5G is just around the corner. With its blazing fast speeds and lower latency, the way we use technology is bound to change forever and in every way. As these fascinating developments unfold, security will have to undergo significant changes as well. But will the arrival of 5G technology be a boon to security or present a whole new set of problems for the industry to address?
Do some digging, and you’ll find conflicting schools of thought about 5G security. On one hand, research from Ericsson asserts that security has been built into 5G from the ground up; on the other, an Inverse report warns that 5G’s inevitable internet of things (IoT) wave could create massive security headaches.
Is there cause for concern, or will this be business as usual?
Prepare for Broad Upgrades
Let’s start with the positives. Security considerations aside, it’s hard not to marvel at the potential applications that 5G will pioneer. Holograms via mobile? Check, according to CNET. Augmented (AR) and virtual reality (VR) on a mobile network? Check, according to Forbes. The same goes for boosts to self-driving cars, remote medicine and especially the Internet of Things (IoT), according to USA Today.
As for security, the Ericsson white paper underscored five core properties built into 5G networks: resilience, communication security, identity management, privacy and security assurance.
According to the paper, “5G security provides a level of trustworthiness that enables the 5G system to meet the requirements of the vast majority of these use cases from the end user, service provider, and regulatory perspectives. The trustworthiness not only originates from a set of security features, but also from system design principles and implementation considerations that have all been applied with a holistic and risk-based mindset.”
Game-Changing Distinction, Game-Changing Risks
Rod Soto, director of security research for Jask, said he has kept track of the security ramifications of 5G and maintained that it’s still a work in progress. One security aspect that stands out, however, is network slicing.
“I think this will be fundamental for 5G deployment: the capacity for different networks and services to share the same infrastructure but be isolated and segregated from each other,” Soto said. “This is very important as we are looking at devices that will process sensitive information from public safety, critical infrastructure and health care.”
Soto hopes the new standards address both past and current threats, such as international mobile subscriber identity (IMSI) catchers and distributed denial-of-service (DDoS) attacks, since the higher bandwidth and faster speeds may amplify threats under 5G.
Scale Security to Rapid Growth
Due to these same qualities, the further escalation of IoT devices is imminent, and this will expand the already oversized attack surface. For Soto, there’s a serious business concern that this technology will allow the addition of billions of connected devices, potentially without proper network isolation, segmentation or a shared system of verification and trust.
“5G may become a technology that enables larger and more destructive attacks,” he warned. “It will have to deal with the current vulnerabilities and flaws we see on the internet infrastructure as well. It is important that 5G does not become an attack enhancer — think of bigger botnets, faster exfiltration of data and privacy violation.”
If you think we’re struggling with privacy issues now, according to Soto, 5G may exacerbate things. Consider all the IoT appliances we’ve already hooked up to our home and business networks; all the security cameras and devices we hope will protect us could be making us more vulnerable.
“Current and new home technologies will reach deep into what we say, what we eat, what we do,” said Soto. “5G does not eliminate internet technology flaws, and, in my opinion, may enhance them.”
How to Build Next-Generation Security for 5G Technology
What can enterprises do to prepare for this new technology? First and foremost, like any technology, embrace it with caution. No matter how convenient it may seem to connect something to your network, it is critical to ensure secure deployment above all else.
“If this new technology does not provide a high level of isolation [and] segmentation from the rest of the world … it should not be adopted without the proper mitigations, as it will likely enlarge the attack surface and damage,” Soto said. “Things such as smart city technologies and critical infrastructure sectors such as transportation will be prime targets.”
For 5G to flourish from a security standpoint, Soto said its new standards must correct past security flaws. If they’re unable to do so, adopting this technology should be understood as accepting higher risk.
“As we embrace and get used to new standards of bandwidth, we will allow new technologies and machines [to] do tasks that we will, in turn, depend on heavily and become vulnerable, specifically in things such as self-driving cars or medical technology that requires always-on monitoring,” he said. “Infrastructure failure could prove to be very harmful.”
We need to understand that the more connected we are, the more vulnerable we are. Let there be no confusion: As a new technology, the security built into and around 5G is impressive. The problem is that all the benefits it brings also expose and amplify the security issues we’ve been facing since the dot-com boom.