx of devices? The moment it becomes easier to connect, more devices will connect.

Are you ready to take the time to whitelist every device, or will you take your chances and hope you have a tool that discovers all assets? Pro tip: knowing an asset is on the network and knowing what that asset is doing while on the network are two very different things. Monitoring all that valuable data and sifting through the noise is no easy task.

There is another attack surface issue: physical changes. If you are on a private network with no outside connections, there is some peace of mind that wires will keep the data contained. But can you really say that about a ‘private’ wireless network? Wi-Fi has been around for a while and we still see attacks happening as a result of spoofing, misconfigurations, man-in-the-middle tactics and good old-fashioned jamming. What’s stopping somebody from parking a truck near your private network and cranking up some microwaves to degrade and interfere with your network? Almost makes a direct-denial-of-service attack look state-of-the-art. And let us not forget that frequencies are already scarce to begin with.

Finally, 5G security includes privacy concerns as well. Will you allow personal devices to be a part of your private network?  What safeguards do you have in place to ensure possible personally identifiable information does not get siphoned off on a much more highly exposed network?

Business Models Change With a Private 5G Network

Private 5G networks may look great out of the gate, but there is a lot of long-term thinking that needs to be done, especially considering we still fail with the basics. There are a lot of changes happening too, which need to be considered. Work-from-home and remote work has proven to be effective, meaning the business needs for a private network change, at least in the short-term.

Will a private network add a hidden cost to your ledger? Unknown, but it is something to consider.

So is the capital spent on a private 5G network really worth it? Perhaps it is. You have to do the math: understand the business and before you take the plunge, consider all the identifiable 5G security risks and associated costs.

 

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today