5G and IoT security: Why cybersecurity experts are sounding an alarm
Without regulation and strong proactive measures, 5G networks remain vulnerable to cyberattacks, and the responsibility falls on businesses and governments.
IoT – Seemingly everywhere you turn these days there is some announcement about 5G and the benefits it will bring, like greater speeds, increased efficiencies, and support for up to one million device connections on a private 5G network. All of this leads to more innovations and a significant change in how we do business.
But 5G also creates new opportunities for hackers.
Gartner predicts that 66% of organizations will take advantage of these benefits and adopt 5G by 2020 — with 59% of them planning to use 5G to support the Internet of Things across their business.
The 5G landscape today
Already, manufacturers including Nokia, Samsung, and Cisco have either started developing 5G enterprise solutions or have publicly announced plans to do so.
In the enterprise, full deployment of private 5G networks will take time, as it requires significant investments to upgrade legacy network infrastructures, observers say. In the meantime, there are instances of devices in the workplace already operating on a 5G network.
But using IoT devices without a private 5G network or adequate technical knowledge could put organizations’ and their employees’ privacy at risk.
“You absolutely have to have [5G security] on your radar right now,” said Monique Becenti, channel and product specialist at cybersecurity provider SiteLock. It’s also critical to have security measures in place for personal data.
“If you’re using a mobile device for banking transactions you’re leaving that susceptible to an attacker intercepting that data,” she said. “With 5G, our main concern is with IoT innovations.”
Often, developers face pressure to get software quickly to market so critical testing could be missed, Becenti said. “With 5G this isn’t any different–especially in a market where security may not be top of mind.”
She pointed out that the IoT devices market isn’t regulated and therefore not required to meet certain security requirements, despite cyberattacks like the Mirai botnet in 2016 and 2018. “Devices are open right now and susceptible … so there are more potential entry points for attackers” that are scanning for open ports in the devices’ software so they can deploy malicious bots and scripts.
Telecom provider Ericsson concurred, saying that it is imperative that IoT devices are secure from the start to protect personal data, business-sensitive information, and critical infrastructure.
Why 5G networks pose greater security concerns
There are five ways in which 5G networks are more susceptible to cyberattacks than their predecessors, according to the 2019 Brookings report, Why 5G requires new approaches to cybersecurity. They are:
- The network has moved from centralized, hardware-based switching to distributed, software-defined digital routing. Previous networks had “hardware choke points” where cyber hygiene could be implemented. Not so with 5G.
- Higher-level network functions formerly performed by physical appliances are now being virtualized in software, increasing cyber vulnerability.
- Even if software vulnerabilities within the network are locked down, the 5G network is now managed by software. That means an attacker that gains control of the software managing the network can also control the network.
- The dramatic expansion of bandwidth in 5G creates additional avenues of attack.
- Increased vulnerability by attaching tens of billions of hackable smart devices to an IoT network.
A call to action on 5G security
From the 5G network point of view, trust in IoT devices is based on trustworthiness of the device’s hardware, software, and configuration, as well as the applications running on it, Ericsson said. It will also be defined by how well network operators and those who manage IoT devices govern:
- Identities and data
- Security and privacy
- Actor compliance with agreed security policies, end-to-end
For their part, businesses can enhance security by ensuring patches are applied in the form of software updates, Bencenti said. “They should also be properly testing these devices in QA [quality assurance] testing before they go to market, and ensure they close any open ports that lead to exposed entry points.”
The lack of regulations for 5G security, “is why these attacks happen day in and day out” and is also the reason, “2019 was considered the worst year for cybercrime,” Bencenti said.
This article originally appeared on techrepublic.com To read the full article and see the images, click here.
Nastel Technologies uses machine learning to detect anomalies, behavior and sentiment, accelerate decisions, satisfy customers, innovate continuously. To answer business-centric questions and provide actionable guidance for decision-makers, Nastel’s AutoPilot® for Analytics fuses:
- Advanced predictive anomaly detection, Bayesian Classification and other machine learning algorithms
- Raw information handling and analytics speed
- End-to-end business transaction tracking that spans technologies, tiers, and organizations
- Intuitive, easy-to-use data visualizations and dashboards
Nastel Technologies is the global leader in Integration Infrastructure Management (i2M). It helps companies achieve flawless delivery of digital services powered by integration infrastructure by delivering tools for Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate, to answer business-centric questions, and provide actionable guidance for decision-makers. It is particularly focused on IBM MQ, Apache Kafka, Solace, TIBCO EMS, ACE/IIB and also supports RabbitMQ, ActiveMQ, Blockchain, IOT, DataPower, MFT, IBM Cloud Pak for Integration and many more.
The Nastel i2M Platform provides:
- Secure self-service configuration management with auditing for governance & compliance
- Message management for Application Development, Test, & Support
- Real-time performance monitoring, alerting, and remediation
- Business transaction tracking and IT message tracing
- AIOps and APM
- Automation for CI/CD DevOps
- Analytics for root cause analysis & Management Information (MI)
- Integration with ITSM/SIEM solutions including ServiceNow, Splunk, & AppDynamics