5G wireless with its ultrafast speeds and enhanced security protections, has been slow to roll out around the world due to Covid-19, in addition to the dedicated investments in a combination with the demand and reliable business models. As the mobile technology proliferates—combining expanded speed and bandwidth with low-latency connections—one of its most touted features is starting to come in to focus. But the upgrade comes with its own raft of potential security exposures and open issues that will be discussed within this article.
There is a massive trend of 5G-capable devices, from smart-city sensors to agriculture robots and beyond, are gaining the ability to connect to the internet in places where Wi-Fi isn’t practical or available. Individuals may even elect to trade their fiber-optic internet connection for a home 5G receiver. But the interfaces that carriers have set up to manage internet-of-things data are riddled with security vulnerabilities.
APIs that carriers are offering to make IoT data accessible to developers often prove to have serious API vulnerabilities
The application programming interfaces (APIs) that carriers are offering to make IoT data accessible to developers often prove to have serious API vulnerabilities. Some could be exploited to gain authorized access to data or even direct access to IoT devices on the network. The reason is that the designs of IoT service platforms are not specified in the 5G standard and it depends to each carrier and company to create and deploy. As such there are custom protocols usually from suppliers with widespread variation in their quality and implementation. IoT devices from different suppliers might have issues to communicate securely, risking sensitive information from medical, financial and banking customers. In addition, many IoT devices use the SIM card within 5G network, such as intelligent factory devices, automatic driving vehicle, intelligent robot, which could be possibly modified (the content and function of the SIM card) remotely by an invisible short message service (SMS).
A thorough and strict process needs to be followed, with a structured analysis and study that will focus among others on several parameters such as safeguards and security protocols compatibility
Enterprises along with service providers, should continuously monitor the evolution of multiconnectivity and frequently report on the related protection mechanisms, to evaluate trends in attacks and the efficacy of protection.
Regulators, carriers’ and suppliers’ customers should be very careful with the selected equipment and a thorough and strict process needs to be followed, with a structured analysis that will focus among others on several parameters: IoT devices monitoring process:
- Points of safeguards
- Security protocols compatibility
- Cyber attack platforms’ security plan
The cybersecurity market is growing by 8% per year, creating a great business opportunity for Telcos that need to become more competitive
Although 5G security and information security is crucial overall across all sectors, there is an almost continuous rise in both the number and sophistication of cyber attacks. The digitization of business information and process means a larger part of the economy is a potential target. This was accelerated by more people working from home during the Covid-19 pandemic without adopting the right security platforms, exposing companies’ secrets and information. As such the attack surface is on the increase as the number of connected devices grows and the cloud expands. The number of attacks, and the impact they’re having, has grown because of the cybercriminals’ increased professionalization, automation, and the limited risk of being caught. As these trends are growing, the cyber threat will continue to rise in 2022.
The real issue is that the telecommunication companies are a major target for cybercriminals and nation-state actors because they build, control and operate critical infrastructure for their customers that is used to transmit and store large amounts of sensitive data. Securing client data is therefore a key component in protecting the operator brand. The surging complexity of networks increases the complexity of cybersecurity. As more virtualization happens across networks, these become more vulnerable to software-based attacks.
Traditionally, most enterprises used to take a siloed approach to security, either by spending separately on hardware security, identity protection or even on managed devices. But as the threat posed by cyberattacks continues to grow, that leads many to adopt a more holistic strategy that ends to buy consulting and auditing services.
There are some specific areas that most enterprises need to focus want to protect from cybersecurity threats:
- Networks – most enterprises operate private networks with critical business applications that require a very careful security plan. The growing use of software defined wide area network (SDWAN) services could create vulnerability to security breaches. That happens due to each internal router connection into the public internet.
- Remote workers trend – the growing popularity of homeworking, particularly during the pandemic, has exposed companies’ employees when using third party platforms or even to scams using emails, text messaging and voice calls. Securing the bring-your-own-device should be a trend with custom enterprise devices.
- Cloud networks – enterprises are increasing the hosting of more data and applications using public and private cloud services. Hybrid cloud network is another trend that requires a robust protection as private communications networks
- IoT – most large enterprises are deploying or planning to deploy IoT networks, which will often support critical applications, turning security into a primary concern. Generally, the more suppliers, networks, devices and systems involved, the greater the security-risk.
Telco operators should offer managed security services to enterprises of all sizes by developing security operations centers (SOCs). Enterprises need to develop and sign custom SLAs with the help of security experts tailored to their needs, covering all business areas. In addition, they should investigate to adopt a “hybrid data location storage” approach, based on European legislative, where personal or sensitive data is stored locally, close to and within an individual’s national boundaries (edge cloud), with less-sensitive data stored in the cloud. Also examining operators’ security expertise is another criterion among others. Many operators try to acquire security expertise and become more competitive, when buying security companies to get into the managed security services business or to bolster their strategies.
Enterprises need to develop and sign custom agreements with the help of security experts before buying any security service
Finally, this is an emerging sweet spot for telcos to grow their revenues. There are European operators that their security revenue doubled between 2016 and 2020.
The cybersecurity market is growing by 8% per year according to Gartner, which gives it an approximate value of $150 billion in 2021. Closing, if Telcos could develop the right strategy in order to capture just 10% of the total market, it would be equivalent to almost 1% of total telecoms revenue. Telcos currently are relatively small players and they need to develop connections with enterprises to develop robust and strong solutions in the security services market. This is dominated by global IT services companies such as IBM, Accenture and Atos, alongside specialist firms such as DXC Technology and Secureworks.
5G security is a major issue across enterprises that need a very careful management as cyberattacks continue to grow. One critical point to emphasize is the serious API vulnerabilities of the APIs that carriers are offering to make IoT data accessible to developers. A thorough and strict process needs to be followed, with a structured analysis and study that will focus among others on several parameters such as safeguards and security protocols compatibility. That study will ensure that enterprises adopt state-of-the-art protection mechanisms. 5G technology providers need to adopt the most advanced encryption systems, and anonymisation or pseudonymisation techniques, and to design high-speed alert systems in case of data breaches. Finally 5G security and overall managed security services is a sweet business spot for Telcos. The growing trend of enterprises’ digitization with the need for cybersecurity creates a great business opportunity for Telcos to support corporate customers and increase their market share in the promising cybersecurity market.
- Ji, X., Huang, K., Jin, L. et al. Overview of 5G security technology. Sci. China Inf. Sci. 61, 081301 2018.
- I. Ahmad, T. Kumar, M. Liyanage, J. Okwuibe, M. Ylianttila and A. Gurtov, “Overview of 5G Security Challenges and Solutions,” in IEEE Communications Standards Magazine, vol. 2, no. 1, pp. 36-43, 2018
- European Parliament, Privacy and security aspects of 5G technology, (https://www.europarl.europa.eu/RegData/etudes/STUD/2022/697205/EPRS_STU(2022)697205_EN.pdf) 2022
- Burakovsky, Leonid, and Danielle Kriz. “The imperative of enterprise-grade security for 5G.” Cyber Security: A Peer-Reviewed Journal 5.4 2022.
- Valero, J.M.J. et al. Trusted Execution Environment-Enabled Platform for 5G Security and Privacy Enhancement. In book: Abd El-Latif, A.A., Abd-El-Atty, B., Venegas-Andraca, S.E., Mazurczyk, W., Gupta, B.B. (eds) Security and Privacy Preserving for IoT and 5G Networks. Studies in Big Data, vol 95. Springer, Cham. 2022
- 5GPPP: 5G-ENSURE Security and Privacy Enablers, https://5g-ppp.eu/5g-ensure-security-and-privacy-enablers/
- Hasneen, J., Sadique, K.M. A Survey on 5G Architecture and Security Scopes in SDN and NFV. In: Iyer, B., Ghosh, D., Balas, V.E. (eds) Applied Information Processing Systems . Advances in Intelligent Systems and Computing, vol 1354. Springer, 2022.
- Ahmed, Mohiuddin, et al., eds. Next-Generation Enterprise Security and Governance. CRC Press, 2022.
- Yesmin, T., Agasti, S., Chakrabarti, K. 5G Security and Privacy Issues: A Perspective View. In: Senjyu, T., Mahalle, P.N., Perumal, T., Joshi, A. (eds) ICT with Intelligent Applications. Smart Innovation, Systems and Technologies, vol 248. Springer, 2022.
- Qiu, Q., Wang, D., Du, X. et al. Security Standards and Measures for Massive IoT in the 5G Era. Mobile Netw Appl 27, 392–403 2022.