4 minute read 19 Jan 2022
Close-up view of woman in safety glasses with lights reflected in glasses

How the upside risks of 5G balance the downside security risks

By Tim Best

EY Sweden Advisory, Risk, Cybersecurity, AM&M Cyber Leader

Cybersecurity specialist with over 18 years of experience in IT and Cybersecurity consulting and project delivery. Worked across EMEIA in a wide range of cybersecurity roles.

4 minute read 19 Jan 2022
Related topics Telecommunications

5G technology is developing rapidly, but so are the associated cyber threats, which is why security must be prioritized – now.

In brief
  • 5G’s open source environment and network slicing create new complexities that enable cyber attackers to target networks like never before. 
  • However, because 5G offers multiple business benefits, the technology is often adopted quickly by organizations and cybersecurity is brushed over.
  • Multi-layered cybersecurity must be prioritized and built into the foundations of 5G adoption, which is why it’s important to work with a trusted partner.

Here we are, on the brink of a creative explosion of opportunity and possibility. The catalyst is the next generation of mobile technology and it’s about to change everything. It’s a truly exciting time to be involved with technology, however, it’s important to remember that for every upside there must also be a downside to consider – and in the case of 5G, it’s cybersecurity risk.

While organizations are becoming aware of 5G’s potential, the full extent of what’s possible is still unknown. Many associate 5G with streaming movies more smoothly and uploading videos faster. And while this is certainly positive, there’s far more at stake. Autonomous driving, personalized shopping experiences, digital health care and smart city services are all made real by 5G.

I’m keen to emphasize just how transformational 5G will be and I can’t wait to see the things that will be achieved. But lurking in the background is 5G’s impact on the hacking landscape and at these early stages of 5G development, I believe that now’s the time to build trust into the network.

The NextWave Journal

Read the latest edition of the NextWave Telecoms Journal

In a dramatic and fast moving context the ability for organizations to move fast and make an impact is key.

Download now

Next level considerations

5G differs hugely to previous mobile technologies. Within earlier networks, the core was where critical functions such as metering, authentication and access control actually happened. But in 5G, the separation between core and edge functions is blurred – and this changes the landscape because managing security at the edge is much more complicated. It’s fascinating because on one hand 5G is more secure than previous generations – it overcomes many of the issues seen in 2G, 3G and 4G. But on the other hand, 5G introduces several new security implications. Network slicing, for example, is an amazing feature with huge potential. It’s a type of virtual networking architecture that sits within the same family as software-defined networking (SDN) and network functions virtualization (NFV) – and it offers the ability to create virtual networks with different service level agreements (SLAs) and security parameters that can enable digital transformation. However, these slices are far more vulnerable to denial-of-service (DoS) attacks. Another example is with edge cloud adoption. Beside generic cloud security implications, we need to think about physical security to protect the datacenters that are dispersed across the network. The applications and services at the edge will also increase the attack surface. And all this is before we even consider regulatory concerns.

The need for multilayered cybersecurity

What keeps me up at night? The smart devices that connect to the 5G network to create exciting new possibilities can themselves act as a cyber threat. These IoT devices have three layers; each one has computing technology embedded in it, and each one is built by different people.

There’s the chip layer, the original design manufacturer (ODM) layer, and the provider layer – which is the brand that hooks into the device via user facing applications. Because the first two layers are built at scale with cost effectiveness in mind, security isn’t always a priority. Therefore, no matter how much the technology provider considers security, the underlying layers will always be vulnerable. That’s not all:

  • Supply chain: the entire supply chain has to be taken into account. The technology provider should consider their obligations and what their liability is within the chain – because ultimately the consumer will hold the brand name on the package responsible for any issues.
  • AI and machine learning: because of the massive amounts of data being collected to enable IoT devices, machine learning has to be applied. But maintaining data in many different locations is hard. We’ve recently seen a shift toward nationalism from globalism in the world and this applies to technology too. Different countries are creating different rules around data sharing and algorithms, and it’s increasing complexity. Localized rules create biased data pools. And most organizations leverage third party datasets, which themselves are targets of attackers.
  • Identity protection: 5G raises broader questions around identity itself. In some countries, an IP address is personally identifiable information, and in many cases, devices are being treated like humans. So, what really is an identity today? And how do we protect security and privacy in a 5G world where a device, just like a human being, also has a right to privacy?

Cybersecurity has to extend beyond the four walls of the company. Businesses need to build trust into the devices themselves as well as the networks they belong to. However, our latest research shows that only 19% of organizations consider security within the context of a new business initiative. So, what’s the answer?

Summary

As businesses implement the transformational benefits 5G offers, it is critical that they focus on 5G vulnerabilities and take a multilayered cybersecurity approach to protect their company and customers.

About this article

By Tim Best

EY Sweden Advisory, Risk, Cybersecurity, AM&M Cyber Leader

Cybersecurity specialist with over 18 years of experience in IT and Cybersecurity consulting and project delivery. Worked across EMEIA in a wide range of cybersecurity roles.

Related topics Telecommunications