Security is the green field in 5G device-to-device communications, says Karen Worstell, pictured, Senior Cybersecurity Strategist at the cloud computing company, VMware.
High-speed and high-capacity internet has broadened the role that mobile technology plays in our daily lives – both in professional and personal spheres. The past two years of the pandemic have underlined the importance of delivering the benefits of 5G infrastructure to expand the parameters of connected places. We are witnessing a hastening roll-out of connected vehicles, virtual spaces, and tele-health devices creating a newfound dependence on 5G to improve the quality and efficiency of urban living. The UK government now hopes a 5G pilot scheme to simplify the process for mobile operators to host networking equipment using street assets, such as street signs and lampposts, will enhance the country’s 5G infrastructure further. This pilot is a positive step for the UK in the right direction to realising the benefits of 5G and potential of a truly connected ecosystem. Despite this positive momentum and attitude towards 5G, with an increasing number of connected devices comes a seemingly unmanageable web of entry points into this new digital ecosystem. This means the opportunities for threat actors wanting to destabilise cities and disrupt the lives of humans are high.
Each revolution has its risks
For each 5G device to connect to sensors faster and more consistently, they must be powered by the Internet of Things (IoT) in real-time. Parking sensors and surrounding traffic lights, for example, communicate with other connected devices to offer instant information on space availability to help cut congestion and emissions on our roads. The reliance that an increasing number of connected objects has on the IoT increases the chance of potential vulnerabilities. To help paint the picture, imagine that automated malware, or ‘worms’, compromise a single traffic light to hijack a 5G network in a matter of minutes. In the context of day-to-day life, this could cause an entire network of traffic lights in a city to be switched off – resulting in complete gridlock.
Data compromise presents another prominent risk – with a growing attack surface comes more opportunity for unauthorised third parties to unlawfully access the data stored on or collected by a 5G device. CCTV is a prime example of this, as they collect and analyse high volumes of personal data, therefore putting people’s privacy rights and organisations’ reputations in jeopardy if these camera systems were targeted by cybercriminals.
Security to the forefront
There is always a technical debt with which we must contend when it comes to deploying new technology and this debt impacts the attack surface. In particular – secure 5G is deployed alongside less secure 3G and 4G infrastructures, and most IoT devices are deployed with security turned off, if it exists at all.
In addition, there are internal challenges with communicating the need to build strong security into emerging technologies when driving business transformation. Despite more than half of enterprises planning to invest in 5G within the next three years, recent research from EY has found that businesses have a poor understanding of how 5G works with other emerging technologies. The use cases and cybersecurity of smart devices are often misunderstood and therefore an afterthought, putting not only data, but critical industries and the safety of the public at risk.
As connectivity increases, operators must focus on securing the far edge of these networks, much like we handle today’s data centre edge. IoT devices are not built upon traditional IT frameworks, meaning a different end-to-end security model. Instead, they require a model that recognises the unique configurations of IoT, and one that can uphold emerging cybersecurity standards. This will inevitably place new demands on Endpoint Detection and Response solutions, which will need to evolve if they are to account for an expanding service level and keep a constituency safe.
Awareness amongst the telecommunications industry and local authorities about what could happen if we don’t think about a robust threat framework for smart cities – even in these early stages of 5G – is equally crucial. Cybersecurity must remain front of mind as we develop and deploy 5G infrastructures. Small steps now will allow us to harness the benefits of 5G safely, and with confidence, down the road.
