It sounds strange, but the telecommunications industry is finally connecting to the internet. 5G isn’t just about better performance or faster connectivity – it signals a huge change in the way we manage connected infrastructure.
Traditionally, telecommunications hardware could not be accessed from the outside, and there was an “air-gap” between their infrastructure and the open internet.
That’s all about to change with 5G. The meeting of Telecoms infrastructure and the open internet will mean a fundamental change for network operators. One of the foundational qualities of 5G is that it can be hosted on software-only platforms. However, it also drags telecommunications into an environment that it might not be ready for – the cyber space. As network operators move from hardware-based infrastructures to software-based mobile networks, they open up new attack vectors for cyber-criminals and new risks for everyone else.
Service providers are used to planning for connection reliability and service outages, but they’ve not had to think about cyber-attacks in this way before.
The Security Risks in 5G Networks
One of the key pillars of 5G is virtualization – that it can take bricks-and-mortar telecoms infrastructure and operate it like a computer program. This is a significant change from the hardware-based infrastructures that were largely “air-gapped” from these risks.
5G uses software-defined networks and virtualizes many of its most fundamental parts – including its core networks. This will provide bold new opportunities for innovation but plentiful new attack vectors for hackers to exploit too.
As such, new security concerns arise. Network slicing, for example, will allow multiple specialized software-defined networks to be hosted on the same network infrastructure. However, each slice will require its own specific security controls to be implemented.
Furthermore, 5G will power transformative IoT deployments like automated vehicles and smart cities. Unfortunately, the IoT has been repeatedly shown to have significant security concerns at multiple levels. Devices are often attack targets, leaving legitimate users with service outages, stolen data or an otherwise compromised network. 5G networks might not be directly at threat here, but the key use cases it underpins certainly are.
The global cost of cybercrime is already high. Security company McAfee puts it at over $1 trillion, or 1% of global GDP. Cyber-criminals – particularly ransomware gangs – are seizing upon the vulnerability of industries requiring high availability and reliable connectivity to function. Holding a 5G network to ransom could mean a payday for cyber-criminals and spell disaster for network operators and their customers. Network operators need to realize that if they don’t act, they may soon fall victim to threats they were protected from until now.
Security Testing
New security concerns are increasing, and it is critical that 5G network operators test for security risks. Network operators are used to testing for known quantities – like service outages – but this will require a significant widening of that scope.
5G networks, and the use cases they make possible, are still emerging technologies. Attack vectors and risks may open up throughout a network’s lifecycle. As such, it must be continuously tested across a wide range of scenarios and use cases. They need to be tested in realistic conditions and face simulated situations that they might face when deployed in the real world.
Managed Testing Services may be a good fit here. These can test 5G networks’ complex, virtualized and next-gen environments throughout their development and at every stage of their lifecycle from lab to live. This is a crucial way to assure users and customers that a given 5G network or IoT network has a sufficient level of resilience.
Furthermore, they cover both the end-to-end lifecycle as well as the full architectural stack and can help with complex deployment challenges like Cloud, 5G Core validation and SD-WAN. Managed testing services can support high-frequency release cycles and ensure the quality of all elements in the environment. In turn, that can accelerate time to market, assure the quality of experience, improve network resilience and significantly increase operational efficiency whilst reducing costs.
For all of 5G’s transformative potential, the risks are high. Hackers will exploit everything, everyone, everywhere they can reach. 5G will be no different.
One report from the Brookings Institution notes that 5G network operators shouldn’t inadvertently adopt the mindset that many other organizations have succumbed to when it comes to security. The report notes that operators work “in environments that pressure against investments that do not contribute to profit. Protective action taken by one ISP (Internet Service Provider) can be undermined by the failure of other ISPs to take similar actions. This weakens the incentive of all ISPs to invest in such protection.” The fundamental interconnection that 5G implies requires an industry-wide focus on security that should not be an afterthought but by design.
Network operators should start thinking about security now. They might not have had to think about it a few years ago, but cyber threats will pose a serious risk to the viability of 5G networks and the myriad of use cases and innovations they make possible.