Tom Wang - stock.adobe.com
5G is set to become a core element of the global digital economy. Yet, the features that make 5G attractive, such as a shared infrastructure, also make it a security risk. To experience 5G's many advantages, organizations will need to assess their own risk and protect their networks and data accordingly.
5G increases the number of available services and entry points, thereby broadening the threat landscape. The impact of any attacks against 5G networks could be serious or even catastrophic. Below are some of the top 5G security issues enterprises will likely encounter, along with tips on how to proactively address the challenges of implementing this emerging technology.
Understanding 5G network security risks
5G network architectures rely heavily on software, quality control and security assurance from service providers to avoid mass failures across multiple networks. Virtualization and multi-tenancy capabilities, which are expected to become commonplace and have different and possibly conflicting services sharing the same mobile network infrastructure, make it critical to pay close attention to security.
Implementation policies and the base level of security of 5G core infrastructure are being decided at a government level, but enterprises can take proactive measures to protect their own networks and data when using 5G.
IT teams need to stay up to date on the 5G's numerous standards from 3rd Generation Partnership Project, European Telecommunications Standards Institute and Internet Engineering Task Force. They also need to read risk assessment reports, such as the EU coordinated risk assessment of the cybersecurity of 5G networks and China Academy of Information and Communications Technology's 5G Security Report. These documents can help organizations understand the trustworthiness of the underlying network architecture and systems.
As new threats emerge, IT teams will have to put in place security controls and practices to mitigate them. To be ready, teams should start training now on the security challenges associated with 5G architectures, as well as how to choose 5G service providers that meet their security requirements.
How to mitigate 5G security issues
Enterprises are evaluating 5G to pair with IoT networks. Before that happens, though, IoT devices and the network itself need to be fully hardened, and the vendors' software development processes need to be thoroughly understood. IoT networks that connect to 5G need to be able to be quickly patched and updated. Additionally, software update management processes will be vital to ensure seamless maintenance and uninterrupted operation. Of course, identity management, strong authentication and traffic encryption are other essential requirements to help guard against eavesdropping and modification attacks.
Network slicing, where mobile operators can slice the network into different use cases or requirements, will be an important control. Network slicing creates a mostly private channel so an attack could be contained to the targeted slice, rather than all the connected assets. Each slice can be customized with its own protection mechanisms to suit its risk profile.
The enterprise benefits of 5G, including speed, latency and capacity, are not disputed. However, 5G networks will be a prime target for organized crime and state-sponsored attackers. Many 5G security issues are still being researched, particularly the relationships between telecommunications networks and third-party software. Some enterprises may benefit from postponing implementation until the technology's advantages clearly outweigh the 5G security issues and until those concerns can be fully mitigated.
5G is expected to comingle with 4G and 3G networks, which lack the sophistication needed to fully secure 5G, for some time, which will make mitigating 5G security issues a challenge. If a 5G device cannot access a 5G signal, the mobile network operator might switch to 3G or 4G networks and unintentionally introduce security weaknesses. Such scenarios might keep enterprises from feeling confident about sending critical data over these networks.