Set to begin rolling out at some point during 2019 – depending on device and provider – 5G technology is promising much better connectivity, flexibility, and speed for the user – able to support significantly faster mobile broadband speeds and an increasingly heavier data usage.
And it’s a good thing too, as a study from Gartner indicates two-thirds of global firms plan to implement 5G technology by 2020, primarily for increased speed and efficiency for the growing demand of data-intensive IoT device communication.
While each generation of mobile internet has brought its own speed and performance boosts, 5G is expected to be the boon needed to enable emerging technologies such as smart cities, autonomous vehicles and other IoT devices to become a reality.
And, even though the blistering speed and efficiency of 5G could mean a greater ability to support potential new business models, drive innovation for newer technologies and increase revenue for organisations, it won’t come without its risks, just like its predecessors.
If not properly deployed, these same benefits could also be security risks, as new technologies almost always mean new vulnerabilities and new targets for cybercriminals and threat actors. History, after all, has shown that increasing computing power and connectivity typically opens up a new landscape for attackers to leverage – connected and improperly secured IoT devices are perfect examples. These new technologies not only provide new attack vectors, but exponentially increase the attack surface.
So, is 5G a blessing or a curse for the IoT?
The most obvious answer is “yes” to both; though it’s not necessarily an easy answer. A better answer is “it depends” – and it depends on who you ask and what the application will be.
Sure, 5G promises incredibly low latency, blazingly fast download speeds, and an increase in signal reliability, but many organisations haven’t yet secured their 4G and older smart devices. So, the question remains, will the 5G roll-out, and supporting security implementations of the technology, be any different?
Ironically, the perks associated with 5G technology could also be considered security risks. New technologies typically mean new vulnerabilities – these will almost always be targeted by attackers – some just to “see if they can crack it” while others see a potential gain in line with their goals.
Frighteningly, security is too often an after-thought with the latest and greatest technologies – vendors sometimes sacrifice security in their rush for efficiency or to be first to market with a new product, and users don’t always understand and/or implement secure features that are in place.
Not only will an overwhelming number of potentially unsecured IoT devices converge on networks across the globe, but 5G will also see an increase in the use of cloud and virtualisation technologies, further increasing connectivity, capacity, and cost-effectiveness.
And, with increasingly more data stored in the cloud, along with an overwhelming increase in the number of connected IoT devices, 5G technology on these devices will offer up a wealth of potential entry points, expanding attackable footprints and becoming more enticing for cyber criminals. In addition, there is also the very real state-sponsored threat, with popular smartphone manufacturers currently in the spotlight with regard to exploiting 5G technology.
Privacy will also continue to be a key concern, particularly with regard to the IoT. This has been highlighted recently by a combination of what seems to be an endless series of high-profile data breaches, as well as the introduction of new regulations such as the General Data Protection Regulation (GDPR). The implementation of 5G technology could enable a higher volume of sensitive data to cross networks at greater speed than ever before, and as with any technology which does not have security details firmly in place, a breach could be potentially devastating to an organisation.
Long story, short: those devices and technologies not currently secured will not be magically fixed by 5G technology.
In fact, the additional speed and flexibility may simply open up more attack avenues – or increase the speed with which these attacks can take place.
So, with the enormous undertaking of securing IoT and BYOD policies, what can your organization do to prepare the network environment for 5G technology?
As with any new technology, approach it with caution, ensuring that potential security risks are considered and mitigated from the start of the transition. Secure deployment may not be achievable immediately on your network environment, despite its convenience or appeal. Plan any implementations strategically, considering security impacts, controls and configurations to help minimise negative outcomes. In addition, ensure users and your organisation purchase and use equipment only from vetted vendors which employ strict supply chain security, and enforce your organisations’ security policies across the incoming 5G supply chain.
By Danika Blessman, Senior Threat Intelligence Analyst at NTT Security
References:
5G Is Coming This Year. Here’s What You Need to Know
CSIS director warns of state-sponsored espionage threat to 5G networks
