The fifth generation of wireless technology — 5G for short — promises to redefine the network, as well as digital experiences as we know them. But with any rapid tech advancement, there’s also the certainty that 5G, which has been described as “a digital revolution” and “bridge to the future,” will open new opportunities for malicious disruption and cyber attacks. By 2025, 5G networks are expected to cover about half of the world’s population — so we should now be deeply exploring the new dimensions of potential implications and vulnerabilities it will create that could be exploited by cybercriminals and nation-states.
To help organizations navigate the evolving 5G threat landscape, U.S. government agencies including the National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), and the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) recently published an analysis paper on potential threat vectors and new risks introduced by 5G adoption. We’ll summarize some of the major takeaways and share some high-level recommendations from our own team. But first, here’s a look at what 5G means for both consumers and industry players.
The Promise of 5G Connectivity
For consumers, 5G will usher in a new age of virtual experiences and digital content. It’s not just next-generation gaming, augmented reality, and immersive experiences that make 5G so exciting; faster speeds and lower latency will impact virtually every aspect of life. That includes the way we work. 5G is hyped to accelerate business’ digital transformations, drive internal efficiencies, and spark innovation. For communications services providers (CSPs) specifically, the opportunity to deliver new customer experiences and offerings is tremendous. The same is true for 5G network operators who will build and operate the systems architecture that underpins these new business models.
Inevitable Risks in the Wake of 5G Rollout
This transformational mobile bandwidth is coming online at the same time that the Internet of Things (IoT) is reaching critical mass. Yet by enabling a new wave of connected devices and services, the number and types of identities in an organization’s infrastructure will also expand.
Attackers often rely on compromising identities — linked to humans, devices, and applications — and subsequent manipulation of privileged credentials to reach their targets’ most sensitive data, applications, or infrastructure. Earlier this year, the Verkada IoT breach gave us a glimpse of what can happen when thousands of interconnected devices are not secured like other sensitive network assets. And as modern society relies on internet connectivity more than ever, the late 2020 revelations that Google was hit with a 2.5Tbps denial of service (DDoS) attack a few years back demonstrated what’s possible in terms of attack scale.
5G networks not only provide foundational connectivity for innumerable services but also transmit and store private data for consumers, businesses and government. This means that such attacks can reverberate far beyond the initial incident. And as the 5G roll-out intensifies, we can expect to see attacks become more frequent, sophisticated and larger in scale. It’s already happening: the telecom industry was the number one target of DDoS attacks in the first quarter of 2021.
NSA, ODNI and CISA Analysis of 5G Threat Vectors
The U.S. government’s recently released analysis paper, “The Potential Threat Vectors to 5G Infrastructure,” aims to inform stakeholders on cybersecurity risks and drive collaborative solutions. The paper digs into known and potential threats to the 5G environment, sample scenarios of where 5G may be adopted, and assessed risks to 5G core technologies. Here’s a look at two of the major threat vectors identified by authors, the 5G supply chain and systems architecture.
Securing the 5G Supply Chain
The global battle over 5G supremacy and the resulting rush to establish necessary 5G critical infrastructure has created a perfect opportunity for attackers to conduct cyber espionage campaigns, foreign interference, and other malicious activities. Authors note the entire 5G supply chain is susceptible to the introduction of risks such as “malicious software and hardware, counterfeit components, poor designs, manufacturing processes, and maintenance procedures.”
And the billions of connected 5G devices compound the problem. A single act of tampering at any point in the 5G supply chain could have a massive ripple effect. For example, business and home equipment like routers, smartphones, and IoT devices could be compromised en masse, while countries that purchase 5G equipment from companies with compromised supply chains could be vulnerable to interception, manipulation, disruption, or destruction of data.
Securing 5G Systems Architecture
Building out the critical 5G systems architecture that can meet the data, capacity, and communication requirements of the network requires a number of new technologies, such as software-defined networking, cloud-native infrastructure, network slicing, and edge computing. These tools, however, also serve to further increase the attack surface. While 5G component manufacturers and service providers are enhancing security through technology improvements, malicious actors can potentially exploit vulnerabilities — both legacy and those that are brand new — authors warn.
Privileged accounts and credentials provide superuser access to critical telecommunications infrastructure on-premises, in the cloud, and in hybrid environments. Yet too often, privileged access to critical systems is left unsecured and unmanaged. This puts assets at an increased risk of a damaging cyber attack that could impact telecommunications companies and citizens alike.
Six Identity Security Considerations for the 5G Era
An identity-centric approach to security emphasizes that privileged access management is critical to help address the gaps and vulnerabilities that attackers look to exploit in supply chain attacks — as well as strengthening the very core of 5G infrastructure.
Here are six key security considerations for telecommunications organizations and 5G architects to help improve their current security posture and mitigate the risk of future compromise:
1. Discover and manage credentials belonging to machine identities on IoT devices, as well as 5G component systems. Also, consider pre-supported integrations for managing privileged access to legacy infrastructure to enable interoperability. This will help prevent the malicious use of privileged accounts and credentials, the most common path to an organization’s most valuable assets.
2. Help prevent lateral movement across 5G networks by isolating and monitoring human-led privileged sessions to critical infrastructure.
3. Remove local admin rights and implement least privilege controls on all edge devices, endpoints, and servers to help defend against ransomware attacks. Similarly, enforce least privilege throughout public cloud infrastructure.
4. Work to ensure software is consistently patched and always up to date, especially in accordance with recent government guidance.
5. Continuously assess and improve the security of customer-facing products and services, with emphasis on the security practices of digital supply chain partners.
6. Consider investing in threat monitoring and anomaly detection technologies to monitor access activity and act on suspicious behavior in real time.
This is the dawning of the age of 5G and IoT, and with seemingly endless possibilities comes significant new risk. A strong defense will require an “assume breach” mindset, with a focus on protecting identities to prevent attackers from reaching their end goals.