Every advancement in communications technology creates new vulnerabilities that expose users to cyber attacks.
The same goes for 5G, the so-called fifth generation of cellular connectivity, which is touted as the new gold standard in network speed, bandwidth, availability and reliability.
5G has actually been around in early stages since 2018, but it only began to be widely deployed in commercial and consumer mobile networks in 2020, and has only become widespread even more recently than that.
The benefits of 5G are compelling, combining mobile communications with a range of innovations including the cloud, the Internet of Things and artificial intelligence. But its increased bandwidth and menu of additional features also make it a tempting new target for cybercriminals.
Aspects of 5G technology “open up more potential attacks,” said Chris Galen, CEO of Neutroon, a private 5G connectivity and edge computing platform. 5G will increase the number of devices that can be connected, but the presence of multiple stakeholders in the tech stack “could open up more potential attacks,” Galen said. [illegal] “Higher data speeds also enable more sophisticated attacks to be launched, such as distributed denial of service (DDoS) attacks, which increased in 2022 and 2023.”
Galen acknowledged that the concern remains theoretical, since no large-scale, network-wide 5G-based attack has happened so far. But it’s likely, especially since companies don’t seem to be doing enough to prepare for a serious one. A 2023 report from the Department of Homeland Security found that many companies are “improvising” their approach to mobile network security in the 5G era. “A lack of investment in 5G readiness has led to inadequate security measures to support it and few rules for companies to follow as they begin the investment process,” the Department of Homeland Security said.
5G will, for the first time, allow users to mix and match multiple vendors of communications infrastructure, such as radios and base stations, further increasing the number of potential “threat vectors,” DHS said.
Citing a Cybersecurity and Infrastructure Security Agency (CISA) report, DHS noted the complexity of 5G networks — expected significant increases in the number and variety of new features, services, and devices served, as well as the use of virtualization and decentralization of the radio access network (RAN) and 5G core — could expand the threat surface and make it difficult to define the system boundary.
On the commercial side, Gehlen says 5G will be a huge boon for companies looking to build private mobile networks that can work with cutting-edge applications like robotics. This is especially important now as companies look to automate processes across their supply chains. “In the enterprise world, 5G has the potential to enable advanced digitalization use cases,” Gehlen adds.
One way 5G differs from previous generation systems is that it is more software-based in design and execution, providing network users with more flexibility, scalability and customization options. “Instead of installing physical cabinets with proprietary hardware at the base of each cell tower, carriers can virtualize many network functions in software across their networks,” CISA said.
This “virtualization” has many benefits, but the existence of multiple open application programming interfaces (APIs) “also brings with it potential risks,” Gehlen said. “What was once a single solution is now made up of many different microservices, each of which is a potential source of attack.”
Ultimately, Gehlen believes 5G’s benefits outweigh its security drawbacks. But users will need to be more careful about how they operate the new, faster networks. The first step, he says, is to find a consultant or specialized vendor to guide you through the process.
Step two is avoiding the organizational silos that plague many large supply chains. Centralizing management of the infrastructure and the devices that make it up is crucial, says Geren. Multinational companies “need to find a way to bring everything into one place and assign the right workflows and cybersecurity.”
At the same time, all employees in your network should be educated on basic security measures. Thieves can use SIM cards from stolen smartphones to infiltrate your entire network. A similar breach can also occur if employees fall prey to phishing scams via their personal phones that have network access.
Achieving a truly secure 5G network will require a collaborative effort that goes far beyond the efforts of any individual company, and DHS is calling for coordination between the commercial market, the Department of Defense and other government agencies, including the Department of State and the U.S. Agency for International Development.
“Concerted efforts to integrate these three streams more coherently are essential to achieving long-term global market resilience,” the Department of Homeland Security said.