Udo Schneider, IoT Security Evangelist, Trend Micro, discusses the main cybersecurity challenges associated with 5G technology and examines the role of Edge Computing in 5G networks.
What are the primary cybersecurity challenges associated with the implementation of 5G technology?
The main challenge facing 5G cybersecurity is the perception that 5G is simply a faster radio network. While the message of ‘more bandwidth’ and ‘lower latency’ resonates well with consumers and IoT users, from a security perspective, the radio part of 5G is relatively uninteresting. It is important to understand that a 5G network is a complex system of off-the-shelf components that require deployment, maintenance and operation. Treating it as ‘just the network’ fails to recognise its complexity and leaves it vulnerable to attackers. Therefore, the challenge is more a matter of addressing the wrong perception rather than developing totally new protection technologies.
How does 5G’s architecture inherently affect its security posture, compared to previous generations of mobile networks?
The key difference between 5G and its predecessors is that most 5G Core and Radio Access network components are well-defined software components that communicate through specified APIs. These components are typically implemented as virtual machines or containers, making development, deployment, and operation fast and easy. While this software-driven architecture has advantages, such as flexibility and ease of maintenance, its implementation also poses risks. Due to its use of off-the-shelf technology, a 5G implementation is comparable to a large virtualisation/private cloud implementation, including servers, storage, networking and an overarching management system. As a result, it is a complex system that needs protection. Relying on standard hardware and software components also means that cybercriminals are more familiar with the system than with previous implementations that relied on specialised hardware and software.
What unique risks does 5G pose to IoT devices and how can these risks be mitigated?
Using 5G to connect IoT devices is not riskier than previous generations. In fact, it might enhance IoT device security if they are operated in separate network slices. In pre-5G networks, devices were separated logically, which could be compromised. However, 5G network slices are part of the actual network specification and comparable to physically separated networks.
Higher bandwidth and low latency using 5G TSN (Time-Sensitive Networking) may lead to equipment that has been traditionally hard-wired on site to shift to using 5G. However, many of these devices were not designed to be used in a shared network. Their security design assumes an air-gapped network. Treating 5G as just another network cable may lead to these devices being moved to 5G without being secure enough in a shared environment.
To mitigate these risks, it is essential to understand the security context in which the devices were developed and the security features that 5G might add on top of that. Especially for older equipment, it might make more sense to deploy new versions of the equipment that were developed with self-protection in mind, rather than relying on air-gaps to keep old and unsecure equipment alive. Additionally, understanding the security features of 5G, including network slicing, is essential to ensure their advantages and limitations are well understood.
Could you explain the role of Edge Computing in 5G networks and its implications for cybersecurity?
When discussing Edge Computing in the context of 5G networks, it is important to differentiate between two types: Network Virtual Functions (NVFs) and services that benefit from features such as bandwidth and latency.
NVFs are essential components of 5G networks and are used to implement core services that operate the network. They can also be used to provide additional services such as firewalls and global load balancing. The packaging of these auxiliary services is identical to that of core services, meaning they can be deployed anywhere within the network, including basestations and customer-premises equipment (CPE). Therefore, Edge Computing in a 5G core network context allows for an easy, dynamic, and standardised deployment of security components closer to the Edge.
Outside of the 5G core context, Edge Computing security benefits are not directly related to 5G itself, but are a consequence of the bandwidth and latency benefits it provides. Security functions that previously had to be located on-site due to limited bandwidth to the cloud can now be moved more freely due to fewer bandwidth and latency constraints. Likewise, security functions that used to be limited to operation in the cloud due to the need for high-speed connectivity with other cloud services can now be moved closer to the Edge as bandwidth and latency become less limiting factors.
What are the best practices for enterprises to ensure robust cybersecurity in a 5G environment?
To ensure robust cybersecurity in a 5G environment, there are some best practices that enterprises should follow. Firstly, it’s important to understand that 5G is more than just a faster radio network. Operating a private 5G network can be demanding and requires continuous resources. If that’s not possible, relying on existing 5G network operators and using slices to achieve a ‘private’ network might be more beneficial.
When operating a private 5G network, it’s similar to operating a mid-scale cloud/virtualisation environment with all the necessary components like firewalls, IDS/IPS, backup/restore, faulty hardware, software vulnerabilities, (virtual) patching and much more. These challenges are not new when running large-scale data centres but also apply to 5G core networks. A 5G network requires consistent maintenance and resources, and failure to maintain the core network properly may lead to vulnerabilities in the core network and jeopardise every service relying on it.
Another best practice related to 5G is device security. Just because devices are on a 5G network does not make them secure by default. This assumption often arises when devices were originally conceived to be operated in air-gapped environments. Especially when old devices are supposed to be moved to 5G, it’s a good time to evaluate their security posture and implement appropriate measures. This may include adding an additional layer around older/vulnerable devices or replacing older devices with newer ones with adequate security.
How does the increased speed and connectivity of 5G impact the landscape of cyberthreats and cyberattacks?
Interestingly, we have not yet seen any direct impact of 5G on cyberattacks. Generally, technologies that increase bandwidth and the number of devices have led to an increase in DDoS attacks. However, this is not specific to 5G.
On the contrary, we would have expected a statistically significant increase in the number of DDoS attacks, given the increased number of connected 5G devices. One possible explanation for why this has not yet happened could be the shared-network nature of 5G. In the past, increases in DDoS attacks and bandwidth originated from an increased number of devices that were connected to privately-owned, non-shared networks like fiber or DSL. For instance, saturating a DSL line with DDoS traffic did not directly affect other users of the same access provider, unless the backbone was saturated.
However, this is different for 5G. All subscribers use a shared medium (radio). Therefore, a single device hogging all the ‘air-time’ might compromise service quality for other subscribers in the area. Nonetheless, 5G has controls in place to manage air-time to ensure service quality for all subscribers. Thus, a compromised device used for DDoS will run into provider-controlled resource limitations way before ‘the air’ is saturated.
To summarise, the benefits of 5G for cyberthreats and cyberattacks are not directly related to 5G. Instead, they are more a consequence of its bandwidth and latency advantages. Moreover, even DDoS, which benefits from bandwidth, is not as prominent as feared. This is probably because the actual control mechanisms in 5G to manage air-time are enforced, and enforced ‘near’ the subscriber, e.g., at the base station, and not only once the traffic hits the backbone.
Click below to share this article