5G and cyber security will go hand-in-hand as 5G strives to connect more devices together than ever before. Cyber threats and attacks are occurring more frequently and 5G will need to address this if it is to become the connectivity standard of choice, for businesses and personal users.
In the UK, EE has already launched its mobile 5G network in six cities. Vodafone will launch its 5G network on the 3rd of July, bringing the first experiences of 5G to even more consumers.
What is 5G and why do we need it?
5G is the next level of connectivity, bringing faster data speeds and increased bandwidths. These are key developments as technology becomes even more integral to the way we live and work.
5G will create the extra bandwidth needed for the massive connectivity of the Internet of Things (IoT). It will deliver ultra-high reliability and low latency, essential for services such as 3D video, 4K screens, smart city cameras, mission-critical broadband, augmented reality (AR), and work and play in the cloud.
We will see smart homes that need secure authentication through face, voice, and fingerprint recognition. Autonomous vehicles will become commonplace and healthcare services will include the remote monitoring of patients, remote surgery, and the transferring of large patient files.
Indeed, 5G will pave the way for completely new applications, particularly in the world of augmented reality, virtual reality, and artificial intelligence. With machine-to-machine (M2M) communication, the possibilities appear to be endless.
However, every new service and technology has the potential to make us more vulnerable to cyber attacks. The healthcare industry demonstrates the potential vulnerabilities well, with health privacy and medical identity theft making up four out of every ten data breaches, in 2017.
Identity theft, blackmail, and personal safety are all security concerns that need to be considered as new 5G centric devices and services are built. In short, the more connected devices that are released, the greater the number of targets are offered up to cyber criminals.
European Commission framework for securing 5G technologies
The European Commission is playing a large part in the effort to making 5G more secure for online services. On the 26th of March, the commission set out a timetable of events and actions that will ensure Europe’s 5G networks are secure.
At this time, the 28 member states of the EU made legal commitments to prioritise electronic communication security, critical infrastructure, and data privacy.
Three step timetable of EU member states will:
- By the 30th of June, each EU member is to have carried out a national risk assessment to highlight possible security risks. Both software and hardware vulnerabilities will be identified and a legal framework for third-country suppliers will be put in place. By the end of June, there will be an update of measures that are needed to deal with these risks.
- By the 1st of October, a European risk framework on 5G network security will be created and will be made through a sharing of the national risk assessments, from each EU country.
- By the 31st of December, best practices for mitigating 5G network security risks will be compiled as a toolbox of measures, that the EU and each nation will use.
Technical Report on 5G Network Architecture and Security
In December of 2018, a Technical Report on 5G Network Architecture and Security was released by The Department for Digital, Culture, Media, and Sport. This collaborative report was created by AutoAir, 5G RuralFirst, Worcestershire 5G TestBed, and the 5G Innovation Centre at the University of Surrey.
The technical report highlights four challenges that need to be addressed, if the UK is to be a leader in the development and deployment of 5G.
The report states that the UK has a further need for innovation and investment in:
- A cross-layer framework and standards to enable end-to-end security for the vertical segment and prioritised critical use cases.
- Standardisation of trials and security tests.
- An organisation that will help encourage and monitor good security-by-design practices, by setting out an approach to designing a secure 5G network, services, and applications.
- A new approach, that uses context-aware networking and artificial intelligence (AI), that pre-validates and predicts cross-layer user equipment (UE) connections, to ensure 5G performance isn’t compromised.
How 5G will improve security online?
The good news is that 5G will improve security online due to its development, that is in stark contrast to the approach taken by 4G. 4G networks were built with the cheapest price being the decision making factor of which technologies and services were chosen.
The 5G Standard enforces a common approach and ensures that shared advice is available to all parties creating and validating 5G technologies. Security is being built in from the ground up at each part of the network. These parts include the radio network, the transport network, and the core network, which is the most important part as it handles the main portion of customer data.
The National Cyber Security Centre of Britain has already released a report on 5G security risks. The cyber security centre played a part in highlighting the potential risks on security, for technologies developed by Huawei.
However, the cyber security centre focuses on each individual risk-based element that forms part of the core of the 5G infrastructure. Instead of completely ruling out the technology or software from one specific third-party, it assesses each piece of equipment and software to determine what risks they pose, if any.
This approach lets the UK make informed decisions on what risks we are willing to take, putting security in front of other motivating factors, such as price. In the case of Huawei and the UK, Huawei’s technology is only at the radio level of the network, which is of little concern in terms of security vulnerabilities.
The key takeaway is that while 5G networks can never be 100% safe, security will be considerably improved in comparison to 4G and public Wi-Fi. With strengthened security, improved bandwidth, and lower latency, 5G connectivity is certain to become the network of choice for consumers and businesses alike.
As your business transitions from 4G to 5G, you should consider penetration testing to make sure that no new weaknesses have been created in your organisation’s network. Contact OmniCyber Security to find out more about the penetration testing services we offer.