If you think things are weird now, wait until we do the amazing, unbelievable, and incredible global rollout of 5G!
While some folks imagine innumerable benefits for the enterprise business community and the U.S. economy, advanced 5G and wireless networks will also bring with them their supply chain roots and controls that emanate from China.
Yes, but it gets even worse if you can imagine that.
From Hardware to Software-Defined Routing
Today’s networks have moved away from centralized, hardware-based switching to distributed, software-defined digital routing. Previous networks were hub-and-spoke designs in which everything came to hardware choke points where cyber hygiene could be practiced. In the 5G software-defined network, however, that activity is pushed outward to a web of digital routers throughout the network, thus denying the potential for chokepoint inspection and control.
5G further complicates this cyber vulnerability by virtualizing in software higher-level network functions formerly performed by physical appliances. These activities are based on the common language of Internet Protocol and well-known operating systems. Whether used by nation-states or criminal actors, these standardized building block protocols and systems have proven to be valuable tools for those seeking to do ill.
Enumerating the Countless Vulnerabilities
Even if it were possible to lock down the software vulnerabilities within the network, the network is also being managed by software—often early-generation artificial intelligence—that itself can be vulnerable. An attacker who gains control of the software managing the networks will also control the network.
In addition, the dramatic expansion of bandwidth that makes 5G viable creates additional avenues of attack.
Physically, low-cost, short-range, small-cell antennas deployed throughout urban areas become new hard targets. Functionally, these cell sites will use 5G’s Dynamic Spectrum Sharing capability in which multiple streams of information share the bandwidth in so-called “slices”— each slice with its own varying degree of cyber risk. When software allows the functions of the network to shift dynamically, cyber protection must also be dynamic rather than relying on a uniform, lowest common denominator solution.
Finally, there is a major vulnerability created by attaching tens of billions of hackable smart devices (actually, little computers) to the network colloquially referred to as IoT. This yields a plan for a diverse and seemingly inexhaustible list of IoT-enabled activities, ranging from public safety devices to battlefield equipment, to medical devices like CT scanners, pacemakers, and insulin pumps, to transportation robotics, all of which come with a set of uniquely vulnerable exposures.
None of which are hard to penetrate either.
In addition, there are also significant risks from the increased attack surface that 5G will foster.
An Avalanche of Connectivity
Although 5G is in the initial stages of deployment, connectivity is already exponentially expanding. A recent Omdia report counted more than 17.7 million 5G connections at the end of last year, including a 329 percent surge during the final three months of 2019. Omdia is also predicting 91 million 5G connections by the end of 2020. Aka, next month.
In government, 5G communications technology has been recognized as a foundational enabler for all U.S. defense modernization programs. The Department of Defense (DOD) is at the forefront of cutting-edge 5G testing and experimentation. DOD is committed via new research and development budgets and programs to exploring a wide range of potential applications and dual-use opportunities that can be built upon 5G next-gen networks. Recently DOD selected five locations and $600 million in awards for 5G testing that represents the largest global full-scale 5G test for dual-use applications.
On the civilian side of the federal government, the Department of Homeland Security (DHS) and the nation’s risk advisor, CISA, have determined that 5G implementation will introduce vulnerabilities. A summary of their findings in critical areas includes:
Supply Chain: Risks of malicious software and hardware, counterfeit components, and poor designs, manufacturing processes, and maintenance procedures.
Deployment: Improperly deployed, configured, or managed 5G equipment and networks may be vulnerable to disruption and manipulation.
Network Security: Legacy vulnerabilities, such as Distributed Denial of Service attacks and SS7/Diameter challenges.
Competition and Choice: Lack of interoperability with other technologies and services limits the ability of trusted ICT companies to compete in the 5G market.
Steps to Instill a Sense of Urgency, Now
Because of myriad technological and policy challenges, it is critical that enterprises create a sense of urgency to prepare for the implementation and assimilation of 5G technologies. There are some things that enterprises should concentrate on to help deal with these security concerns. Yes, many of the below are “old friends” but they are still needed in light of the security challenges that 5G potentially creates:
1) Monitor your external supply chain to check what your providers are doing to keep secure – supply chain risk management was the focus of NIST cybersecurity framework 1.1. It should still be a concern today given 5G, as many businesses are going to be sending huge amounts of data to cloud service providers, co-location centers, and other third parties via wireless transmissions. What are these providers doing as far as data security? What standards do they adhere to? What standards should they be adhering to given business needs (like HIPAA or SEC OCIE standards)? Companies should demand SOC 2 Type 2 reports that “define criteria for managing customer data based on five ‘trust service principles’ – security, availability, processing integrity, confidentiality, and privacy.”
2) Know what is on your network. Given that 5G does not erase traditional security concerns, it is time to make sure all OS and other cybersecurity solutions are updated and patched regularly to make sure as many security holes as possible get closed. This includes not only network devices, but laptops and other personal, smart devices like iPads and iPhones. Know where on your network your most critical data is.
3) 5g will move a lot of data. Faster than ever before. An attacker could do that just as easily as your company. Figure out first: (a) where your data is going on a regular basis (i.e. the cloud) so that when you are reviewing your logs you understand “normal activity,” in terms of location but terms of amounts as well, so that you can then, (b) figure out where your data should NOT be going (i.e. China or Russia), and what amounts of data in transit are usual or not usual to better understand potential data exfiltration issues.
4) Ensure your endpoints are updated, patched, and monitored. In today’s pandemic/COVID-19-filled world, the endpoint has taken on an increased focus as more and more people continue to work from home. People are using all sorts of devices to connect, and more and more are coming to the market each week. Obviously, this creates millions more endpoints than we ever had before. What is your company doing to monitor your employee when s/he logs in from home? Is that employee using his home internet, a VPN, or wireless services? There are lots of questions here that need to be answered. By you.
5) Encrypt or tokenize all data transmitted wirelessly. There are many telecoms that will be pursuing encryption of data that you push to them/through them. There will be anti-tracking and spoofing features that make it harder for bad actors on a network to track and manipulate individual device connections. To do this, 5G encrypts more data, so less is flying around in the clear for anyone to intercept. 5G is also a much more software- and cloud-based system than previous wireless networks, which will allow for better monitoring to spot potential threats.
Why not encrypt or tokenize all data in transit before it hits the wireless tower? Yes, indeed, but the encryption discussion in the U.S. has taken several turns even though more and more individuals and businesses are using encryption to secure their data.
With an increased amount of internet traffic, and now with the increased speed of 5G, it is important to consider whether you have sufficient personnel or bandwidth to detect anomalous behavior on your network. It might be time to consider a machine learning solution to both check and affirm an employee’s access to the network (e.g. identity and access management), and to automatically monitor anomalous network behavior.
Preparing for the 3 Known Unknowns
As with any new technology, there will be new behaviors and new patterns of activity. Things will change. Things do change. But we know three things: there will be more network traffic, there will be more and faster network wireless traffic (as in like 100x faster), and there will be many more IoT devices.
This creates either a critical opportunity to review your network security, devices, and solutions to make sure they can keep up with the new “pace” of 5G and the cybersecurity battles of tomorrow or a decision to outsource the entire thing to a strong MSSP, MDR and/or MCCP who is prepared to defend and protect in this new, high-speed world of cyber threat and collateral cyber risk.