Does 5G’s expanded network capacity create a new set of security concerns?
More spectrum means an increase of devices and end-user units, which expands the threat landscape. For example, 5G should eventually support 1 million Internet of Things (IoT) devices per square kilometer, an order of magnitude more than what’s possible today. Networks are also becoming more important and more integrated into organizations’ operations, so any network disruption can have profound effects.
Is 5G more secure than previous generations of wireless technology?
5G is like a zero-trust architecture in that the network is presumed to be open with no security from overlaid products and processes. All links are assumed to be exposed. To control for that openness, 5G mandates encryption of all inter- and intra-network traffic and provides for enhanced device and network authentication. There’s a great focus on roaming, which has been a security gap in the 4G LTE environment. For example, final device authentication in 5G is always by the home network, not by the visited network, and 5G uses public/private key pairs for authentication. 5G has greatly enhanced roaming protection and security compared with previous generations.
Where should agencies focus their attention on addressing cyber risks in the shift to 5G?
The first step is the move toward zero trust, assuming no inherited authentications and challenging all transactions. Remember, you’re securing everything: the network as well as, for example, storage and technologies like containerization. Next, adopt an attitude of continuous vigilance, including self-scouting and self-hacking. Engage with security expertise across the ecosystem. But understand that you’re never going to arrive at total security. Something new will come up every day.
Mainstream 5G adoption is still down the road. How long do agencies have before they need to seriously address 5G security?
As a security professional, I advise addressing cybersecurity needs today, regardless of where you are with 5G adoption. Adoption will be a moving target. It’s unlikely we will ever have total 5G. While 4G was designed to replace 3G, 5G is not designed to replace 4G. That’s because 4G LTE is totally appropriate for many applications. Most communications service providers are moving to a standalone network, which is necessary to enable all the features of 5G, including several of the security features discussed here, in 2023. Full adoption, I would say, is no later than 2024. But there will be early adopters, while some applications, agencies and enterprises will run behind that date. It’s better to look at it as a process and make sure you’re addressing cybersecurity today in a 4G environment so you won’t be unnecessarily exposed when you move to 5G.
Sponsor Content