Digital Transformation
Pros and Cons of 5G
As private 5G networks continue to roll-out, CISOs and security leaders need to fully aware of the security implications to minimize cyber risk. Explore pros and cons as well as security tips for implementing private 5G.
What is 5G, really?
Pros and Cons of 5G
5G Security Considerations
Next Steps
The demands for increased agility have led to sweeping digital transformation. For example, the face of the shop floor is changing. Organizations are moving away from human-directed manufacturing to automated smart factories to use real-time data more effectively. This has led to the need for ultra-high speeds and reliability with little to no latency. Enter: 5G.
What is 5G, really?
The fifth-generation mobile network is designed to connect everyone and everything, including machines, objects, and devices at breakneck speeds with ultra-low latency.
While private and public 5G are technically the same—they use the same underlying network solutions, encoding schemes, and spectrum—the intention of each differs. As the name suggests, public 5G is available for public consumption, whereas private 5G is dedicated to the use of a single enterprise and oftentimes, at a single location.
There are two broad categories: independent and dependent 5G. In an intendent network, the organization are responsible for selecting or leasing the spectrum they wish to use, installing network solutions, managing the users, and maintaining the users. In comparison, a dependent 5G network is built and maintained by a mobile network operator (MNO). In this model, the MNO installs and maintains the network and manages user access based upon agreements with the stakeholder.
With the introduction of the 5G Stand Alone (SA) method for operating a 5G base station independently by an independent 5G core network, 5G will finally be able to simultaneously support three different requirements: enhanced mobile broadband (eMBB) (high speed and large capacity), ultra-reliable and low-latency communication (URLLC), and massive machine type communication (mMTC) (ultra-mass terminal).
Pros and Cons of 5G
According to Deloitte Insights, there were 756 private network deployments in enterprises worldwide as of January 2022, a 43% increase from the previous year. As 5G becomes a reality, organizations need to carefully consider the pros and cons of implementing private networks to guide an effective security strategy.
PROS
On-premises coverage: With many organizations using the hybrid cloud, on-premises coverage is critical. Furthermore, it extends coverage to enterprises in remote facilities where public networks don’t exist or indoor coverage is limited.
Speed and low latency: 5G dramatically reduces the time for network devices to respond to commands and reduces latency to less than 5 milliseconds (the ultimate target is 2 milliseconds according to The Third Generation Partnership Project [3GPP]}.
Capacity: With private 5G, you’re no longer competing with other public users for bandwidth. This allows you to simultaneously connect up to 100 times more devices per square kilometer than 4G, removing the need for enterprises to strategize cellular and Wi-Fi as an either/or proposition.
Advanced technologies: Particularly in the manufacturing industry, 5G networks are essential for running collaborative mobile robots, self-driving machines, automatic guided vehicles (AGVs), augmented reality (AR) predictive maintenance, and other smart factory technologies. Private 5G will enable smart factories to implement artificial intelligence (AI) and machine learning (ML) applications quickly without disrupting the production line and supply chain. There is also the potential to build a factory without wires or cable, reducing associated costs and time spent on construction.
Security: Improved security capabilities was the leading motivation of private wireless adoption for respondents in a Trend Micro and 451 Research collaborative survey. Private 5G affords security teams more flexibility to implement zero trust architectures that their own access security policies, prioritize traffic, and ensure data does not leave the network without proper authorization.
CONS
The potential of more robust security capabilities is a pro, but as with all innovative technologies, knowing how to secure it is a challenge. In fact, 48% of operators admitted they didn’t have enough knowledge/tools to deal with a security vulnerability, according to a joint Trend Micro and GSMA Intelligence report. Here are some main security concerns:
Larger attack surface: The sheer number of devices, users, and apps connected to the network expands the attack surface and increases an enterprise’s exposure to threats. 32% of operators in the GSMA report said that an increased attack surface as a key challenge to securing 5G networks.
Greater complexity: Since 5G relies on a diverse set of technologies from many great disciplines, software complexity increases. Very few are purpose-built for the 5G world; they have design limitations and blind spots that new applications and uses will exercise and expose. This means that software that was thought to be stable will reveal security defects, code bugs, and architectural limitations.
Software supply chain: 5G devices are also cause for concern, as chips and other components could be infected by malware. Additionally, management software can be vulnerable to attacks and a breach in any part of the carrier’s or organization’s infrastructure could spread throughout the network.
Data transition: Lack of encryption early in the connection process can be exploited by cybercriminals as it lets them know what devices are connected to the network. It also provides additional details like operating system and device type, enabling malicious actors to carefully plan their attacks.
Managing risk: The first step in a security assessment starts with a risk evaluation. Given the newness of private 5G environments, it’s unsurprising that only 8% of respondents in a 451 Research survey said they will complete their own risk evaluation. The majority (37%) noted they will rely on a partner to provide expertise and complete a risk evaluation. However, the lack of security experts available may leave some organizations involuntarily left to their own devices, leading to undetected cyber risk.
5G Security Considerations
The bottom line is that 5G networks or not secure by design and organizations need to have the appropriate security guardrails in place upon implementation. Consider the following for your journey to secure private 5G networks:
Start in the network: Ensure your network is secure by leveraging Secure Access Service Edge (SASE) capabilities such as Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), and Cloud Access Security Broker (CASB) as part of a broader zero trust strategy.
Go beyond endpoint security: Extended detection and response (XDR) goes beyond traditional endpoint detection and response (EDR) by collecting and correlating threat activity data across endpoints plus servers, cloud, networks, and email. This will help to contextualize threat data, providing only critical alerts instead of bogging down security teams with false positives.
Have a strong patching strategy: An increase in apps due to 5G makes organizations more susceptible to zero- and n-day attacks. Thus, establish a prioritized patching strategy to ensure your critical systems are protected.
Leverage automation wherever possible: Automation alleviates security teams from time-consuming tasks, allowing them to focus on investigation, detection, and response of critical alerts instead. For starters, look to automate configuration checks, monitoring of ingress and egress traffic, access controls, virtual patching, and reporting.
Manage cyber risk with a platform-based approach: To successfully discover, assess, and mitigate cyber risk, you need comprehensive visibility across the attack surface. Unfortunately, siloed point products hinder visibility, which can leave risk undetected. Look for a unified cybersecurity platform backed by robust security capabilities and broad third-party integrations to feed into the XDR data lake so organizations can effectively discover, assess, and mitigate cyber risk across the attack surface.
Next steps
For more information on 5G and attack surface risk management, check out the following resources: