Balakrishnan Dasarathy, Ph.D., collegiate professor and chair for Information Assurance and Cyber Operations programs at University of Maryland University College (UMUC), cuts through the hype about 5G networks and gets to the truth about potential security threats and the ways to mitigate them.
The promise of 5G networks is that they’ll provide an order of improvement in both data rates and latency over the current generation of cellular networks and, as such, will introduce a host of new applications that support industry and critical infrastructure. Telecom equipment supplier Ericsson predicts that the number of cellular IoT connections will reach 4.1 billion in 2024—increasing with an annual growth rate of 27%.
The upside of 5G is its support of an unprecedented number of connected devices. Its networks will rely on new architectural concepts and service delivery models that will improve functionality across numerous vertical markets and drive down costs.
The downside is that 5G will create a threat landscape that we have not experienced with previous networks. Ironically, the security challenges inherent in 5G will arise from the attributes that make it such an improvement.
Any security plan for 5G should focus on the following six threats:
- Loss of availability: flooding an interface and crashing a network element by sending malformed packets by poorly authenticated, malware-infested devices
- Loss of confidentiality and integrity: eavesdropping, data leakage and data modification due to lack of energy-efficient cryptographic techniques on low cost, low power connected devices
- Loss of control: an attacker taking control of the network or compromising the network
- Malicious insider threats: an attacker modifying the network elements as the network is opened up and services rely on out-sourced entities
- Code in network elements: spying such as Trojan horse, trap door and logic bomb
Minimizing Future Threats to the 5G Network
Managers of network security can mitigate these six 5G security threats with new service and trust models, and by keeping close watch on Huawei, the Chinese global provider of information and communications technology infrastructure and smart devices.
New service models, for example, must be expanded to include roaming agreements to support a specific business such as drones from Amazon and car fleets from GM, and not just cell phones. Trust models must address new data protection challenges across 5G networks that include more actors of different types. Today’s trust model addresses SIM cards issued by a few vendors for phones. Any future 5G trust model must address industry automation control devices, vehicles, sensors, drones and other IoT devices. Federal agencies, namely the National Institute of Standards and Technology (NIST), must accelerate advancements in lightweight cryptographic techniques that are designed to implement in constrained environments such as RFID tags, sensors and medical devices.
Finally, any 5G-network security framework must also identify and address potential malicious activity from Huawei, and the only way to do so is to review the underlying code of network equipment. Since an adversary like Huawei, with direct links to the Chinese government, will not supply anyone with the functional specifications for the malware they may plant, the U.S. must actively review the code in Huawei equipment much in the way that the U.K. is doing now through its Huawei Cyber Security Evaluation Centre (HCSEC).
About the Author
Dr. Balakrishnan Dasarathy, collegiate professor and chair for Information Assurance and Cyber Operations programs at UMUC, brings more than 30 years of experience in research and development and management in the fields of information assurance, cyber security, and related areas of computer science. He has worked in the telecommunications and finance industries and currently teaches courses in network and software security and cyberlaw. Dasarathy received his PhD in computer and information science from Ohio State University.