Tackling 5G's security challenges

(Image credit: Shutterstock)
About the author

Benoit Jouffrey is VP 5G Expertise at Gemalto, a Thales Company

5G has tremendous potential to transform our lives, with the promise of enabling a truly connected world where smart cities, autonomous cars and smart factories are not just an aspirational concept but a reality. According to recent research from Ericsson, 5G will reach 40% population coverage and 1.5 billion subscriptions worldwide by 2024, making it the fastest mobile generation ever to be rolled out on a global scale. However, as history has taught us time and time again, any fast growth technology innovation creates new cyber security risks.

With billions of devices connected to the internet, we face an increased risk of cyberattacks, data privacy breaches and even state sponsored attacks. If we don’t get the security right, there’s a risk of undermining trust in the new wave of connected devices and the concept of the smart city and smart industry at large.

The three main security challenges we face are: 

Data protection compliance: While GDPR has shaped global data protection protocol, it will soon be accompanied by an even tougher framework called the ePrivacy Regulation (EPR). EPR will be enacted towards the end of 2019 and into 2020, and will require the pseudonymization and encryption of personal data as standard.

Increased attack surface: 5G is transforming the key mobile and cloud functions of a network and is bringing new security threats with it. The risks and attack methods once associated with high-level IT will now be brought to mobile networks. It’s therefore critical that the 5G ecosystem – comprised of MNOs, policy-makers, third-party vendors and manufacturers – is prepared.

Cyber warfare: Cyber is no longer the warfare of the future, but of the present. Attacks are getting increasingly sophisticated and nationalized cyber warfare is beginning to target all ICT networks, including mobile telecoms. If the 5G network is compromised, it could bring cities and communications to a standstill.

Which industries will be most affected?

The first stage of adoption of 5G is now happening in the consumer market with enhanced mobile broadband. The next stage will be the wider use of the technology for ultra-reliable low latency and massive machine type communications. This will have a profound impact on the industrial world. In the automotive industry, for example, 5G will further enable autonomous driving and vehicle-to-vehicle or vehicle-to-infrastructure connectivity.  

In manufacturing, thanks to the very low latency and high reliability, 5G will play a key role in work automation, turning the smart factories vision into reality, while in healthcare it could facilitate remote telesurgery and patient monitoring. However, one of the main areas that will be affected is smart cities, where 5G will play a key role in facilitating the deployment of smart transportation networks, smart buildings, and enabling further smart metering.

This will drive changes in the way we design technology for connected devices, including the need to embed ad hoc security, as this will be crucial for the new breed of smart technologies to take off.

The impact of EU’s GDPR on 5G networks

EU’s GDPR is shaping data protection globally and we are seeing similar initiatives emerging in some of the world’s leading economies, including the US, Canada, Japan, China, Brazil and South Africa amongst others.

As the world is moving towards tightening data protection requirements to ensure user privacy, there will be a stronger focus on how data is being managed on 5G networks. As set by the ePR, this includes tougher rules for managing electronic communications metadata as it permits the identification of a device on a network. As a result, identifiers such as SUPI (Subscription Permanent Identifier), the equivalent of the IMSI for 5G mobile networks, need to meet strict encryption and data storage requirements. To meet these requirements, connected devices need to be designed with cybersecurity in mind. 

Ensuring data privacy on 5G networks

Businesses and device manufacturers need to adopt a security strategy that is based on five key principles. 

Firstly, security mechanisms need to be adjusted to the potential risk that a breach could present. Not all use cases require the same level of security – a sensor in a soap dispenser doesn’t need the same level of protection as the lock of a connected vehicle, for instance. 

The second principle requires thinking of security as an end-to-end approach, from the edge to the core. This means that security needs to be built into devices and software at the design level, otherwise vulnerabilities can only be “patched” after the fact. For example, using secure 5G SIM cards, which offer full anonymization of end-to-end subscriber identities, is critical for ensuring robust protection against hacking and future security threats. Businesses should also consider secure device end-point connectivity modules that provide additional layers of security beyond the connectivity itself. 

The third principle is using of state-of-the-art encryption, key and data storage, which eliminates the risk of misusing personal information and helps ensure compliance with regulations such as GDPR.

The fourth principle is that organisations need to work with partners who can audit the targeted deployment and help meeting key security certifications to ensure all third-party components used for the final product meet the highest security standards. 

And last but not least, the uptake of 5G will depend on industry-wide standardization that can help reduce the fragmentation in the market and ensure all participants adhere to proven security and data privacy principles together with the right level of interoperability. These standards may need to continue to evolve over time in order to adapt to emerging technologies and market developments and ensure they remain relevant in the long-term. 

Business opportunities for 5G-based services

5G offers great potential to transform traditional industries and create new opportunities for service innovation: from smart factories, through to autonomous vehicles, remote VR training and rapid video streaming. But again, behind all these innovations surfaces the need to ensure the security and reliability of 5G technology and the network infrastructure that underpins it. 

To make the most of 5G, electronic equipment manufacturers and other key market players need to identify their targeted infrastructure that will support their strategic goals, in a safe and reliable way. This infrastructure could rely on network slicing or private networks. Working with an established and trusted partner that has the expertise to assess the required end-to-end security for 5G networks and devices will be key to ensuring cyber security is embedded at the heart of their 5G deployments.

At the end, the success will be based on a team-play: Governments, standardization bodies, MNOs, device manufacturers and software or application providers must work together if they are to be successful in building a trusted IoT ecosystem that truly delivers on the promise of 5G.

Benoit Jouffrey is the VP 5G Expertise at Gemalto, a Thales Company

Benoit Jouffrey is the VP 5G Expertise at Gemalto, a Thales Company. He has over one year of experience.