If you pay attention to such things, the press coverage of the ongoing roll-out of the 5G network in the UK has been dominated by two subjects. One is the greatly enhanced speeds, and the greatly enhanced connectivity, of the network. The other – seen recently in stories about the fact that Japan is participating in the UK rollout and that Ericsson has narrowly won a contract to deploy 5G in the UK – is the fact that much of the UK network is being built by foreign companies.
Amid all these stories, though, we may have overlooked an important aspect of the 5G network – it’s implications for cybersecurity. That’s because, although the network provides the ability to connect more devices than ever before, this ease of connectivity might end up exposing our systems to more cyberattacks than ever before also.
This would be somewhat ironic, because the network was designed to be more secure than it’s ancestors. As with most new tech, though, it’s probably a textbook case of ”let the buyer beware” or caveat emptor if we want to use the more impressive Latin lingo. The bottom line – Don’t jump into this stuff blind and trust that it’s all puppies and kittens. Sometimes it bites.
In this article, we’ll look at why 5G might pose a security threat, and what we can do about that.
The Promise of 5G
The first thing to say with regard to the security of 5G was that security wasn’t forgotten when the network was designed. Quite the opposite. One of the promises of 5G – and one of the reasons why governments and tech firms are keen to stress the benefits of the network – is that it allows far stronger encryption to be used.
This is, in fact, a consequence of the increased bandwidth that that network offers. Because 5G is so much faster than 4G (or 3G), network engineers can use forms of encryption that are more secure than those we’ve seen deployed on previous mobile data networks. This increased capacity also means that organizations can use more advanced forms of authentication and user verification, such as the kind of multi-factor authentication that many are familiar with from their online banking systems.
In short, the advent of 5G was supposed to make managing the new security landscape easier, not more difficult. And while some research has exposed flaws in the security of the network, that is still largely true. Looked at on the level of individual devices, the 5G network provides better security, and an enhanced capacity to deal with cyberthreats. The problem – as we shall see in the next section – is the sheer number of devices that are already connected to the network.
The Internet of Threats
For consumers, the advantages of the 5G network are fairly straightforward, and fairly unproblematic. 5G offers much faster mobile data speeds. Interacting with apps, websites, and streaming services via a smartphone will be faster and more reliable.
It’s worth noting, however, that for industrial and commercial users the 5G network represents something quite different. The increased bandwidth of the network is exciting because it allows many more devices to be connected together – not just smartphones and tablets, but the kind of integrated sensing and control devices that are referred to as the Internet of Things (IoT).
Just as with the 5G network, there is nothing inherently insecure about the IoT. The issue is that IoT device manufacturers have often prioritised connectivity above security in the design of these devices. In addition, even where security can be upgraded, it is often a complex and time-consuming process to configure the vast IoT networks now in use.
In short, we’ve waited too long to start worrying about securing the IoT.
In practice, this means that the 5G network allows more insecure devices to be connected to the internet. And more insecure devices will inevitably lead to an increase in cyberattacks. In fact, there are signs that this is already occurring. Criminals have already exploited IoT devices, most notably in the “Mirai botnet” cyber attack in 2016 when hundreds of thousands of cameras, routers and digital video recorders were used to bring down websites including Twitter, Spotify and the New York Times.
This threat goes way beyond large companies, however, because the truth is that most of us now have a dozen or so connected devices that play a large part of our everyday life. In the typical home, one is likely to find a smart speaker, a few smartphones, a smart TV, and IoT devices that control heating and cooling systems. Expect that the encroachment of 5G speeds that surpass even those of cable television will push many Americans to cut the cable box completely. At that point, our homes will be completely powered by wireless connections that will be like catnip to roving cyber attackers.
Increased Threats, Improved Security
So far, so bad. There is, however, another side to 5G. Though the technology is encouraging us to connect ever more devices to the internet, and though this may create cybersecurity vulnerabilities, the network also holds the promise of improving cybersecurity.
This is because 5G doesn’t allow attackers to use any new forms of cyberattack. The types of malware and hacking that we are already familiar with are likely to increase in frequency, but this will be a change of scale and not essence. Many in the cybersecurity industry believe that we can therefore teach AI and ML interfaces to identify these attacks, and prevent them automatically.
5G is part of this picture as well, because both AI and ML systems need to process huge amounts of data in order to function. A faster network means that we can deploy more sophisticated AIs, and this may pull in the opposite direction – reducing cyberattacks.
We are therefore left in a slightly contradictory position – that 5G might increase cyberattacks, or it might allow us to reduce them.
For those who follow cybersecurity, this will be a familiar dilemma. Indeed, every time a new technology is developed there are those who say it will reduce security, and those who say the opposite. For now, it is clear that the slow shift to 5G must be accompanied by an increased focus on IoT security, because without that the network will indirectly promote a simultaneous and dangerous move to huge, insecure networks.