Opinions

What 5G Means For Security In An Interconnected World

Will supercharged 5G connectivity bring with it supercharged cyber threats?

Share this article

Share this article

Will supercharged 5G connectivity bring with it supercharged cyber threats?

Opinions

What 5G Means For Security In An Interconnected World

Will supercharged 5G connectivity bring with it supercharged cyber threats?

Share this article

Driverless cars, video communication, remote devices and smart cities – all have been touted for a number of years and will seemingly grow in popularity with the successful rollout of 5G networks.

But as we move into an increasingly digital world, should we be concerned about the potential threats that 5G may bring?

When looked at as a communications protocol, 5G is not materially different from 4G in terms of security. The same security policies are used for transmission, with only some minor improvements to resolve known weaknesses.

But with cellular transmission having long proven to be very resistant to security threats, 5G is likely to be the same.

There are some changes in network architecture for 5G which could have implications. 5G allows for virtualised networks where the core of the cellular system is implemented as software running on general purpose platforms.

It also enables network slicing where network resources can be partitioned. While these concepts are not inherently insecure, they do introduce new “attack surfaces” - places that hackers could attempt to break into the network.

For example, the system that manages the establishment of network slices called “the orchestrator” is new, and if compromised could be used to rapidly disable a network.

However, mobile operators and manufacturers will be aware of these issues and are likely to move slowly and cautiously until they have confidence that there are no vulnerabilities.

The biggest change is the uses that 5G will be put to. Already 4G networks are connecting the Internet of Things - sensors and devices used across many industries and applications.

This is expected to grow over time. In fact, this is not due to 5G - much of this connectivity will be 4G for many years - but its coincidence in timing means 5G and widespread IoT connectivity are often conflated.

The more things that are connected, the wider the implications of network vulnerability.

While it was not a security issue, a recent network failure in the UK not only prevented about a quarter of the country using their mobile phones, it also disabled bus stop information signs, electric vehicle charging points, smart electricity meters and city bike rental stations.

Most of these systems are not critical and so the overall impact was one of inconvenience but that will change over time. Some believe that 5G could be increasingly used to control cars, and here any security breaches could potentially be life-threatening.

Actually, for just that reason, it is unlikely that vehicle manufacturers will allow external control of cars.

Because 5G is well-designed from a security viewpoint, threats are unlikely to come via the 5G system itself. Instead they will likely be via the databases and platforms used to deliver over-the-top services, such as the smart metering control databases.

Alternatively, attacks might come via devices, for example a large-scale DDoS attack last year was delivered through devices like home security cameras where the password had not been changed from “0000”.

Again, nothing to do directly with 5G, but the connectivity delivered by 5G will enable the proliferation of devices.

Should we be concerned? It is important to firstly understand that it is not 5G that is changing the nature of the security risk, but the connection of more things into networks, many of which will be 4G or using self-deployed technologies such as LoRa and Weightless.

Even then, history suggests that problems are more likely to occur due to network outage than security breaches. If we rely on the connectivity of those things and there is no fall-back or alternative then clearly there is an issue.

But we should be very cognisant of the potential implications, for example, of a hacker controlling a nationwide network of smart meters.

What can be done? For the most part it comes down to careful design of systems and devices, using industry best-practice and testing with tame hackers. Intelligent monitoring systems can detect unusual activity and raise alerts or take action to close down systems as needed.

Ultimately, though, the history of hacking and ICT tells us that no system is ever completely secure but as loopholes are found patches are quickly released in response.

We need to make sure that all parts of the system can be quickly updated including remote devices and that critical systems can be over-ridden or rapidly put into safe mode if unusual behaviour is detected.

There will always be security threats, but better to manage them as well as possible rather than over-react and stop a future that could bring great benefit to us all.

Professor William Webb, Senior IEEE Member and CEO of Weightless SIG.

Related Articles
Get news to your inbox

What 5G Means For Security In An Interconnected World

Share this article