Current Issue

The much-heralded fifth-generation broadband cellular network—commonly known as 5G—is on the way, promising greater data transmission speeds and increased connectivity. But it also brings many more opportunities for cyberrisk issues. As with any major technological shift, this new paradigm should be greeted with equal parts wonder and caution.

There is no question that 5G will enable more devices to do more with greater reliability and at faster speeds, allowing users to minimize or eliminate the latency of current networks and take advantage of greater computing power. This can enable an extended capacity for maximized efficiency and innovation across industries—including enhanced mobile banking, seamless lending platforms, improved biometric security systems, and better use of artificial intelligence in manufacturing processes. But at the same time, it will hamper traditional security protections that filter and search for malicious activity.

Soft(ware) Defenses

The new 5G networks replace many traditional components of networks with software. Unlike 4G networks, which run on hardware-based switching, 5G utilizes distributed software-run digital routing to eliminate choke points and enable peer-to-peer communication while decentralizing controls. Thus far, there is no security software or add-on to police router traffic.

Software is the most obvious gateway for hackers, so 5G’s reliance on software creates potential problems. Many previously hardware-managed network functions will be virtualized or cloud-based, and the network itself is managed by software. Combine that with 5G’s greater interconnectivity, and it would seem that vulnerabilities are practically baked into its architecture.

Expanding Internet of Things

One of the oft-touted benefits of 5G is that it was designed specifically to power internet of things devices, allowing the physical and virtual worlds to intersect with automated tasks and peer-to-peer networking. Yet IoT devices set aside few extra processing cycles for security, so basic measures like integrity checks and anomalous input detection mostly do not exist. As a result, 5G IoT will broaden the attack surface and open up more backdoors for threat actors. We have barely begun to imagine the possibilities for cyberattacks on industrial control systems, medical devices and energy grids, and how these attacks might go beyond financial, legal and reputational damage to actually cause physical harm. New 5G technology raises the stakes and makes such a scenario seem more plausible.

An obvious example is in manufacturing, where robots have been widely integrated in automated processes. Already vulnerable to hacking, these may become more insecure on a 5G network.. In many cases, the devices themselves pose the greatest security concern here, but the sheer multitude of devices and their interconnectivity on the 5G network makes them that much more vulnerable.

Mitigating 5G Risk

When it comes to protecting against this emerging risk, organizations need to focus on increased cyber exposures, privacy and data loss threats. With the move to 5G, all the existing problems in the cyberrisk arena will be amplified. Organizations should account for the fact that IoT will be faster and more dispersed than ever before, allowing companies to capture, monitor and potentially store huge amounts of data in real time, but also increasing the vulnerability of that data. 

With the switch to 5G, there is greater potential for a catastrophic event. How can a company prepare? Mitigating and managing this risk will require a concerted and intentional roll-out of the technology to areas where it can cause the least potential harm, careful security monitoring and protective control deployment and yet allow the organization to realize its potential. It is a more holistic approach to understanding organizations and their exposure points. It is important to ask questions about the security controls your organization is adopting for 5G and ensure that outside experts in 5G are consulted prior to deployments. Prepare to change security infrastructure rapidly and adopt more automation to keep up with the pace and density of 5G communications. Outside auditors and hackers will test these defenses—educate yourself about the risks and be ready to respond.

The good news is that 5G has not yet been fully implemented. That gives organizations time to prepare for and guard against potential risks, which is critical on a number of fronts. For one thing, the security community needs to step up and work with technology entities to create new and novel ways to protect networks to reasonably ensure 5G’s reliability. The key is to proactively prepare for these developments. With cyber-related physical damage becoming a growing threat, we must all pay careful attention to these new exposures as changes to connectivity evolve.

All companies should also start talking to their third-party service providers now to find out if they are readying their security controls, such as IoT device and data monitoring, and deploying enough resources for incident response. Preparation will be particularly challenging for small- and mid-size businesses, which generally have smaller budgets and fewer in-house capabilities to manage these risks. Ultimately, risk and security professionals will need to work together to educate their companies about 5G, and how to put proper mitigation protocols in place that will allow them to take advantage of the possibilities, while still being prepared for any potential risks.

Mike Convertino is chief security officer and CJ Pruzinsky is U.S. chief underwriting officer at Resilience.