As we take each new mobile network generation in our stride, it can be easy to forget just how far we’ve come. For instance, both 3G and 4G were digital transformations in their own right. First allowing for multimedia sharing, data downloads and video calls, then providing widespread access to mobile internet services, HD video streaming and reliable roaming.
But with Ericsson estimating there will be up to 22.3bn connected devices by 2024, it is 5G that will be required to support the demands of this level of mass connectivity. 5G will be smarter, faster, and more efficient than its predecessors. It promises unrivalled mobile data speeds, hitting 100 gigabits per second, and lower latency than 4G, meaning reduced lag and an overall more stable, improved user experience.
It will revolutionise our relationship with the internet, data and will undoubtedly accelerate society’s pull towards smart, technology-fuelled living.
New threat landscape
But for all its benefits, 5G will be rolled out in a high-risk cyber threat environment where cyber threats are continuously evolving and becoming more sophisticated. We operate in an ‘always connected’ society, using multiple connected devices to communicate and exchange information. This in turn, has increased the number of ways cyber criminals can steal our data and disrupt our lives. So, we are required to be ever more vigilant and careful of our online activity, and this is an immediate threat 5G must address.
However, unlike 4G and the other preceding connectivity networks, 5G is so much more than just a mobile network, it is the backbone of the future connected world. And this is where the real security threat lies. This new network will completely extend our means of communication; transcending mobile networks, non-mobile networks and possibly leveraging satellite transmissions. Objects will be able to ‘speak’ in real-time with one-another and analyse vast amounts of data from around the world, so we can work and live in smarter cities, rely on autonomous or smart driving and embrace smart living. So, in addition to the legacy threats faced by 4G and other older networks, 5G adoption requires securing billions of connected devices on a scale previously uncharted.
Security must never be static
These 5G threats require that the entire end-to-end user ecosystem is prepared to combat them.
The 5G network will come with new functionalities such as network slicing or edge computing, as key enablers to allow society to communicate with greater fluidity, live smarter and more efficiently. This will require a host of invested parties, from OEMs to MNOs, to cloud and security vendors and governments, to protect the data and ensure that the correct security protocols are in place over this new 5G network. To go without, could mean blackmail, identity theft, threats to personal safety and even state sponsored attacks.
To secure such a complex ecosystem of connected devices, these invested parties must take a holistic approach to security which is based on five key principles:
- Security must be scalable: 5G security solutions must be able to adapt to the level of risk that needs to be avoided. Low-end devices which sit at the network’s edge may not need the same security attention as the core network, but it’s important that the solutions can communicate with one another and be scaled to meet different needs.
- Security must be considered as an end-to-end solution: From the mobile network operator down to the end application, security solutions must flow seamlessly and protect all access points. 5G is only as secure as its weakest point, and it’s critical that the entire network is protected by a secure protocol otherwise it’s at risk of losing data.
- We must have state-of-the-art cryptographic mechanism: The 5G system can securely identify and authenticate subscribers, ensuring that only genuine users can access network services. Strong cryptographic and security protocols already exist in the 4G system but have been further developed for 5G. Robust encryption, based on state-of-the-art methods, like the usage of secure, tamper-resistant, certifiable hardware to store the keys on or run the cryptographic operations will underpin data privacy and maintain mutual authentication between device and network to ensure efficient service delivery.
- We must rely on industry certifications: It’s important that governments, OEMs and MNOs, as well as vertical industries such as automotive and financial services, listen and work with the GSMA and other industry institutions like Global Platform or Eurosmart, to ensure that worldwide security certifications standards are defined, providing a benchmark for excellence which guarantees that the appropriate security standards are met.
- Standards will underpin the network: It’s critical that we continue to further develop a standards-based approach to 5G. Just like security, standards cannot be static, they are constantly evolving and it’s this level of agility which we need to combat the security threats of today and tomorrow.
Delivering a secure network
5G has tremendous potential. It can provide a range of advanced connectivity services: from a high-speed mobility service for a travelling smartphone user and ultra-reliable communications for connected and driverless vehicles through to reliable real-time detection and automation in smart factories, allowing fleets of robots to be controlled remotely.
But to enable all these innovations to happen, all industry players need to work together to build a trusted connectivity ecosystem that has data security at its heart. From creating scalable 5G solutions, through to driving consistent standardisation in the industry, building trust in the 5G ecosystem will be key to unlocking its full potential.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.