Next level considerations
5G differs hugely to previous mobile technologies. Within earlier networks, the core was where critical functions such as metering, authentication and access control actually happened. But in 5G, the separation between core and edge functions is blurred – and this changes the landscape because managing security at the edge is much more complicated. It’s fascinating because on one hand 5G is more secure than previous generations – it overcomes many of the issues seen in 2G, 3G and 4G. But on the other hand, 5G introduces several new security implications. Network slicing, for example, is an amazing feature with huge potential. It’s a type of virtual networking architecture that sits within the same family as software-defined networking (SDN) and network functions virtualization (NFV) – and it offers the ability to create virtual networks with different service level agreements (SLAs) and security parameters that can enable digital transformation. However, these slices are far more vulnerable to denial-of-service (DoS) attacks. Another example is with edge cloud adoption. Beside generic cloud security implications, we need to think about physical security to protect the datacenters that are dispersed across the network. The applications and services at the edge will also increase the attack surface. And all this is before we even consider regulatory concerns.
The need for multilayered cybersecurity
What keeps me up at night? The smart devices that connect to the 5G network to create exciting new possibilities can themselves act as a cyber threat. These IoT devices have three layers; each one has computing technology embedded in it, and each one is built by different people.
There’s the chip layer, the original design manufacturer (ODM) layer, and the provider layer – which is the brand that hooks into the device via user facing applications. Because the first two layers are built at scale with cost effectiveness in mind, security isn’t always a priority. Therefore, no matter how much the technology provider considers security, the underlying layers will always be vulnerable. That’s not all:
- Supply chain: the entire supply chain has to be taken into account. The technology provider should consider their obligations and what their liability is within the chain – because ultimately the consumer will hold the brand name on the package responsible for any issues.
- AI and machine learning: because of the massive amounts of data being collected to enable IoT devices, machine learning has to be applied. But maintaining data in many different locations is hard. We’ve recently seen a shift toward nationalism from globalism in the world and this applies to technology too. Different countries are creating different rules around data sharing and algorithms, and it’s increasing complexity. Localized rules create biased data pools. And most organizations leverage third party datasets, which themselves are targets of attackers.
- Identity protection: 5G raises broader questions around identity itself. In some countries, an IP address is personally identifiable information, and in many cases, devices are being treated like humans. So, what really is an identity today? And how do we protect security and privacy in a 5G world where a device, just like a human being, also has a right to privacy?
Cybersecurity has to extend beyond the four walls of the company. Businesses need to build trust into the devices themselves as well as the networks they belong to. However, our latest research shows that only 19% of organizations consider security within the context of a new business initiative. So, what’s the answer?