Solutions: Top security risks in a 5G-connected world, and how to mitigate them

This article first appeared in Digital Edge, The Edge Malaysia Weekly, on February 28, 2022 - March 06, 2022.
Solutions: Top security risks in a 5G-connected world, and how to mitigate them
-A +A

Malaysia’s 5G aspirations are finally coming to fruition. Last December, 5G was officially rolled out in parts of Kuala Lumpur, Putrajaya and Cyberjaya, the financial and technology hubs of Malaysia.

The government has good reasons to celebrate this milestone. Apart from enhancing the digital lifestyle of everyday Malaysians, 5G’s high bandwidth and low latency performance will also play a major role in Malaysia’s Industry4WRD initiative — the national policy that aims to transform the manufacturing sector and related services.

By tapping into 5G, industries will soon be able to utilise cutting-edge technologies such as artificial intelligence, big data, blockchain, robotics and autonomous vehicles. According to the Malaysian Institute of Economic Research, 5G is likely to add RM8.5 billion to the country’s GDP in 2025.

Every new technology comes with a brand-new set of risks and challenges. As much as 5G opens more opportunities in areas such as manufacturing, transport and healthcare, it is also becoming an increasingly attractive target for cybercriminals. What, then, are the top 5G security risks to look out for, and how do we mitigate them?

Complexity breeds complex risks

Unlike the mobile networks before, 5G is decentralised with far more traffic routing points. While this allows the architecture to span multiple clouds and locations, the complexity also makes it more challenging for security teams to perform checks and upkeeps.

Moreover, 5G’s data transfer speed — which is up to 10 times faster than 4G — also happens to be one of its weaknesses. Since a more significant amount of data can be transferred per unit time, 5G unwittingly creates a lucrative environment for cybercriminals to steal data. On top of that, 5G’s speed makes it harder for service providers to monitor security in real time.

Finally, 5G presents multiple points of attack for cybercriminals. For example, a typical 5G network has many open interfaces that run on various Ethernet standards across a distributed architecture, making it attractive for cybercriminals to exploit Ethernet vulnerabilities and gain access to the core network.

Also, every Internet of Things (IoT)-enabled device connected to 5G is an additional point of access, and not all IoT manufacturers uphold the same security standards. With the number of connected IoT devices expected to top 30 billion by 2025, the threat landscape of 5G is about to expand exponentially.

Mitigation strategies to consider

Even as countries ramp up their 5G deployments, cybersecurity must remain a top priority. Considering the inherent complexity, however, where should organisations begin?

You can start by uncovering existing security gaps and finding out whether your network has the ability to mitigate the risks. Even if you already have trusted equipment within the network, it is still a good idea to perform consistent, thorough tests.

It is also vital to make compliance mandatory throughout the supply chain. Apart from auditing supply chain members and ensuring they adhere to the compliance standards, take time to perform code audits for back doors and other software risks too.

After setting up the 5G infrastructure, regular testing and auditing should also be performed. This includes validating everything from the security of your suppliers and software vendors to your networks and devices in the operational domain. Applications, application programming interfaces, authentication mechanisms and container orchestration must also be part of your routine tests and audits. The trick is to automate the testing and auditing processes wherever possible, then perform war-game exercises to discover weaknesses and risks early.

If these recommendations look overwhelming to implement single-handedly within the organisation, there are established partners to perform these exact tests and audits. The key is to find one that prioritises risk reduction, cost savings and continuous assessments in both the lab and live networks.

Security as a competitive edge

Complexity and security concerns are but two of the many reasons that 5G rollouts have been sluggish globally.

For example, even though it has been nearly three years since the debut of 5G, only a third of countries have 5G services. Furthermore, while the US has one of the widest 5G coverages, its average 5G speed is only twice as fast as 4G — the slowest among the 15 leading 5G markets globally.

The 5G rollout has been relatively successful in Malaysia despite some initial setbacks. The government hopes to expand 5G coverage to other major cities in states such as Selangor, Penang, Johor, Negeri Sembilan, Perak, Sabah and Sarawak by year-end. And, by 2024, the aim is to extend coverage to 80% of all populated urban and rural areas.

Looking ahead, there are as many threats to 5G as there are emerging use cases. As competition for 5G deployment heats up, a comprehensive security strategy with a proactive approach may very well become the defining competitive advantage for organisations and bring out the true value of 5G. With more sophisticated and diversified cybersecurity crimes already on the rise across Malaysia, it is more pressing than ever for various stakeholders to see 5G security not as an afterthought but as their top priority.

Churn Hoong is head of Southeast Asia at Spirent, a global provider of automated testing and assurance solutions for networks, security and positioning