The year 2019 was supposed to mark the advent of 5G, but much like the arrival of the new millennium and each new installment of the Star Wars franchise, the experience so far has been somewhat underwhelming. Even where 5G is available, few folks have 5G-enabled devices to enjoy it.
Experts now say that 2020 will be the year of 5G, and this proclamation is looking more likely as the 5G rollouts pick up steam (with 1 billion 5G customers predicted by 2023 just in Asia and North America). A 5G network promises to do things like underpin the expansion of the gig economy by providing faster internet to more people, and the growth of the gig economy will also inspire the formation of more small businesses in unlikely places. It will also fuel the surge of the Internet of Things, self-driving cars, and virtual reality.
At the same time, many people have concerns about this potential of 5G. One of these is that the frequency will be physically unsafe for humans, a claim that experts believe is far overstated. But will 5G be safe in terms of cybersecurity? That’s a different question, and no one really knows the answer. What’s more, many companies are struggling with the changes 5G poses to both their business models and their security practices.
What are the Most Pressing 5G Security Issues?
The rollout of 5G will require a huge overhaul of each impacted network, which introduces a unique problem facing both the deployment and the protection of these new networks: they’re now software. Thus, new and future updates to the network require software updates, which are notoriously hard to protect.
Indeed, the introduction of the software presents a problem in itself, but perhaps the threat that truly pushes the boundaries of our current infrastructure could be not the foundation of 5G but the scale of it.
At the end of 2019, AT&T Cybersecurity released its Cybersecurity Insights report and detailed the most pressing concerns cited by security professionals. These included:
- Larger attack surface (from connectivity increase) (44%).
- Greater number of devices on the network (39%).
- Extension of security policies to the Internet of Things (IoT) (36%).
- Authentication for both more and greater varieties of devices (33%).
- Insufficient perimeter defenses (27%).
Perhaps the biggest finding in the report is that 75% of respondents said they expected 5G to produce entirely new cybersecurity threats. Plus, given the number of new devices that will connect to the network thanks to the IoT, cybersecurity will further expand beyond the domain of the IT staff and become everyone’s responsibility, if it hasn’t already.
Is Zero-Trust Security the Future?
The pitfalls and challenges presented by the 5G network and the growing vulnerabilities don’t need to get in the way of the many benefits the transformation offers. New approaches to security are already helping companies future-proof their networks in preparation for the early adoption of 5G.
According to the AT&T Cybersecurity report, 68% of companies surveyed said they were at the very least in the process of implementing a new format of security called zero-trust security to replace the traditional virtual private network (VPN) at the enterprise level. Zero trust security requires verification from all parties trying to access the network (from inside or outside) by default. In other words, there are no trusted users: everyone needs to prove themselves time and time again.
Zero trust security doesn’t require a specific piece of technology, but that’s what makes it a helpful approach to security in a 5G world. It directly approaches the issue of ‘more is more’ that dominates the 5G problem. It’s holistic and sophisticated because it recognizes that companies (and people) now keep their data in many places. Users can expect to encounter items like multi-factor authentication (MFA) as well as strict device access protocols.
Vulnerability Management Will Be Crucial
Vulnerability management is also going to be crucial for successfully protecting those who buy into 5G. A vulnerability management program was previously considered to be an optional program, but today, they are required. Each program must include an audit, security compliance, and risk management framework that creates a continuous vulnerability assessment cycle.
However, even relatively new processes like vulnerability management will likely need supplemental programs. It’s also possible that the corporate world will see an increase in what’s called ethical hacking, which is a white hat program completed by experts who ‘hack’ systems to expose vulnerabilities and help organizations strengthen their defenses.
In November 2019, Ericsson exposed its 5G radio equipment to the ethical hacker community in the world’s first 5G hackathon. The team learned a huge amount about not only their equipment’s vulnerabilities but about how attackers go about finding and identifying them. Both sides are crucial in successfully finding and managing potential security threats.
The nature of 5G pushes the boundaries of today’s cybersecurity. From the faster speeds to the arrival of the fuller potential of the IoT, the challenges to come will be swift and complicated. To take advantage of everything 5G offers, companies will need to approach cybersecurity not from a threat management perspective but by design. If they can do that, then 5G can change the world without threatening it.