On 27 May, teissTalk host Geoff White was joined by a panel of four experts from the 5G space to discuss the opportunities and challenges the new technology presents from a cybersecurity perspective.
You can watch the discussion here.
How venture capital is becoming more accessible for UK cyber security start-ups
The London Office for Rapid Cybersecurity Advancement (LORCA), a collaboration between the UK government and Plexal, an innovation hub, seeks to match the market’s demand for emerging cyber security solutions with tech start-ups providing them – in partnership with Lloyds and Queens University, Belfast. LORCA has outperformed its original £40 million target for venture capital (VC) fund-raising in the first three years of its operation by a factor of 5. The successful IPO of UK’s Darktrace, as well as the boost LORCA and similar initiatives can give to VC funding for cyber security start-ups can eventually lead to the the sector catching up with other, high-performing areas, for example with fintech. What the UK still needs to excel in this field is more of ambitious start-ups confident and assertive about pitching their business, as well as a growing number of the kind of serial entrepreneurs seen in abundance in the US.
Who will build the 5G infrastructure?
5G, no doubt, is still in its infancy. The commercial use case that was the main source of revenue for 4G is not so compelling: the difference between whether you’re connected to a good 4G or a 5G network with your smartphone can be negligible. Industrial and enterprise use cases are much more promising. But thanks to the density and the costs of building 5G towers and microcells, network operators can’t go it alone. Private companies and towns and councils will also need to make their own investments in new networks. What MNOs can – and probably will – do to adapt to this new set-up is shift to a new business model, where they become managed service providers offering not just the network but also the embedded cyber security and AI solutions that come with it. Rather than building their own 5G networks, another option for MNOs is to make partnerships with neutral hosts – or third parties that own the physical part of the cellular network – and build their own virtual networks on top of those. Unlike with 4G, a considerable part of the new network will be built by private enterprises, who, in order to improve the economics of network building, may share their ecosystem with external users, which, of course, will have huge cyber security implications.
Embedded security versus expanded attack surface – the two faces of 5G
As 5G’s rise is less meteoric than 4G’s was, there is more time and opportunity to embed stronger cyber security mechanisms into its architecture from day one. However, thanks to the complexities of 5G ecosystems, the individual minor vulnerabilities can sometimes have a cascading effect and collectively result in a major one. Non-smart IoT devices on the edge such as low-powered, low-bandwidth sensors will be likely candidates for becoming back doors that hackers can take advantage of..
While new security mechanisms specific to 5G (slicing and AI) are being developed, it’s key that the ground rules of cyber security such as defence-in-depth and zero trust are nevertheless integrated into the fabric of 5G networks.
Yet what worked in 4G may not suffice in 5G networks. In a 5G system encryption, a pillar of cyber security, can breed new problems as it can only come at the expense of network visibility. Moreover, while fraud prevention in 4G environments is fuelled by rich historic data on mobile users’ behaviour, we know much less about what normal traffic is in an enterprise or industrial IoT setting.
As for novel cyber security technology to be built into 5G networks, slicing – a method of creating multiple unique logical and virtualized networks over a common multi-domain infrastructure – and the use of AI, both still in their infancy, are the most promising.
A conversation about 5G and cybersecurity can’t conclude without touching on Huawei. Although there have been experts who believed that integrating Huawei into the edge rather than the core of 5G networks will solve the problem, others would argue that a backdoor is a backdoor no matter where it is. Also, the vulnerabilities that Huawei – unwittingly or otherwise – leaves in its solutions such as the ones UK intelligence and security organisation GCHQ has identified, will leave our critical network exposed not only to Chinese espionage but other bad actors too. The challenge of the decision to proceed with 5G without Huawei is that the company’s devices need to be removed from already existing networks where the components are closely interconnected – a cumbersome and complicated process that is inherent to the system and needs to be repeated if and when other vendors’ devices happen to get compromised. Best practice coming from early adopters of 5G and the sharing of skills, capabilities and knowledge by the IT arm of businesses with a converging OT function can, however, go a long way in speeding up the process of creating a robust cyber security system for 5G at pace.