The Risks to 5G IoT: Preparing for the Next Generation of Cybersecurity Threats
The brave new world of 5G also promises to bring unprecedented speed and scale to IoT operations, but also comes with a new generation of security threats. 5G IoT services will no longer neatly fit into the traditional security models optimized for 4G/LTE cellular, as an NSA white paper lays out. “New paradigms, such as disconnected operation, small cell data links, edge-focused processing, and more, will turn the central authority authentication model on its head.”
Security experts warn of threats to the 5G-IoT environment, such as a heightened risk of distributed denial of service (DDoS) attacks and proximity service (ProSe) intrusions. The vast distribution of decentralized, small-cell networks 5G IoT requires will make it a challenge to keep each system updated and capable of meeting rapidly evolving cyber-attacks.
Higher bandwidth will create more potential security risks, as will an expected explosion in the number of connected devices that are vulnerable to unauthorized access.
Botnets, network-level attacks, and other malicious activities present a complicated security picture with sophisticated, mutable attacks. Studies conducted by the University of Lorraine and the University of Dundee have found “critical security gaps” in 5G connections, which allow for large amounts of data theft.
Researchers warn that the proliferation of data traffic and mobile IoT connectivity comes with a significant amount of risk that should be addressed by the telecom industry before 5G is deployed on a large scale.
The Big Questions Behind 5G Network Security
Huawei’s Cybersecurity Officer David Francis and the EU Public Affairs Manager Wout Van Wijk have identified three key questions that should be asked about 5G security: “1. Whether 5G security and privacy solutions will cover the service layer in addition to the access layer; “2. “Whether to extend the role of end-to-end protection mechanisms from those of previous generations”; and “3. Whether to aim for extended protection of identity and location privacy against active attackers.”
Addressing these concerns will require forward-thinking designs that anticipate and prepare for threats and build effective security features into the design of 5G networks rather than attempting to address such issues as they arise.
The problem of authentication will be especially relevant to security and privacy concerns given the number of devices gathering data in massive IoT networks like connected city infrastructure and hospital systems or smart offices and homes.
According to a Gartner report, there will be 20.4 billion connected IoT devices, almost three per person, in 2020. Investment in secure biometric authentication systems can prevent identity theft and unauthorized access to devices that can seriously compromise 5G networks at the user level.
Overall, as the University of Surrey warns in an IoT study, effective 5G security at the service level will require the cooperation of 3GPP and other standards organizations, governments, academic researchers, and industry.
Emerging Cybersecurity Solutions
Many of the recommendations for managing 5G security threats are the same as those for managing threats to current networks.
These include using firewalls, conducting routine malware scans, monitoring DNS activity, and making threat intelligence a top concern at all times – not to mention training employees on new technology to prevent attacks dependent on human error.
While established practices will still hold value, the new use cases of 5G in IoT applications will create new threats that require smarter solutions. Linked devices, machines, wearables, drones, city infrastructure, and autonomous vehicles will store and transmit sensitive personal data on a scale that will be difficult to secure.
As the European Union Agency for Network and Information Security (ENISA) warns, 5G may be vulnerable in part because current signaling protocols (SS7) developed for 2G, 3G, and 4G networks, may be critically insecure. Updating and securing these protocols will go a long way toward increasing the cybersecurity of 5G networks.
Another threat to 5G networks is the large amount of data stored in the cloud rather than on more secure local servers. The data gathered by IoT devices contribute to a vastly expanded attack surface.
Ultimately, security experts are hopeful that the increasingly complex security landscape of 5G can be met with the increasing complexity of AI, machine learning and automation.
By harvesting massive amounts of data from tens of billions of connected devices, AI and machine learning systems can evolve alongside the threat matrix, learning to detect and neutralize threats before they compromise critical system and put lives and sensitive data at risk.
Despite these challenges, the coming shift to 5G networks promises to offer companies a powerful new tool capable of powering faster, broader IoT deployments.
Telit is proud to offer a range of special LTE-M and NB-IoT modules leveraging OneEdge ™, a suite of software tools designed from the ground up for the IoT that includes uniquely native, embedded security features capable of both meeting current challenges and integrating seamlessly into tomorrow’s 5G-driven solutions.