Threat Modeling: The Key to Dealing With 5G Security Challenges

August 24, 2021
| |
2 min read

With 5G reshaping the smartphone market, 5G security needs to keep up. Almost one in three smartphones sold in the first quarter of 2021 can connect to a 5G network. That’s just one year after the world’s first commercial 5G network emerged in South Korea. Such growth helped annual shipment numbers of 5G-enabled smartphones exceed 200 million units in just one year. That’s four times as long as it took 4G to reach the same milestone. With that growth comes risks, too.

An Overview of 5G Security Risks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) examined three such threat vectors as part of the Enduring Security Framework’s 5G Threat Model Working Panel. First, it took a look at Policy and Standards. It found networks could be more open to digital attacks if network operators fail to implement optional 5G security controls. Next, 5G Systems Architecture, another threat vector identified by CISA, shows some built-in problems. Threat actors could exploit vulnerabilities affecting devices and infrastructure to disrupt networks and steal critical data exchanged between users.

The last threat vector, Supply Chain, is of major concern to businesses and agencies themselves because it’s a double-edged sword. On one side, 5G enables users to share data more quickly with new tech that 4G networks can’t handle. On the other, this contributes to making networks more complex, meaning it’s easier for threat actors to sneak into the network. It also makes it more difficult for defenders to do their work, as they don’t always know someone could access their crown jewels. Now, they need to focus less on a corporate intranet and more on service providers, vendors, suppliers and partners.

How to Augment 5G Security

With 5G on the rise, you can’t afford to take a reactive approach. After all, 5G is brand new. It’s moving too quickly and it’s bringing new challenges that many of them haven’t seen before.

Instead, you can take a proactive response like threat modeling. One of the central benefits of threat modeling is its potential to help the entire business by pushing key stakeholders to take a second look at how the business works. It takes into account the fact that threats continue to evolve. As such, it steers away from getting comfortable in an outdated risk profile. Instead, businesses can move towards “living security documents” that they can reassess over time.

Creating a living document begins with a discussion. By sharing knowledge with each other, stakeholders can then work together. This makes it easier to create new methodologies and tools that can help to ensure you’re addressing risks in an effective way.

In the end, threat modeling is a process. It works over the long term, and needs work over the long term as well. You might need to repeat solutions so people know them well during subsequent risk evaluations and threat model analyses. That way, your team can confirm they’ve closed out associated risks in an ongoing manner. That’s the only way to find new and emerging threats, including those that 5G brings, before they find their way into their environments.

Security – A Crucial Part of 5G’s Potential Success

Threat modeling is critical in the age of 5G because it’s essential in any telecommunications revolution. If 5G is going to catch on, security teams need to prevent malicious actors from misusing it. It also means that operators need to address the privacy concerns of 5G from the start. These efforts require a proactive approach that only threat modeling can provide.

David Bisson
Contributing Editor

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Trip...
read more