Getting Up to Speed on 5G Cybersecurity
5G technology is here. With it comes new exploits for cyber criminals. Get the most recent guidance on how to prepare.
5G is poised to make life more convenient, but as we in the cybersecurity industry know, convenience means new vulnerabilities.
Blazing speeds, gargantuan data volumes, and unprecedented interconnectivity don’t come out of thin air. They must be supported by unique network hardware and virtualization, the latter of which is fundamental to the design and function of the technology compared to previous generations.
5G depends on software-defined networking, network virtualization, and network function virtualization. These allow for easy segmentation and resource allocation. However, they also open avenues for cyber criminals to gain access and move from the virtual to the physical layer of a network. In effect, each virtual network is another door to be secured.
If an attacker compromises a network slice, they can steal resources for their own use, such as crypto mining, and slow business-critical services. They can also turn the high-speed, low-latency advantages of 5G against victims, enacting fast and powerful distributed denial-of-service attacks.
To alleviate 5G security fears, the National Cybersecurity Center of Excellence (NCCoE) has partnered with technology-focused companies, such as Intel, Dell, and CISCO, to develop the National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide SP 1800-33A. While the current version is still in draft, the development of defined cybersecurity standards is crucial to protecting data, systems, and people in a 5G world.
This year, the Cybersecurity & Infrastructure Security Agency (CISA) published a paper on 5G threat vectors, highlighting areas all organizations should consider when adopting 5G technology. These include:
Policy and standards
Lack of defined vendor- and product-agnostic 5G security measures can leave organizations open to attack due to inadequate security controls.
Malicious software and hardware, counterfeit components, poor designs, manufacturing processes, and maintenance procedures threaten all vendors who do business with one unsecure vendor.
Advanced 5G architecture can handle a multitude of IoT (Internet of Things) devices, which all bring additional risks to the table.
Every organization should be prepared for new cybersecurity requirements associated with 5G adoption. Keeping an eye on formal guidance, such as those above, will be key.