Despite the hype surrounding the roll-out of faster, higher-bandwidth 5G, the reality is that many of the services that it will enable have already been provided through its 4G predecessor and various networks. But the technology underlying 5G marks a break with the past in some important ways, including a fundamental reconceptualisation of what a communications network looks like. While the previous four generations of mobile technology were founded on physical architecture, 5G is first and foremost a virtual network — finally turning the convergence of networks and wireless communication into reality.
This shift to 5G is happening against the backdrop of the COVID-19 global emergency where larger numbers of people are working from home via communications links that are increasingly based on 5G networks. Companies that are more advanced in their digital transformation are telling us that their investment in technology, cyber security and resilience has paid off as they respond to the challenges to their operations brought by the novel coronavirus.
But these shifts have also placed intense scrutiny on cyber security. Because 5G networks connect many more devices than previous technologies, increasing the potential attack surface for cyber adversaries, there is a belief that is riskier than its predecessors. In truth, however, many of 5G’s anticipated vulnerabilities result from other elements of the ecosystem — notably the security of the end devices.
The good news is that the challenges to cyber security in 5G networks can be overcome, providing a solid basis for the innovation to deliver on its full promise.
Entering the 5G era
As with any new technology, the introduction of 5G requires a revisit in an organisation’s approach to cyber security. However, this should not distract from planning for the 5G revolution and the significant opportunities it offers. In fact, by understanding and countering the risks specific to 5G, companies can build greater resilience, and use the technology as a powerful force to generate revenues and profit in their businesses as well as good in society.
Although consumers are excited by the prospect of downloading ultra-high-definition movies in seconds, the true benefits of the technology will manifest through a wide range of innovative applications. These may well change not only how we entertain ourselves but also how and where we work, how we move around, and how we keep ourselves healthy — with AI-enabled personalisation embedded in 5G applications playing a growing role. It will provide the bedrock for smart cities, Fourth Industrial Revolution [4IR] operating models, smart homes, smart transportation, smart healthcare and myriad other potential use cases.
The ‘zero trust’ approach
Keeping 5G networks secure will be key to realising the full potential benefits for consumers, businesses and entire societies alike, and for ensuring the safety of end users.
A vital first step towards protecting any network against cyber threats — 5G included — is to understand where vulnerabilities might arise. Primarily, this is at the points of interconnection, where risks transition from one part of the network to another. With 5G, as with 4G, different companies are often involved on each side of these transitions, meaning a coordinated approach is vital to ensure security is effective from end to end.
All participants in the 5G ecosystem — including mobile operators, network vendors, system integrators and end businesses — should agree to identify, profile and assess the health of every component before it’s permitted to connect to the network, and, if appropriate, limit access to the 5G service based on this assessment. This can be achieved with a strategy grounded in the following elements:
- Zero-trust approach. A robust security posture from end to end, for all devices and software, will help reduce risk exposure across the 5G ecosystem. Having been assessed for their level of security before connecting to the network or resources, devices should only be allowed access to resources based on their need and security ‘health.’ All software — from the core to the IoT device, and from firmware to the cloud — should be checked for malware.
- Universal encryption. To minimise the risk of data being compromised or corrupted, telecommunications operators and other 5G participants should leverage strong encryption methods for securing the traffic between endpoints and services. This involves applying flexible methodologies that allow the encryption to be strengthened progressively over time as standards and risks evolve.
- Orchestration by AI. Machine learning and AI will have a vital role to play in identifying and mitigating ever-changing risks, providing the speed and accuracy of insight and intelligence needed to manage security policy. This includes their use in activities such as network traffic analysis, threat identification and infection isolation.
The strategy will help organisations to work collectively to secure the 5G environment, while not overly impacting the ability of each business in the 5G ecosystem to serve its customers and interact with partners. A proven way of operationalising this strategy is to adopt a ‘zero-trust architecture’ (ZTA) approach. This is a comprehensive security model that addresses the ‘who, what, where, why and how’ when critical data and infrastructure assets are being accessed
Under a ZTA, security capabilities enforce policy and protect all users, devices, applications and data resources, and the communications traffic between them, regardless of location or connection method.
Resilience by design
Companies that are supported by a zero-trust approach are well placed to build and embed cyber resilience in the 5G era. According to PwC’s latest Digital Trust Insights report, resilient companies get ahead with the following approach:
- Improve visibility of data assets. Resilient companies consistently track how their data assets and existing processes are affecting the core of their business. By automating a real-time asset inventory and mapping the process for ongoing and accurate visibility across the network, organisations with low resilience can begin to address their vulnerabilities.
- Test their tolerance. Resilient companies look at the big picture and recognise their tolerance level for handling risky situations. By identifying critical business services, using metrics to define impact tolerance, and then testing and mapping those tolerances to business services, companies can prepare to handle incoming threats
- Adapt and refine. Resilient companies continuously evolve their business strategies. To ensure all-around protection, highly resilient organisations refine their resiliency as they adopt new technologies. These firms often rely on a dedicated team to monitor the performance of core assets and IT dependencies, and can quickly and consistently redesign business services based on lessons learned from disruptions caused by cyber issues.
Together, these three characteristics enable an organisation to shift from a traditional disaster recovery/business continuity model to resilience by design — something that many companies will need to do as they navigate the COVID-19 crisis recovery. It is a proven way to secure organisations, operations and systems against cyber threats — and is as relevant and effective in a 5G environment as in any other.
Seize the 5G moment through trust, resilience and enablement
The advent of 5G represents a shift in the cyber security landscape. It will be the medium through which the workflow and decision chains of the automated interconnected components in tomorrow’s critical industrial and societal networks will flow. Without it, the growing millions of connected devices would be effectively useless.
Against this background, nobody would question that effective cyber security across the 5G ecosystem is non-negotiable. Effective security in a 5G world requires every participant in the value chain to play their part. A zero-trust approach backed up by ‘resilience by design’ puts cyber security at the centre of every 5G deployment.
Doing so will enable a sound cyber strategy that will ensure companies can roll out 5G quickly and safely, enabling individuals, business and society as a whole to enjoy the potential of this powerful new tool confidently and securely.
For further information on cyber security and resilience in the era of 5G, download the full report Securing 5G’s future: Why cybersecurity is key to realising the full promise of 5G networks.
