History has shown that in the race to build technology, mistakes can happen. Too often, in digital technology, these mistakes hinge upon cybersecurity—or a lack of. As we build out our 5G networks, creating an airtight infrastructure is an obvious imperative. While 5G is set to increase the speed and capacity of our wireless networks and enable advanced digital products like driverless cars, researchers are finding serious ghosts in the machine that heighten our cybersecurity risk.

How can we mitigate our 5G cyber risk?

UNDERSTANDING 5G CYBERSECURITY VULNERABILITIES

"To build 5G on top of a weak cybersecurity foundation is to build on sand." -The Brookings Institution‍

In November 2019, Wired ran a story pointing out 11 vulnerabilities in the 5G networks. The research was solid; Purdue University and the University of Iowa found serious design flaws that expose end-user location, track their activity, and more. Mobile phones are particularly vulnerable; scientists found that network downgrading attacks are just one of the problems the new 5G could allow.

The research showed that many of the 4G flaws have rolled to 5G. But 5G is primarily an all-software network, so upgrades will occur in iterations, like the upgrade to a cellphone. But the Brookings Institution suggests that even the minimal hardware used in 5G is a cause for concern. Chinese telecom giant Huawei, who manufactures the equipment powering our telecom networks, has been accused by U.S. security agencies of creating backdoors that could be exploited later on.

This makes cybersecurity of our 5G networks more than a concern for the individual, but a genuine issue of national security.

RESPONDING TO 5G CYBERSECURITY FLAWS

We need a comprehensive review of the cybersecurity risks in the 5G infrastructures to assess the threat probabilities for any connections, devices, and applications riding on 5G. We also need oversight of the network rollout to ensure our emphasis on fast 5G deployments doesn’t miss critical security vulnerabilities. The Brookings Institution has called for comprehensive oversight and review of 5G deployments. They raise the following questions:

• The 5G deployments are driven by market-based motivations. Is the need for profit overshadowing the need for cybersecurity?
• How should the government intervene in this process—or should it?
• What are the cybersecurity responsibilities of business versus governments in the push to deploy 5G?
  

Tackling these issues now is imperative. The costs of missing security vulnerabilities are incalculable. Consider what we’ve seen to date:

• The 2017 NotPetya attack was caused by a security vulnerability in a corrupted security patch.
• This one exploited vulnerability cost $10 billion in corporate losses.
• Combined losses at FedEx, Maersk, and Merck were more than $1 billion.
  

While these attacks did not occur on 5G, the point is valid; we must assess our cybersecurity risk now or pay a high price later on. This is particularly important because of the interconnected nature of 5G devices. Cybersecurity issues could threaten more than corporate data, but severely impact Internet of Things (IoT) devices such as autonomous cars or implanted medical equipment. This makes cybersecurity in an era of 5G not only the concern of corporations worried about data but a very human concern as well. Cybersecurity professionals are advised to be vigilant and evaluate enterprise network monitoring solutions to advance in the overall security posture of their organizations.