The security risks of rushed 5G implementation can potentially overshadow the technology’s promises: we all need a 5G sanity check.
Current studies have shown that telcos have consistently topped the list for cyberattacks. Recent trends indicate that attacks have increased in intensity and frequency on domain name systems (DNS) infrastructures, which route internet user traffic to intended online destinations.
With governments racing against one another to roll out 5G the fastest, it is in everybody’s best interests that 5G infrastructure is rolled out only when it has been properly secured.
However promising 5G may be, the vulnerabilities associated with the technology are just as dangerous as the promises, if cybersecurity is not thoroughly examined.
According to Ghian Oberholzer, Regional Vice President, Technical Operations, Claroty, these increased cyberattacks could disrupt other countries’ manufacturing operations and can potentially raise competition.
In the event of a global conflict, targeted attacks can disrupt factory floors and impact companies and industries alike.
How do we respond to this risk?
From a geopolitical perspective, the greatest risk arising from 5G networks is the possibility that any one nation state could have a monopoly over this critical technology. According to Oberholzer, in Singapore, major telecom players have accepted the call for proposal over auctioning for airwaves. Similarly, other countries have proposed having multiple 5G networks over one. This itself reduces the monopoly of one network across the nation.
Further macro-technological insights about hasty implementations of 5G need to be reviewed:
- Manufacturers are rapidly implementing 5G to increase profits at a rapid pace, without having necessarily assessed all of the security risks. There is already a heavy risk of cyberattacks on factories, manufacturing plants and operational technologies. Due to this increased connectivity to the internet, hackers will now have new pathways to reach control systems that were previously digitally isolated.
- Telcos must be prepared to increase their security measurements by proactively securing, controlling and monitoring the use of privileged accounts. There is already considerable momentum in this direction with Open Radio Access Networks (OpenRAN). The initiative aims to reduce the reliance on a small number of vendors of 5G network equipment by decoupling the hardware and software components of the network.
Leading the move to OpenRAN is the O-Ran Alliance, which was founded by mobile network operators to clearly define requirements for open radio networks and help build a supply chain ecosystem.
The alliance argues that traditional network equipment supply chain and procurement models must change: “Status quo, proprietary product architectures and complicated, vendor specific operations and management (O&M) systems will not serve … operator’s collective goals and must evolve to overcome the real capital, operational and technical challenges the industry is facing today.”
- Ideally, the race to rollout 5G should not be the main factor to enabling the technology. By developing a set of common standards and banding together and using hardware from multiple 5G, vendors can reduce the risk of cyberattacks.
Some may say this approach is optimistic, but it is good for business on a number of levels. Opening the code up to the research community would not only bring down the cost of 5G, it would also improve security by enabling researchers to find bugs and work with vendors in a responsible manner to patch and disclose those bugs.
At macro-economic and governance levels, only a concerted vision by governments worldwide can put a sanity check on the rush to implement 5G. In this case, Oberholzer believes, “open coding standards are good for security, good for competition and good for geopolitical stability.”