Authored by: Ghian Oberholzer, Regional Vice President, Technical Operations, Claroty
The onset of COVID-19 has led to an unprecedented use of remote digital services and technologies such as telemedicine, mobile tracing, and online video conferencing, which have paved the way for the fifth generation or cellular networking data, or 5G, as the next ride in digital transformation. While much anticipated, 5G also introduces significant security risks and concerns that must be taken into account.
Current studies have shown that telcos have consistently topped the list for cyber attacks with the intention to seek maximum disruption to internet activities. Recent trends indicate that attacks have increased in intensity and frequency on domain name systems (DNS) infrastructure, which routes internet user traffic to intended online destinations.
With governments racing against one another to roll out 5G the fastest, it is in everybody’s best interests that 5G infrastructure is rolled out only when it has been properly secured.
The future of 5G is not an extension of 4G but a pivotal change in technology. 5G will ultimately not just be better cell phone coverage, it will also power a connected city, automate factories, operate cars and perform remote surgery.
However promising 5G may be, the vulnerabilities associated with the technology are just as dangerous if not thoroughly examined.
Threats to manufacturing and industrial sectors
The manufacturing sector is a prime example. Globally, competition in the manufacturing sector is fierce. To make their factories smarter, more efficient and more productive, manufacturers are adopting 5G networks at a rapid pace, without having necessarily assessed all of the security risks.
The manufacturing sector is embracing the next generation of manufacturing technology, dubbed ‘Industry 4.0’. Manufacturers are rapidly adding monitoring and control technologies to their production plants, analysing data to enhance productivity, stability, safety and ultimately improve efficiency to increase profits.
5G is a key component of Industry 4.0: it greatly enhances connectivity for monitoring and control of manufacturing processes but adds a new element of risk as well.
There is already a risk of cyber attacks on factories and manufacturing plants due to their increasing connectivity to the internet, enabling hackers to reach control systems that were previously digitally isolated.
These increased cyber attacks could disrupt other countries’ manufacturing operations and can potentially raise competition. In the event of a global conflict, targeted attacks to disrupt factory floors and impact companies and industries alike.
How do we respond to this risk?
From a geopolitical perspective, the greatest risk arising from 5G networks is the possibility that any one nation state could have a monopoly over this critical technology.
In Singapore, major telecom players have accepted the call for proposal over auctioning for airwaves. Similarly, other countries have proposed having multiple 5G networks over one. This itself reduces the monopoly of one network across the nation. Telcos must also be prepared to increase their security measurements by proactively securing, controlling and monitoring the use of privileged accounts.
There is already considerable momentum in this direction with Open Radio Access Networks (OpenRAN). The initiative aims to reduce the reliance on a small number of vendors of 5G network equipment by decoupling the hardware and software components of the network.
Leading the move to OpenRAN is the O-Ran Alliance, which was founded by mobile network operators to clearly define requirements for open radio networks and help build a supply chain ecosystem.
The alliance argues that traditional network equipment supply chain and procurement models must change: “Status quo, proprietary product architectures and complicated, vendor specific operations and management (O&M) systems will not serve … operator’s collective goals and must evolve to overcome the real capital, operational and technical challenges the industry is facing today.”
Ideally, the race to rollout 5G should not be the main factor to enabling the technology. By developing a set of common standards and banding together and using hardware from multiple 5G, vendors can reduce the risk of cyber attacks.
Some may say this approach is optimistic, but it is good for business on a number of levels. Opening the code up to the research community would not only bring down the cost of 5G, it would also improve security by enabling researchers to find bugs and work with vendors in a responsible manner to patch and disclose those bugs.
Open coding standards are good for security, good for competition and good for geopolitical stability.