Cyber Threats
Latest CISA Paper Identifies 5G Infrastructure Risks
CISA's newest report identiies three main potential vectors that could affect 5G and its uses. The agency also outlines various sub-vectors and explain how these can be mitigated.
The latest paper from the Cybersecurity Infrastructure Agency (CISA), National Security Agency, and the Office of the Director of National Intelligence has found three major potential threat vectors to the 5G infrastructure.
“Potential Threat Vectors to 5G Infrastructure” names policy and standards, supply chain, and 5G systems architecture as the three main potential vectors to 5G.
There are two sub-threat vectors on the policies and standards category- open standards and optional controls. According to the report, if the standards are not open there may be a potential for standards to include untrusted technologies and equipment unique to their systems. Such proprietary tech and equipment can limit competition, forcing customers to adopt new technologies that are untrusted.
The report also said that not implementing optional security controls can also be damaging because it could make networks more vulnerable to cyberattacks.
The second vector, supply-chain risk, refers to "efforts by threat actors to exploit information and communications technologies (ICTs) and their related supply chains for purposes of espionage, sabotage, foreign interference, and criminal activity" , said the paper.
Supply chain sub-threat vectors include counterfeit components, which are more vulnerable to cyberattacks and more likely to break due to poor quality. These can also enable malicious actors to compromise the device's confidentiality and availability.
Another sub-threat vector is Inherited components, which come from extended supply chains from third-party supplies, vendors, and service providers. Supply chains can be compromised if suppliers with wear security controls are attacked. Especially since flaws or malware inserted early in the development stages are harder to detect.
The final major threat vector is 5G systems architecture, which is at risk because malicious actors may exploit legacy and new vulnerabilities despite organizations' continuous improvement of their 5G security.
According to the paper, there are seven sub-threat vectors in this category, including software/configuration, network security, network slicing, and legacy communications infrastructure. It also includes spectrum sharing, multi-access edge computing, and software-defined networking.
Moreover, the 5G architecture is more susceptible to attacks because these networks will use more information and technologies than older past generations, which means malicious actors have more potential entry points.
There are numerous benefits to 5G, including better transmission speed, lower latency, and greater capacity for remote execution. However, this new technology also poses unprecedented threats that can cause major headaches.
Enterprises need to understand the risks associated with 5G and establish a robust cybersecurity ecosystem to future-proof their operations and systems, ensuring the safety of their products and consumers.
As a leader in cybersecurity, Trend Micro actively researches hot threat actors that could exploit 5G networks and how the infrastructure can be better protected. To learn more about our forward-looking research and 5G security solutions, click here.