Authored by: Dato’ TS Dr. Haji Amirudin Bin Abdul Wahab
5G is the fastest network and far more advanced in terms of robustness, latency, peak speed and reliability with potential speeds reaching 10Gps, 10 times faster than 4G. According to the GSMA, 5G is on track to reach 1.4 billion and account for 15% of global mobile connections by 2025. Although 5G is likely to roll-out in Malaysia in stages by 2021, many telecommunications and internet service providers are already gearing up for its imminent arrival.
A World Economic Forum report “The Impact of Mobile Technology on the Response to Covid-19” found that the current global Covid-19 pandemic has in fact accelerated demand for 5G across some industries from online and essential retail, manufacturing to healthcare. With gigabit speeds and millisecond latency, 5G technology will open up a new world of immense possibilities for individuals, businesses, industries and communities in Malaysia.
Endless Possibilities with 5G
5G technology enables Ultra-Reliable Low-Latency Communications (URLLC), a building block for resilient critical applications such as autonomous vehicles, military gear, medical applications and manufacturing equipment. 5G will also ‘supercharge’ broadband internet, allowing direct streaming of ultra-high-definition video, virtual reality applications and embedding of artificial intelligence. It will also enable businesses to fully leverage on the power of IoT (Internet of Things), artificial intelligence, robotics, big data and analytics, cloud computing, augmented reality (AR), virtual reality (VR) and other emerging technologies. Last but not least, 5G will enable Massive Machine Type Communications (mMTC), accommodating highly scalable, energy-efficient and long-term applications, such as sensors, smart metering and grids spawning smart homes and cities.
The 5G revolution will usher in a new era of cybersecurity evolution as the technology changes connectivity on a massive scale. Although new capabilities made possible by 5G networks hold tremendous promise, a much more critical urgency is needed to beef up security of those connections, devices, and applications. Inevitably, 5G networks will be an invitation to attacks.
The 5G threat landscape is complex because it combines the 5G stack with traditional IP-based threats, legacy 2G/3G/4G systems, and threats introduced by virtualisation technology. As such, we cannot afford to build 5G on top of a weak cyber security foundation. It is not just the safety of network users are compromised in the near future but that of national security.
Expanded Cyber Risks
In a world of interconnected networks, devices, and applications enabled by 5G technology, every activity is a potential attack vector. In legacy networks, everything comes to hardware choke points where cyber hygiene could be practised. In a 5G environment, the network has moved away from centralised, hardware-based switching to distributed, software-defined digital routing, thus denying the potential for chokepoint inspection and control.
5G further complicates its cyber vulnerability by virtualising in software higher-level network functions formerly performed by physical appliances. These activities are based on the common language of Internet Protocol and well-known operating systems which can be accessed by cyber criminals.
The dramatic expansion of bandwidth creates additional avenues of attack. Physically, low-cost, short-range, small-cell antennas deployed throughout urban areas become new targets. Through the Internet of Things (IoT), tens of millions of smart devices are connected, creating multidimensional cyber-attack vulnerability.
Securing Malaysia’s Digital Roadmap
5G cybersecurity must start at the distributed edge and require fundamental shifts in how mobile network operators think about networking and security. Security will need to be edge-to-edge from the IoT edge, across the core enterprise network, and out to branch offices and multiple public clouds. Therefore, everything connected to the enterprise ecosystem needs to be identified and its state of security or vulnerability identified. Following this, all requests for access to network resources will also need to be verified, validated and authenticated to ensure an effective security defence.
It is important to extend “cyber duty of care” to all other companies across industries to identify and mitigate potential harms. Hence, a new corporate culture must be adopted across boardrooms in which cyber risk is treated as an essential corporate duty and rewarded with appropriate incentives. Corporations must also make proactive cyber investments such as implementing machine learning and artificial intelligence protection in their cyber security infrastructure. Let’s fight fire with fire by deploying machines rather than humans on machine-led cyber threats.
Establish cyber-preparedness indicators
To communicate cyber-preparedness between interdependent commercial companies and with government entities charged with oversight responsibilities, establish a cyber-preparedness indicator industry yardstick. Such resiliency self-assessment standards can motivate long-term community disaster preparedness improvement among corporations and shift oversight from lag indicators to lead indicators. A regular program of engagement with boards and regulators using cybersecurity lead indicators will build trust, accelerate closing the 5G readiness gap.
Cybersecurity starts with the 5G networks themselves
All telco providers who deliver 5G must have proactive cyber protection programs. Software companies and those providing innovative, software-based products and services should also be mandated to include cybersecurity in the process as a design, deployment, and sustainment consideration for every new product.
Inspection and certification
International-class standards including GSMA standards and Common Criteria (CC), a technical standard used by governments and industry to evaluate and certify IT security products must be instituted in Malaysia to ensure high standards of 5G-related equipment and products. CC evaluations are performed against protection profiles (PPs), with the PP being specific to a type of product or system. In this regard, CyberSecurity Malaysia will continue to play our role to assist Malaysia as Common Criteria Recognition Arrangement (CCRA) Authorizing Member towards this end. The setting up of a national Implementation Task Force on 5G will also ensure the smooth deployment of 5G networks and services while at the same time, promote this latest technology amongst the public sector, particularly in delivery of government services.
As Malaysia races towards digital transformation, 5G technology will accelerate Malaysia’s digital economy agenda as well as our journey towards Industry 4.0 (IR4.0). CyberSecurity Malaysia believes that greater collaboration among all parties is crucial in facilitating infrastructural roll-out in a coordinated manner that will ensure cyber-readiness and leave minimal impact on our civil works, public and cyber ecosystem.