The arrival of 5G, with significantly faster speeds, increased capacity and lower latency, will change existing operating environments. However, these benefits will come at the expense of an exponential growth of attack surfaces. The 5G-enabled devices and networks that underpin society will be compromised by new and traditional attacks, causing chaos and plunging business into disarray.
The impacts of attacks on 5G technologies and infrastructure will be felt across a range of industries who leverage 5G to become more operationally efficient or to automate and speed up processes. There will be countless opportunities to attack 5G infrastructure, including billions of previously unconnected IoT devices and new private networks. Millions of new 5G-enabled masts, built and operated by a plethora of companies and governments to varying levels of assurance, will have new vulnerabilities exposed and create new ingress points for attackers to exploit. The step change in available bandwidth will act as an accelerator to existing attacks and amplify new ones, stretching organizational resilience to its maximum.
Critical national infrastructure (CNI), IoT manufacturers, businesses and citizens will all be heavily or totally dependent on 5G to operate, offering ripe targets for a range of attackers. From nation states aiming to cripple CNI – to hackers spying on private networks – 5G technologies and infrastructure will become a key target.
Why can we justify this threat?
5G is one of the technologies that will define the fourth industrial revolution and will be a game-changer for business and consumers alike. The technologies promise greater speeds, lower latency, reduced power consumption and real-time connectivity provided by leveraging newly available high and low frequencies on the radio spectrum. This will enable a raft of changes to the way people live, work and interact with technology, but will also introduce a number of security challenges that will need to be overcome.
5G technologies and infrastructure have attracted significant investment from governments and business alike. Some telecoms providers are expected to roll out consumer mobile networks as early as 2019, whilst other 5G technologies such as private networks will likely be available soon after. China clearly leads the way in terms of 5G development, having built 350,000 new 5G-enabled masts, outstripping US investment by $24 billion.
The number of masts is only set to grow further across the US, Europe and Asia, as organizations demand further investment in 5G. Many new technologies, including connected cars, augmented reality, immersive connected environments and automated drones will be dependent on it to thrive. This has led to significant hype and expectation in the media, which expects 5G to fulfil many future technological promises. However, with these improvements come significant dangers.
CNI that leverages 5G to control machine-to-machine communications will also become a prime target. Deeply embedded IoT devices, such as energy monitors, water meters and waste management sensors, will be systemically targeted by attackers aiming to disrupt supply chains and other dependent infrastructure. The speed of 5G will exceed that of Wi-Fi, tempting organizations to install private 5G networks. Operational environments, from factory floors to farms, will change entirely as 5G-enabled technologies and infrastructure become intertwined with product and service offerings. Spoofing and jamming of 5G networks will become a common attack vector for those aiming to disrupt economies dependent on 5G.
The number of masts required to maintain strong 5G signals at high frequencies will offer a large number of opportunities for attackers to use traditional network degradation techniques to push users onto insecure networks, or to eavesdrop on communications. Terrorists will also conduct attacks near populous 5G areas, either targeting the masts themselves, or faking an attack, knowing that the emergency services will take down or reprioritize 5G networks during a crisis. The amplification of speed, higher bandwidth and reduced latency offered by 5G will also create a perfect environment for massive DDoS attacks, threatening the availability of dependent operations. The range of new and traditional attacks, sheer complexity of the standards necessary for 5G technologies and infrastructure to work securely and the speed of their evolution, highlights the concern that security may be overlooked. The 5G spectrum will also be auctioned to a range of businesses and governments which will secure the networks to different levels and standards.
How can you prepare?
Organizations must prepare for the arrival of 5G, by understanding how 5G will be used in their own product offerings and how they might be dependent on 5G networks to operate. Organizations that successfully prepare will gain significant competitive advantage from the technologies. Those who get it wrong will find themselves compromised, their operations disrupted and reputations damaged.
About the author
Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security, digitalization and the emerging security threat landscape across both the corporate and personal environments. Previously, he was senior vice president at Gartner.