The good, the bad and the 5G – an unprecedented level of threat (and opportunity)

Terence Broderick

The good the bad and the 5 G an unprecedented level of threat and opportunity

The development of 5G technology is gathering pace. More organisations are realising the applications made possible by the next generation in telecommunications — faster data rates, increased immersion and new applications previously thought unfeasible are set to dramatically transform the way we each interact with the world.

All of this means that we’ll be more reliant on secure data communications than ever before. That’s why there has been so much talk of the security threat posed by the 5G network. Multiple vulnerabilities have already been identified and it’s highly likely that more will appear as 5G infrastructure is developed and implemented.

Currently, the security threats associated with 5G are linked to five key developments, which could each make the network vulnerable in one way or another.

1. Increased use of software and virtualisation

Network function virtualisation (NFV) is likely to play a key role in the management, regulation and upgrade of 5G networks. This technique utilises information technology to virtualise network node functions, which are then connected to create telecommunication systems. Part of this is likely to involve the use of early generation artificial intelligence, which will manage specific aspects of network functionality.

Giving NFV a bigger role in the management, regulation and upgrade of 5G networks can provide substantially more scalability to network functions, meaning that the infrastructure will last longer. Additionally, reducing the significance associated with an attack on a hard target means that it will be more difficult for attacks on physical infrastructure to have any meaningful long-term impact.

However, NFV functionality is often built on the use of well-known internet-protocol and the commands of well-known operating systems, with which cyber criminals will be very familiar. Gaining control of the underlying software would provide a relatively simple route to attack and enable criminals to infiltrate the 5G network by controlling the servers and other components which are being used to virtualise network node functions.

2. Interoperability between components

The commercial interests in 5G extend way beyond traditional telecommunications providers. This means that the level of interaction between network components is of huge importance. This, of course, comes with its own risk — more organisations with interests in the network means more individuals with the ability to access key parts of the infrastructure.

Anything that can transmit data into the network is a potential attack portal — whether that be to access and control a system through a distributed denial-of-service (DDOS) attack or to break the password needed to access the network by implementing a brute force attack. It’s therefore vital that every component can determine, report and defend against the presence of an attack before it proceeds to the next part of the network. This presents an opportunity for innovators to come up with solutions that enable components to determine a security threat, whether it be from cyber-criminals or otherwise.

3. Changes in network topology

Legacy networks have tended to form centralised ‘hub and spoke’ topologies — a trait which has formed the basis of current approaches to chokepoint inspection and control. 5G networks are expected to be less centralised and highly distributed, reducing the efficacy of such approaches. For example, a broad geographical spread of digital routers inside a 5G network gives a wide range of potential attack points, whether they be physical attacks to cause material damage to components or cyber-attacks to interfere with the functionality of those components.

4. Increased density of small cell antennas

Small cells — low-cost, short-range antennas — are frequently highlighted as one of the primary enabling technologies of the 5G network. As these will be densely distributed around urban environments, they’re likely to use dynamic spectrum sharing to slice-up the bandwidth, thereby ensuring that information is transmitted appropriately. In practical terms, this will mean that low-latency parts of the spectrum could be allocated to applications that require very low latency, such as positioning systems for autonomous vehicles or, in disaster or emergency situations, the emergency services could be granted access to the faster parts of the network to enable them to communicate with each other more quickly.

However, each ‘slice’ has its own associated degree of risk and it’s almost without question that the most in-demand parts of the spectrum will carry the highest risk and be capable of causing the most impact if they’re attacked by a criminal.

This means that the accompanying approach to both network and cybersecurity must also be dynamic, otherwise anybody with knowledge of how the slicing will be allocated could use the available spectrum — or indeed the dynamic spectrum sharing technique — to launch an attack on the network. This can impart potentially catastrophic damage if the part of the spectrum they attack is being used for an application of high social importance.

5. Internet-of-things

The proliferation of the internet-of-things (IoT) will be increased with the development of the 5G network, as its bandwidth and low-latency unlocks capabilities previously thought unfeasible. This will increase our use of devices with the capability to send and receive data using the 5G network, turning devices that we like to think of as perfectly benign (such as doorbells, garage doors, kettles and fridges) into potential attack points.

It’s therefore important for cybersecurity solutions to be developed to prevent our devices from being used to cause damage which extends way beyond their specific functionality — and for their network security to be fully considered as they become an active part of the wider telecommunications infrastructure. It’s highly important that the previously benign nature of our devices previously isn’t used to cloud over the need for effective security in the modern day.

Responding to the threat

Obviously, such variety of threats requires a variety of solutions.

The potential threads for technological development in this area include:

  • protecting the software used to implement NFV
  • developing components that can determine the presence of security threats from other components, both in the form of cybersecurity and network security solutions
  • the development of technology which will detect security threats of all kinds in distributed networks
  • techniques for enabling dynamic spectrum sharing to respond to security threats
  • cybersecurity and network security solutions for IoT devices

An unprecedented level of threat (and opportunity)

The breadth of the opportunity to develop technology for the 5G network, which extends far beyond traditional providers, is evident. In addition, the breadth of technological development is introducing an unprecedented level of threat, which must be mitigated. Once 5G technology becomes ingrained in our lives, the impact of an attack on the 5G network could be incredibly serious, and it should be remembered that attacks can come from either cyber criminals with detailed knowledge of how the components work or other nefarious individuals who want to use more prosaic means of attacking the network.

Any organisation developing solutions to address security threats to the 5G network should be seeking to protect its innovations using patent applications.

Get in touch with us to discuss protecting innovations relating to 5G and security.

Terence will be attending the IPlytics 5G Patent Study Presentation in Berlin on 24 January 2020.

FT LOGO RGB COL WEB
IP STARS LOGO RGB COL WEB
THE LEGAL 500 LOGOTYPE RGB
IAM300 LOGO RGB COL WEB
IAM1000 LOGO RGB COL WEB
WTR LOGO RGB COL
WWL LOGO RGB COL WEB
Logo 2024 Most Recommended Intl IP Agencies Service 1
Decideurs Magazine Full RGB
WIPR 2024 Diversity Woman Logo Colour RGB
Social Impact Awards 2024 final
IP INCLUSIVE WEB
Adapt Legal Logo RGB
EPPP Logo web size
Lsa logo 2024 CMYK
Cyber Essentials certified final
Cyber Essentials PLUS final