5G Innovations and Cybersecurity Risk

For the past few years, scientists have evaluated the capabilities of 5G networks, including their ability to support innovative services. 5G has the potential to affect the lives of millions of people by optimizing existing technologies to reduce harmful emissions, improve health services and increase safety.^{1, 2, 3}

Conversely, 5G’s performance requirements, including coverage, interoperability, reduced latency, improved bandwidth, integration and reliability, may conflict with security and privacy laws such as the US State of California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation (GDPR) and the US Health Insurance Portability and Accountability Act (HIPAA).^{4, 5, 6} As a result, it is critical for practitioners to understand 5G’s risk factors such as unique identifiers, software-defined networking (SDN) vulnerabilities, and interoperability’s impact on strong access control.

The Mobile Device Industry Is Booming

The mobile device industry has notable influence on economic growth and generates 4.5 percent of the global gross domestic product (GDP).⁷ The wireless communication industry comprises more than 8 billion mobile subscriptions.⁸ In addition, several reports indicate there will be more than 20 billion IoT connections by 2025, which will generate approximately 45 exabytes (EB) of data per month.^9, 10 Producing high-quality networks with latencies of less than 1 millisecond and data rates up to 10 gigabytes per second (Gbps) will continuously challenge wireless communication providers.¹¹

Further, advanced Global System for Mobile Communications (GSM) networks, Wideband Code Division Multiplexing Access (WCDMA), Long-Term Evolution (LTE), IoT, cloud technologies, artificial intelligence (AI) and virtualization will present compelling challenges for network engineers.¹² Figure 1 highlights the billions of IoT connections that will be present by 2025 and figure 2 shows how widely 5G will be adopted by 2025.¹³

Source: GSMA, The Mobile Economy 2022, United Kingdom, 2022, https://www.gsma.com/mobileeconomy/. Reprinted with permission.

Source: GSMA, The Mobile Economy 2022, United Kingdom, 2022, https://www.gsma.com/mobileeconomy/. Reprinted with permission.

The Advantages of 5G

5G distributes on-demand network services to users with minimal latency rates of around one millisecond (ms).¹⁴ 5G increases 4G’s maximum data rates from 1 Gbps to 10 Gbps, 600 times faster than 4G and 10 times faster than Google Fiber’s typical home service.^{15, 16} 5G is a combination of numerous access technologies, such as New Radio (NR), LTE and wireless local area networks (WLANs).¹⁷

5G is an improvement from 4G with regard to service quality and user experience; however, it also functions as a quintessential example of a transformation that will revolutionize WLAN technologies and cloud computing.¹⁸ 5G employs newer technologies such as SDN and network function virtualization (NFV) to offer customizable software-oriented systems and infrastructure.^{19, 20, 21, 22}

5G has wide-ranging implications that will reshape various aspects of society, such as continual investments into autonomous vehicles (AVs) and device-to-device interactions.^{23, 24, 25} SDN, the Internet of Things (IoT), the cloud and virtualization are essential components of 5G.^{26, 27} Accordingly, many cloud providers and digital service providers adopt these technologies to prepare for 5G expansion. The Fifth Generation Public-Private Partnership (5GPPP) formulates 5G standards and is one the world’s most recognized research organizations.²⁸ In addition, the European Commission and Information and Communications Technology (ICT) influence 5GPPP’s standards.²⁹

5G will transform the way enterprises conduct business by:

• Enhancing mobile broadband for services such as ultra high-definition (UHD) video, virtual reality (VR) and augmented reality (AR)
• Enabling communication for devices sending small amounts of information such as sensors for inventory management and smart cities
• Introducing ultra-reliable and low latency communications for high availability and throughput for AVs, smart grids, ehealth, industrial automation and automated traffic control³⁰
• Evolving ehealth and telemedicine services by enabling healthcare providers to establish remote assistance and health monitoring services and leveraging drones to transport medicine and medical equipment
• Providing longer battery life and increased bandwidth to support newer services such as the Industrial Internet of Things (IIoT), AVs and unmanned aerial vehicles (UAVs)
• Integrating Industry 4.0 technologies to optimize factory operations such as the supply chain and IIoT
• Improving environmental protection by optimizing radio access for smart grids, gas sensors, ozone sensors and temperature sensors
• Providing real-time administration for heavy machinery, inventory management, and product tracking via IoT sensors and ultra high-definition (UHD) cameras
• Collecting environmental data to improve workplace health; data management for smart cities; and remote access for power, water and gas meters
• Supporting environmental protection by allowing remote administration of UHD cameras for surveilling car plates and abandoned hazardous waste
• Monitoring building structures in preparation for natural disasters such as earthquakes
• Enhancing agriculture cultivation, irrigation and fertilization systems
• Equipping law enforcement with smart eyewear and remote-controlled drones fitted with UHD cameras
• Embedding cellular-vehicle to everything (C-V2X) chipsets to implement vehicle to network (V2N) communications for increasing safety (e.g., by reducing collisions)^{31, 32, 33}

5G’s Conflict With Enterprise Governance

5G’s multifaceted nature and continuous growth make it difficult to develop strategies and consider how mass adoption will influence enterprises’ goals and portfolios of services.^{34, 35, 36} For example, 5G requires a drastically altered approach to designing cybersecurity policies, standards, procedures, baselines and guidance.^{37, 38, 39} For instance, COBIT's design factors must consider the emergence of advanced technology such as 5G. Furthermore, enterprises will have to reassess the COBIT^® governance components to evaluate how existing principles, policies and frameworks will manage the risk associated with 5G. In addition, the organizational structure, process, culture, ethics and behavior components will be influenced by the practices, decision-making entities and behavior required to adopt and integrate 5G technology within the enterprise architecture. Historically, countries and enterprises have reactively applied safeguards and countermeasures when embracing new technology, resulting in exorbitant costs and an increased likelihood of data breaches.^{40, 41} Notably, 5G’s evolution will shift control development from reactive to more proactive and versatile approaches.^42, 43, 44

Do Practitioners Have the Skills to Audit Emerging Technologies?

Mobile device enterprises compete to entice qualified professionals because advanced wireless communications and infrastructure require technical skills from specialists such as system designers, engineers and software programmers.⁴⁵ 5G’s advanced technology illuminates a demand for competent and educated professionals.⁴⁶

Likewise, this need reveals a competency gap in ensuring enterprises hire auditors who understand 5G technology and possess the skills to audit wireless communications. For example, there is minimal guidance or standards for the knowledge, skills and abilities required for network engineers who plan and design 5G networks or the next generation of auditors who need to audit these technologies.⁴⁷

To establish a comprehensive approach for 5G cybersecurity, organizations can leverage frameworks from the ISO, NIST and CIS.

Next-generation auditors may need to enhance their technical proficiency by acquiring vendor-specific certifications and credentials in networking and telecommunication such as those offered by Cisco, Palo Alto Networks and Certified Wireless Network Professionals (CWNP).^{48, 49, 50, 51}

Cybersecurity Concerns for 5G

Although there are many benefits of 5G, like any emerging technology it also introduces diverse threats, and numerous facets of 5G security risk are still undergoing research.⁵² For example, 5G’s accessibility and multitudinous devices accelerate the likelihood of successful denial-of-service (DoS) attacks, saturation attacks, eavesdropping and spoofing attacks.⁵³ 5G’s extensible architecture and focus on speed could diminish concerns for adequate security controls to prevent potential attacks.^54, 55, 56

The National Cybersecurity Center of Excellence collaborates with vendors such as AT&T, Cisco, Intel and Palo Alto Networks and has published 5G Security Guidelines for public consultation.^57, 58, 59 In addition, the European Union Agency for Cybersecurity (ENISA) has published a few 5G security-related documents.⁶⁰ To establish a comprehensive approach for 5G cybersecurity, organizations can leverage frameworks from the International Organization for Standardization (ISO), the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS). Experts advise that enterprises acquire intrusion detection and prevention systems to distinguish attacks.⁶¹ Furthermore, studies accentuate the benefits of mutual authentication and reliable encryption without hindering 5G’s performance. Other recommended security considerations for 5G include:⁶²

• Focusing on preventing threats via firewalls and intrusion-detection tools 
• Terminating advanced malware via heuristics and behavior-based controls and implementing sandboxing
• Adopting machine learning and big data analytics, and using packet captures to identify threats that evade basic filters
• Incorporating domain name system (DNS) intelligence to help protect against malicious attacks
• Using threat intelligence to stay aware of the latest techniques and understand malicious behavior

The growth of advanced technologies and unique services creates new risk and uncertainty for cybersecurity professionals. For example, 5G’s security assurance requires different safeguards and countermeasures across access, infrastructure and service levels. Consequently, 5G’s open and adaptable architecture uses enabling technologies such as SDN, NFV and network slicing.⁶³

These technologies and integrations create apprehension within the security; governance, risk management and compliance (GRC); and IT audit communities and influence additional research focus creating appropriate security controls.

Critical and sensitive services such as public safety and ehealth require more assurance than customer-based technologies such as VR and AR.^64, 65 Many privacy concerns result from the enormous volume of devices and personal identifiers traveling across the 5G network.⁶⁶ For example, various types of IoT technologies may have unique identifiers.⁶⁷ As a result, enterprises must develop effective methods to manage enormous volumes of data and prevent personally identifiable information (PII) breaches.^68, 69

Conclusion

Researchers claim that 5G communications are vulnerable to multiple types of attacks, which could have a widespread effect on the entire 5G network. These attacks are feasible because many interconnected systems depend on each other to function correctly. To stay ahead of these potential vulnerabilities, practitioners must understand 5G’s heterogeneous architecture and the dependencies that govern its performance. They need to move away from the “implement first, think later” philosophy and use scientific research and industry frameworks to improve implementation and audit guidelines.

Endnotes

¹ Marabissi, D.; L. Mucchi; R. Fantacci; et al.; “A Real Case of Implementation of the Future 5G City,” Future Internet, vol. 11, iss. 1, 2 December 2018, https://doi.org/10.3390/fi11010004
²  Peterson, L.; O. Sunay; 5G Mobile Networks: A Systems Approach, Systems Approach LLC, USA, 2022, https://5g.systemsapproach.org/
³ Rodriguez, J.; Fundamentals of 5G Mobile Networks, John Wiley and Sons, Inc., USA, 2015
⁴ Akgun, B.; “Achieving Secure Communications in Dense Multiuser Mimo Systems for 5G and Beyond,” The University of Arizona, Tucson, USA, 2019, https://repository.arizona.edu/handle/10150/636623
⁵ Du, Z.; B. Jiang; Q. Wu; Y. Xu; K. Xu; Towards User-Centric Intelligent Network Selection in 5G Heterogeneous Wireless Networks, Springer Singapore, Singapore, 2020
⁶ Op cit Marabissi et al.
⁷ Ibid.
⁸ Dun and Bradstreet, “Wireless Telecommunications Equipment Manufacturing,” First Research Industry Profiles, 27 May 2019, https://www.proquest.com/reports/wireless-telecommunications-equipment/docview/2234482578/se-2?accountid=44888
⁹ Ibid.
¹⁰ Mishra, A.; Fundamentals of Network Planning and Optimisation 2G/3G/4G: Evolution to 5G, 2^nd Edition, John Wiley and Sons, Inc., USA, 2018
¹¹ Ibid.
¹² Ibid.
¹³ GSMA, The Mobile Economy, United Kingdom, 2022, https://www.gsma.com/mobileeconomy/
¹⁴ Liyanage, M.; I. Ahmad; A. Abro; A. Gurtov; M. Ylianttila; A Comprehensive Guide to 5G Security, John Wiley and Sons, Ltd., USA, 2018
¹⁵ Huawei, Securing the Future of 5G, AI Business eBook Series, China, 2022, https://www.tradepub.com/free-offer/securing-the-future-of-5g/w_huaw02?sr=hm&_t=hm
¹⁶ Op cit Liyanage
¹⁷ Ibid.
¹⁸ Ibid.
¹⁹ Launay, F.; A. Perez; LTE Advanced Pro: Towards the 5G Mobile Network, John Wiley and Sons, Inc., USA, 2019
²⁰ Op cit Liyanage
²¹ Penttinen, J.; 5G Explained: Security and Deployment of Advanced Mobile Communications, John Wiley and Sons, Inc., USA, 2019
²² Pujolle, G.; Software Networks: Virtualization, SDN, 5G and Security, 2^nd Edition, John Wiley and Sons, Inc., USA, 2019
²³ Op cit Huawei
²⁴ Latif, S.; J. Qadir; S. Farooq; M. Imran; “How 5G Wireless (and Concomitant Technologies) Will Revolutionize Healthcare?” Future Internet, vol. 9, iss. 4, 11 December 2017, https://doi.org/10.3390/fi9040093
²⁵ Op cit Penttinen
²⁶ Op cit Pujolle
²⁷ Op cit Rodriguez
²⁸ Op cit Mishra
²⁹ Ibid.
³⁰ Op cit Liyanage
³¹ Op cit Huawei
³² Op cit Latif
³³ Op cit Marabissi
³⁴ Barona López, L.; A. Valdivieso Caraguay; J. Maestre Vidal; M. Sotelo Monge; L. García Villalba; “Towards Incidence Management in 5G Based on Situational Awareness,” Future Internet, vol. 9, iss. 1, 2017, https://doi.org/10.3390/fi9010003
³⁵ Op cit Pujolle
³⁶ Zhang, Y.; Network Function Virtualization: Concepts and Applicability in 5G Networks, John Wiley and Sons, Inc., USA, 2018
³⁷ Op cit Barona Lopez et al.
³⁸ Op cit Du et al.
³⁹ Op cit Penttinen
⁴⁰ Op cit Huawei
⁴¹ Op cit Barona Lopez et al.
⁴² Op cit Du et al.
⁴³ Jayakody, D.; K. Srinivasan; V. Sharma; 5G Enabled Secure Wireless Networks, Springer International Publishing, Switzerland, 2019
⁴⁴ Op cit Mishra
⁴⁵ Op cit Dun and Bradstreet
⁴⁶ Ibid.
⁴⁷ Op cit Mishra
⁴⁸ Certified Wireless Network Professionals (CWNP), “Information Technology Certifications for Wi-Fi Careers,” https://www.cwnp.com/it-certifications/
⁴⁹ Cisco, “Cisco Certifications,” https://www.cisco.com/c/en/us/training-events/training-certifications/certifications.html
⁵⁰ Palo Alto Networks, “Education Services,” https://www.paloaltonetworks.com/services/education#catalog
⁵¹ Curtis, B.; “Creating the Next Generation Cybersecurity Auditor: Examining the Relationship Between IT Auditors’ Competency, Audit Quality, and Data Breaches,” Capitol Technology University, April 2022, https://www.proquest.com/dissertations-theses/creating-next-generationcybersecurity-auditor/docview/2680312317/se-2
⁵² Op cit Jayakody et al.
⁵³ Ibid.
⁵⁴ Op cit Barona Lopez et al.
⁵⁵ Op cit Du et al.
⁵⁶ Op cit Jayakody et al.
⁵⁷ Palo Alto Networks, “Extend Zero Trust to Your 5G Environment,” https://www.paloaltonetworks.com/network-security/5g-security-for-enterprises
⁵⁸ Cisco, “Cisco Private 5G,” https://www.cisco.com/c/en/us/products/wireless/private-5g/index.html#~use-cases
⁵⁹ National Cybersecurity Center of Excellence (NCCoE), “5G Cybersecurity,” https://www.nccoe.nist.gov/5g-cybersecurity
⁶⁰ European Union Agency for Cybersecurity (ENISA), 5G Cybersecurity Standards, Greece, 16 March 2022, https://www.enisa.europa.eu/publications/5g-cybersecurity-standards
⁶¹ Ibid.
⁶² Ibid.
⁶³ Op cit Liyanage
⁶⁴ Ibid.
⁶⁵ Op cit Mishra
⁶⁶ Fang, D.; Efficient and Flexible Solutions for 5G Wireless Network Security, The University of Nebraska, Lincoln, USA, 20199, https://www.proquest.com/dissertations-theses/efficient-flexible-solutions-5g-wireless-network/docview/2297413994/se-2?accountid=44888
⁶⁷ Ibid.
⁶⁸ Op cit Fang
⁶⁹ Op cit Liyanage

Blake Curtis, SC.D, CISA, CRISC, CISM, CGEIT, CDPSE, COBIT 2019 Foundation, Design and Implementation, CISSP, NIST CSF

Has successfully created global information assurance programs for government, commercial, international and healthcare sectors. He leads teams that assess various aspects of risk and ensures compliance with applicable state, federal and regulatory requirements. In addition, Curtis manages large initiatives that leverage a combination of governance and security frameworks to develop tailored programs for enterprises. He is also a research scientist who led an international study titled The Next Generation Cybersecurity Auditor, where he discovered a technical competency gap in Big Four IT auditors and subject matter experts. He also helped debunk the 10,000-hour rule and years of experience fallacy. His study proved that task-based experience is more objective than time-based experience. Curtis is also the author of How to Complete Your Master’s Degree in One Semester, which has helped more than 150 students complete their master’s degrees in record-setting times.