Cyber security considerations for 5G networks - ITSAP.80.116

Although cellphones feel like they have always been an essential part of our lives, the rapid transformation of wireless technology took only forty years to get to where it is today. The networks that power advanced software features such as data sharing, streaming, and application downloads have also come a long way.

The first two generations of wireless cellular technology supported limited amounts of phone calls, texts, and downloads. Third and fourth generations introduced high quality calls with data, video streaming, online gaming, and long term evolution (LTE) which allowed for even faster download speeds and the widespread use of mobile devices.

 

What is 5G?

Unlike the generations of cellular networks before it, the fifth generation (5G) promises more than just a faster mobile internet connection. It has the potential to fundamentally change telecommunication networks. With claims of increased bandwidth, 5G networks can potentially connect to billions of connected devices and handle large data transfer with faster reaction time.

5G networks claim they can support emerging technologies that 4G networks simply cannot, and therefore will have significant impact for critical infrastructure sectors such as health, transport, energy and many others.

For example, 5G could further:

  • Support the deployment of Internet of Things (IoT) infrastructure in smart cities and buildings such as sensors, cameras, and automated vehicles.
  • Improve healthcare through increased connectivity in rural areas and remote diagnostic tools.
  • Advance the efficiency of drones used by farmers to monitor crops.

In every industry, 5G is predicted to contribute to massive changes that will remove current network limitations and drive global growth.

How does 5G work?

Wireless networks are made up of cell towers that send and receive data through radio waves. 4G networks use these large towers to send signals over long distances. However, due to physics, higher frequencies do not travel as far and are easily blocked by physical objects, such as trees or buildings. 5G networks send signals through large numbers of small cell stations in light poles or on top of buildings to counter this. Small cell stations can leverage low, mid, and high-band spectrums and require greater network capacity and reliability in high density areas.

One new feature of 5G networks is known as network slicing. This will allow for the creation of multiple logical networks on a single physical 5G network. Each of the networks can then support different connection speeds as needed. For example, a faster network slice can support a virtual reality connection, where high performance and low latency are crucial, such as when performing remote assisted surgery. A slower connection, on the other hand, might support a smart fridge.

What are the benefits of 5G?

Some of the key transformative benefits claimed by 5G include:

  • Low latency: Latency refers to the time data takes to travel from one destination to another. 5G networks have extremely low latency resulting in very minimal delays over a network connection.
  • Increased bandwidth: A 5G network could shorten the time required to download large files from hours to minutes as well as send and receive more data than ever before.
  • Network capacity and slicing: Far more devices can be connected on a 5G network, increasing traffic and data. The overlay of separate logical networks on a shared network allows devices to use only the required capacity.

What are the security risks?

While it is an emerging technology with apparent benefits, 5G does pose a number of security risks to keep in mind. For example:

  • Threat actors can exploit 5G systems and disrupt the current 4G / LTE network infrastructure in Canada. Since 5G networks allow for billions of connected devices, traditionally insecure IoT devices that become a part of this network may be especially vulnerable.
  • Increased risks due to supply chain attacks against 5G infrastructure could lead to malicious software and hardware being provided by untrusted vendors. Concerns with select vendors are being examined by the Government of Canada.
  • The increased volume of data flowing over 5G networks will create a strain on security monitoring intended to seek out vulnerabilities, threats, and suspicious activity in network traffic.
  • 5G supports the transition away from traditional core network boundaries towards edge computing, where computing resources are moved to wherever the infrastructure is located, rather than a central hub. However, this increases the chance of untrusted and potentially unsecured devices connecting to the 5G network.

How can my organization prepare?

You can prepare your organization for 5G technology by establishing a solid foundation of cyber security measures. Some key actions to implement include:

  • Protect your network and devices: As 5G technology increases the attack surface for threat actors, measures such as patching vulnerabilities through software updates, installing anti-malware software, firewalls, network segmentation, and protective Domain Name Systems (DNS) are key for prevention and recovery.
  • Protect your systems: Multi-factor authentication (MFA), incident response plans, and robust backup plans will ensure that critical systems can survive potentially disruptive cyber incidents and manage the risks of significant increases in data processing.
  • Educate and prepare users: Up-to-date cyber security and privacy awareness training safeguards employees against social engineering tactics by threat actors. Preventative measures, such as using MFA and virtual private networks (VPN), protect the sensitive data and information of users.

For additional measures your organization can take to enhance your cyber security posture, refer to ITSAP.10.102 Cyber Security Hygiene Best Practices for Your Organization. The Government of Canada is developing a policy statement on 5G wireless technology to maximize its benefits while ensuring that its implementation is secure and adaptable to the changing threat environment.

Date modified: