In the opening column of this series, “Emerging Technology, Evolving Threats,” [check out Part I and Part II], I wrote about quantum computing — how it portends both great opportunity and cybersecurity challenges. While very real and a subject we overlook at our peril, we most likely will not be grappling with its tangible impact any time soon.
5G, on the other hand, is an entirely different story. It’s here; it’s now, and it’s redefining network architecture. Taking responsibility for its advancement in a secure manner has never been more important, particularly given the growing aspects of our daily lives that are attaching to it. That begs the question: Who ultimately is responsible for its associated security? The adage, “what’s everybody’s business is nobody’s business,” looms menacingly over us.
In Pursuit of a Connected Yet Distributed Future
Our adversaries know that the attractive force of 5G-powered applications offer new attack vectors through which to advance their interests, which of course demands that we give as much attention — if not more attention — to countering those efforts in the way we secure those devices, applications and connections. As a society, we long ago began moving into a world where the barriers between physical and digital worlds were dissipating, and the proliferation of devices supported by 5G has only exacerbated that growing porosity. It reflects a complete physical overhaul of our essential networks and, because 5G reflects a conversion to what is mostly an all-software network, we must expect the cybersecurity challenges (and vulnerabilities) that come with that.
Christopher Krebs, former Director of CISA, rightly opined: “…5G is the single biggest critical infrastructure build that the globe has seen in the last 25 years and, coupled with the growth of cloud computing, automation, and…artificial intelligence, demands focused attention today to secure tomorrow.”
2G brought improved coverage and texting. 3G introduced voice with data and internet. 4G was synonymous with speed and LTE. 5G will be anchored to distributed computing, fundamentally changing the nature of data and its utility.
Every industry and area of our life will see the benefits of a 5G-driven era from the way we consume and engage with media to the options we’re offered in the form of personalized, proactive healthcare. A major transformation is on the way. We’ll begin to see more smart homes, smart cities, industrial automation, autonomous vehicles, telemedicine and virtual/augmented reality. At that heart of all that lies a key factor of the 5G network, which leaves us more vulnerable to cyberattacks than did its predecessors. That factor reflects a shift from centralized, hardware-based switching to distributed, software-defined digital routing. This evolution removes a singular location where security inspection and control protocols can be executed. 5G utilizes a web of digital routers throughout the network. In turn, as the core architecture fundamentally changes, our approach to securing it must change in step.
As I mentioned above, 5G presents new surfaces of attack for cybercriminals to exploit; an environment larger and more complex than the cyber community has heretofore defended. Defense strategies must be secure by design, built around 5G — not the other way around.
The importance of that orientation was demonstrated in 2016 when hackers shut down large portions of the internet by taking control of millions of low-cost chips in the motherboards of digital video recorders and security cameras. Consumers and manufacturers simply didn’t consider cybersecurity when buying low-cost connected devices, and retailers did not prioritize security in their stocking decisions. Manufacturers didn’t emphasize cybersecurity in the components they purchased and, thus, chip manufacturers did not include cyber protections in their products. There was no defined role or responsibility for ensuring and sustaining post-purchase cybersecurity.
The good news: Today, products are brought to market with 5G-ready capabilities built in. The product is being built around the technology — and that’s how, as a society, we’ll keep our connected devices secure.
Success Moving Forward
One crucial area of focus builds on the security foundation laid by 4G in the form of artificial intelligence- (AI) supported machine learning (ML). Cybersecurity strategies for the 5G world will need to use that technology to its fullest extent to proactively identify suspicious or malicious behavior, detect patterns and map potential criminal activity in real-time. AI-supported ML is, in effect, the new layer of preventative protection, the prowess of which can address the new surface layers of an attack made available by 5G. Cyberattacks on 5G will be software attacks and must be countered with software protections.
As a culture, we must not allow the newness of 5G to lull us into an anesthetized state of complacency. The reality is that the internet’s connection to people and the things they depend on will be increasingly established through potentially vulnerable 5G networks. The cyber community must address the raised stakes that threaten our national critical infrastructures. For companies and consumers alike, the responsibility to focus on vulnerabilities created by 5G is imperative in our efforts to thwart potential crippling attacks.