While mobile operators have been evangelising 5G for the last several years, 2019 was the year that 5G network deployments finally started to become a reality. But even so, there continued to be several unknowns about how 5G will work in practice and whether new security threats will emerge as a result of 5G adoption.
Among other things, 5G will enable mobile internet speeds that will pave the way for a new generation of highly reliable, real-time automated services like smart cities and highways. From an enterprise perspective, many businesses are eager to capitalise on the first 5G services; but to ensure successful outcomes, both public and private sectors must first consider and mitigate any accompanying security risks. New approaches to privacy and security, in fact, are much needed in the 5G and internet of things world. There is already a heightened focus on security and privacy for a variety of reasons. And while 5G starts to become embraced by vast numbers of industry verticals, these security and privacy considerations indeed become even more important.
New security concerns emerge
5G networks add a new layer of connectivity, but also complexity by enabling many devices to be connected in communication with each other. Regardless of purpose, every new connected device will add to the number of entry points to a network. These devices tend to be designed with service/functionality in mind rather than security, and lack full protection from attacks. As such, each has the potential to become a cybersecurity vulnerability.
The threat potential in 5G is vastly different than in previous technologies. The implications of security breach in 5G are massive and different for different use case categories within 5G. E.g. consequences of a breach in a 5G Ultra Reliable Low Latency Communications (URLLC) based critical services environment could be lot more damaging and disruptive than that in Enhanced Mobile Broadband (eMBB) use case family. While 5G technology has several enhanced mechanisms and capabilities for security, these must be carefully managed, especially in a hybrid environment. 5G is inherently more secure because of improved encryption protocols and other security functionality. However, the adoption of 5G technology by a multitude of industries will mean that the attack surface will increase multi-fold. As security becomes a critical element across industries, there is a need for market barriers to be reduced for an expeditious migration to the target 5G architecture.
In addition, there is a correlation between today’s rising data breach incidents and the public internet’s vulnerabilities. Public internet channels were created to share information – not protect access to it – and were available to being viewed, manipulated, or damaged by malicious activity. A vast amount of sensitive data is still channelled through weak networks and clouds that are not designed to protect swathes of information from sophisticated threats. This is a major consideration for organisations wanting to use 5G to enhance their business offering. As a result, there is a need for networks that are private and isolated from the public internet, with the functionality to identify and manage assets in their environments in a secure way.
Are private long-term evolution (LTE) networks part of the solution?
Although 5G is available via connections to the public networks, this could potentially expose the sensitive data held by businesses to multiple entities in the value chain. Successful data breaches can have a devastating financial and reputational impact on an organisation and measures should be taken to protect the flow of data across the network. Advances in technology and infrastructure allow businesses to deploy their own private LTE solution and take advantage of cellular technology once only available through larger mobile networks whilst keeping local traffic on site.
Private LTE is independent of providers and can supply 5G on a much smaller scale and to specific localised areas. Compared to Wi-Fi, private LTE faces less interference and has a superior range (both indoor and outdoor). This means higher reliability, improved performance (low latency and seamless mobility) and wider reach with fewer access points. In addition, private LTE uses the same security infrastructure and protocols as cellular technologies, making it much more secure than Wi-Fi. There are several use cases for private LTE within the enterprise space where the secure transmission of sensitive data is critical, particularly when it comes to large files from several devices. Video surveillance as part of an on-site security system serves as a key example of locally routed traffic.
These systems employ the use of connected cameras to detect and respond to criminal activity. Due to the nature of data being transmitted, the network must be able to accommodate the transmission of large files with low latency, making it an ideal use case for 5G. The data transmitted must be kept secure, especially when there is an incident; manipulation or deletion of video footage could potentially change the outcome of a criminal investigation. Large premises create a large attack surface area, and therefore need potentially hundreds of devices. However, a private LTE network providing robust connectivity would allow these to securely and efficiently connect to an on-site database.
The 5G advantage
The acceleration of 5G solutions will allow organisations to transform their ecosystems and service offerings. But to realise this future and take full advantage of the benefits that 5G brings, businesses need to take the necessary steps to ensure the security of their data and network. Although 5G is designed to be more secure than its predecessors, using a private network will provide the added confidence that data is protected from exposure to multiple entities in a public network environment. This will enable businesses to safely implement new offerings and improve efficiencies, while maintaining visibility and managing assets within their network. Security, however, is a critical enabler, and it must become a part of the return on investment in the 5G business case if it is to be successful.
Pradeep Bhardwaj, Senior Strategy Director and Head of Industry Standards, Syniverse