As 5G’s adoption becomes more widespread, concerns about its cybersecurity continually grow. 5G’s benefits are promising, such as software-based networking and acceleration of internet of things devices. However, these benefits conversely open up vulnerabilities for cyberattacks. If these vulnerabilities are tapped into, enterprises face risk to their internal operations, as well as their consumer data.
What are 5G-Powered Businesses?
To understand how 5G will shape enterprise operations, it is important to understand what shapes 5G-powered businesses.
“The 5G-powered business is a business that leverages 5G to transcend the possibilities of today, that uses 5G as a toolbox to solve business problems in new ways, and represent a new way of working and thinking,” says Dr. Brenda Connor, Director of Security Portfolio Application, Ericsson.
There are a number of key differences between last-generation 4G and 5G, including:
- Faster data transfer rates
- Global internet coverage
- Up to 90% more energy efficiency per traffic unit
Perhaps the most actionable benefit 5G can provide for businesses moving forward is its advancement of IoT devices. Businesses can gain the power to offer services that would’ve previously been too expensive to operate. Although this is exciting, 5G’s benefits conversely pose some cybersecurity risks that must be addressed.
5G Cybersecurity Risks
There are four main risks enterprises face when adopting 5G technology. These include the transition from hardware to software-based networks, the rise of IoT devices, the risk of availability compromise, and the lack of end-to-end encryption early in the connection process.
From hardware to software
The primary security risk 5G holds is in its transition from centralized, hardware-based switch to its more distributed, software-based digital routing. According to a 2019 Brookings report, the opportunity for choke point inspection and control is far more limited in a 5G-defined network.
Because 5G will be mostly an all-software network, updates will also be carried out through software— similar to how operating systems on tablets, phones, and computers are updated—an additional point of vulnerability.
Internet of Things
The lack of security in many IoT devices is an ongoing concern. 5G accelerating the world of IoT can only further this risk. Acts have been made to prevent this in government agencies, but enterprises and the private sector still lack these measures.
A Trend Micro and GSMA Intelligence report showed that out of 63% of enterprises that have deployed IoT, 15% have not updated their policies to establish a “security first” strategy. This could be a consequence of the rapid growth of these technologies, but many enterprises and users are seemingly expecting IoT and 5G solutions to be secure-by-design.
Availability compromise refers to the notion that total network access can be completely cut off through a cyberattack. If enterprise infrastructures are all on a single 5G network, any attack to that network could compromise all facets of the enterprise.
For additional context, this could prove detrimental for national security. If governments do not diversify their 5G networks or use non-overlapping technologies, any attack to the defense infrastructure could prove devastating.
Lack of encryption
Although end-to-end encryption has potential in a 5G-driven network, malicious players can still gain access to devices early in the connection process. Attackers can move laterally and cause more damage from compromising just one 5G device.
Ultimately, increasing the number of objects that are not only online but also integrated with one another on a single network will invariably increase vulnerabilities.
Mitigating 5G Cybersecurity Risks
The risks of adopting 5G seem too large to manage at times. Although governments are trying to prepare for the future of a 5G-driven world, enterprises must look for actionable ways to mitigate risks.
Looking forward, enterprises need to prepare a robust 5G security plan. Plans will look different for many businesses, but being proactive about your plan and adopting new enterprise cybersecurity solutions can be a good starting point.
In their Brookings report on new approaches to 5G cybersecurity, former FCC chairman Tom Wheeler and Pamplin College of Business professor David Simpson map out two distinct recommendations for enterprises, governments, and general users to follow as 5G technology continues to advance.
Cyber Duty of Care
The first point both writers make is for companies to recognize and be held responsible for a “new cyber duty of care.” They pull from the traditional idea that common law advocates for: Those who provide products and services have a duty of care to identify and mitigate potential harms that could result.
In a sense, this recommendation goes beyond prioritizing cybersecurity in your company culture. It advocates for inserting security in the DevOps cycle, adopting AI-driven technologies to handle more complex attacks, and generally investing resources into cybersecurity for businesses of all sizes.
Furthermore, the cyber duty of care calls for reversing the historic underinvestment cybersecurity has so far faced. This is especially critical for enterprises that could put public safety at risk if an attack ever was to occur.
Another poignant example of the cyber duty of care is their urge to implement machine learning and artificial intelligence at the core of cybersecurity moving forward. There are a number of AI cybersecurity software solutions already in place that enterprises are taking advantage of. It’s critical to use these tools that can learn from and analyze mass quantities of data that traditional methods can’t keep up with.
The New Cyber Paradigm
Wheeler and Simpson also make the case for a new approach to the relationship between businesses and government. Innovation simply needs a faster approach as the new age of 5G is ushered in. The writers propose a few considerations, including:
- Inspection. Wheeler and Simpson advocate for increasing certification of important network and infrastructure devices. The FCC has historically certified that cellphones, baby monitors, and any other radio-signal-emitting device does not interfere with the nation’s airwaves. This approach should be taken with 5G networks and cyber-vulnerable equipment.
- Consumer transparency. Consumers have little to no insight in making an informed market decision when it comes to 5G devices. It’s important for all parties to be aware of the threats behind 5G cybersecurity, and consumers being given the tools to make informed decisions could help with that.
- Marketplace shortcomings. In what could be the most actionable consideration for enterprises, Wheeler and Simpson note that businesses that take monetary action associated with cybersecurity should in no-way be penalized by those who don’t. To make sure everyone is on the same page, a rewards-based system could help push non-convinced enterprises to take cybersecurity far more seriously than they would otherwise.
The Future of 5G Cybersecurity
Ultimately, the widespread adoption of 5G will most likely see enterprises iterating on how they go about their cybersecurity mitigation efforts. IT teams will have to prepare for identifying and mitigating threats while keeping the user experience and network latency intact.
Generally speaking, enterprises should be prepared to adopt a hybrid approach to their cybersecurity. Enterprises should uphold cybersecurity in all facets of its operations and company culture. In parallel, they should be prepared to work with advanced cybersecurity solutions as their network of IoT devices expands.