5G will transform the way we live but also creates a super-powered version of the current challenges with cybersecurity
By Greg Day: VP and Chief Security Officer for Europe, Middle East, Africa at Palo Alto Networks
5G is about to unleash a range of fantastic benefits for humanity. The next generation of mobile networks offers download speeds up to 100 or even 1000 times faster than 4G.
Latency – the time delay between sending and receiving a signal – will be cut to 1 millisecond from over 50 milliseconds. That’s faster than the human brain.
5G will be able to support an incredible one million devices per square mile. These advances will allow widespread use of autonomous cars, while the reduced latency will enable surgeons to remotely carry out operations using robots on the other side of the world.
This is more than just a better phone signal – it is a technological step change comparable to the arrival of jet travel. The technology will, of course, open great new revenue opportunities for businesses.
But 5G also creates a host of cybersecurity headaches that threaten to undermine these benefits. A 5G-powered world will become more interconnected as data is shared between devices and applications. This vastly increases the surface for cyberattacks, extending the points where hackers can gain entry to a network.
Autonomous cars will share data with other vehicles, with traffic management systems and local communications infrastructure. Similar interconnectivity will apply to robots, wearables, mixed reality applications and retailing. If hackers access the networks for driverless cars, surgical robots or other connected devices, they could threaten life and safety, let alone data security and business operations.
A further challenge lies in speeding up latency to almost real time. Effective cybersecurity slows down latency as it analyses data for threats. The time for threats to hit the network is shorter and the time to protect the network is shorter too.
Another difficulty will be correlating the vast amounts of data moving across the 5G network. The new generation technology relies on thousands of mini antennas placed on buildings and lamp posts, bouncing signals to devices. A data stream on one device will move between multiple antennas. Logs will show three seconds of data from one antenna, then a separate stream as the device moves to a different mast for five seconds and so on as the user traverses the network. That jumble of data will need to be joined together and unjumbled to understand the threat landscape, a highly complex process — but one that state-of-the-art security solutions can solve. It’s worth checking if your current solutions do this.
There is no doubt that the 4G network faces similar difficulties. But 5G creates a super-powered version of the current challenges so cybersecurity staff will need to double down on protective measures.
An effective measure will be the use of Zero Trust networks. These work on the principle of “never trust, always verify.” They assume that every person or device accessing a network is a potential security threat, so restricts their access to the specific area they need.
For instance, marketing staff only get access to relevant marketing data, but not to finance, human resources or operations data. A connected car will be able to access just the data it needs to communicate and avoid a collision, but nothing more.
The task of building a Zero Trust network can be compared to retrofitting security for a building. In place of everyone passing through a strong, single lock on a big door, there are 200 staff using 200 doors each with its own lock. The security department need to observe staff behaviour and figure out which people need to go through different doors and decide who to give keys to. The challenge here is not technical but is in the implementation.
Another vital area is keeping tabs on third-party risk and making sure organisations in the supply chain have strong cyber security controls. Health care, connected cars and industry 4.0 will be collaborative ecosystems on 5G. Visibility of all involved in the supply chain is vital. That means identifying all the players contributing to the service and making sure they are all secure.
In sum, 5G cybersecurity requires three elements:
Reduce the risk though Zero Trust networks, as 5G will expand your attack surface
If you can’t see it you can’t secure it – ensure correlation of data streams in a roaming world, and visibility of suppliers ecosystem
With the reduced latency and massive amount of increased data, ensure your security can to keep pace
These are all areas that CISOs in businesses and organisations should be working on today. 5G trials have started already with the first networks set to roll out in 2020 and wide availability predicted by 2025.
There’s no time to lose. Security chiefs must start putting in place the cybersecurity measures which will allow 5G to realise its benefits and become a boon to humanity rather than a scenario of uncertainty and danger.