With 5G Power Comes Heightened Threat Risk
The middle of the new 5G infographic released by the U.S. Cybersecurity & Infrastructure Security Agency (CISA) illustrates the vast potential of 5G:
Of course in the immortal words of Voltaire, and Peter Parker’s Uncle Ben: "With great power comes great responsibility." Or put a slightly different way, great power carries with it the potential for great abuse.
Along with the 5G: The Basics infographic, CISA released the much anticipated CISA 5G Strategy: Ensuring the Security and Resilience of 5G Infrastructure in Our Nation, which addresses the “significant risks that threaten national security, economic security, and… other national and global interests” brought on by 5G and outlined in the administration’s National Strategy to Secure 5G of the United States of America, released in March 2020.
“The deployment of 5G technologies will enable new innovation, new markets, and economic growth around the world," writes CISA Director Christopher Krebs in an opening letter to the report. "Tens of billions of new devices will be connected to the Internet in the next few years. Given 5G’s scope, the stakes for safeguarding our networks could not be higher. The vulnerabilities that will come with 5G deployment are broad and range from insider threats to cyber espionage and attacks from sophisticated nation-states.”
The report provides an overview of five strategic initiatives:
- Support 5G policy and standards development by emphasizing security and resilience.
- Expand situational awareness of 5G supply chain risks and promote security measures.
- Partner with stakeholders to strengthen and secure existing infrastructure to support future 5G deployments.
- Encourage innovation in the 5G marketplace to foster trusted 5G vendors.
- Analyze potential 5G use cases and share information on risk management strategies.
The December 2019 edition of Security Management’s Security Technology supplement jumps into 5G potential and potential risks, including an article from Megan Gates on a European Commission risk assessment focused on the anticipated future of a world reliant on 5G connectivity. The EU report highlights the great power-great risk threat, noting that software will play a larger role in 5G than previous wireless networks, increasing the vulnerability.
Alex Schlager, chief product officer, cybersecurity, at Verizon, put it this way in Security Technology: “But this transformation will also lead to an expansion of the attack surface, which will be more vulnerable because these assets will be globally accessible and digital—not analog. Hackers will have the opportunity to gain access or simply disrupt more critical infrastructure and services that society depends on. This means security must be a core component of 5G.”
With the high threat risk associated with the expected ubiquity of 5G use in connecting devices and systems, and with the software-centric reliance of the technology, there is another reason security is a primary topic associated with 5G. Usually, mainstream coverage of new technology focuses almost exclusively on features and benefits. The main reason 5G security is mainstreamed, is tucked away there in strategic initiative number 4: “trusted 5G vendors.”
Chinese telecommunications company Huawei was building a huge lead in production of 5G infrastructure around the world, capturing the attention of the United States, which coupled questions about the company’s ties to the Chinese government with the security of its 5G products. The United Kingdom recently joined the United States in banning Huawei technology, citing similar security concerns. However, some doubt that security is the main concern of U.S. and U.K. regulators.
“As 5G is deployed, there is an emphasis on ensuring that state-influenced entities do not dominate the 5G marketplace," according to the CISA report. "To address this concern, CISA will work with its partners to support R&D initiatives and prize programs that result in secure and resilient 5G technologies and capabilities. By supporting these types of efforts, CISA will help drive innovation and establish a trusted vendor community for the future of 5G.”
Listed as the three objectives of the security initiative are:
- Collaborate with federal interagency partners to establish R&D projects focused on emerging 5G technologies and capabilities.
- Analyze and report the long-term risks of untrusted 5G component vendors.
- Partner with U.S. government prize competition programs to influence and establish 5G innovation challenges.
Still in its early infancy, the march to 5G continues apace. The question of whether the needed security can keep pace is still to be determined.