There’s a lot of hype when it comes to 5G wireless networks but from a cybersecurity perspective, there’s a lot to like. For example, one of the limitations of 4G and LTE networks is that a subscriber’s unique identifier is unencrypted. 5G eliminates the issue in a way that helps both identify “man-in-the-middle” attacks and defend against them.
It also provides access to a unified authentication framework along with network slicing capabilities that makes it easier to segment sensitive data. Finally, there is an edge protection proxy that securely interconnects different networks to better maintain data consistency, accuracy, and integrity.
None of this means there are no security concerns when it comes the 5G. The Cybersecurity and Infrastructure Security Agency (CISA) just published a 5G Security Evaluation Process report that advises government agencies to consider the following five steps before taking advantage of 5G services:
- Make sure there is a use case definition to identify 5G subsystems, component configurations, applications, and interfaces.
- Define the boundary to identify the technologies and systems requiring assessment and authorization in a way that considers the ownership and deployment of the products and services.
- Conduct a high-level threat analysis of each 5G subsystem to identify the mitigating cybersecurity capabilities, including identity, credential and access management, and network security that must be addressed.
- Create a catalog of Federal security guidance that includes the Risk Management Framework, the Cybersecurity Framework, and the Federal Risk and Authorization Management Program (FedRAMP).
- Examine the alignment between security requirements and federal security guidance and assessment programs.
Naturally, what applies to government agencies should also be considered in the private sector. Much of what CISA is advising may appear to be common sense but it’s often amazing how often cybersecurity fundamentals are often ignored.
Of course, the biggest security concern may not be the network at all but rather what’s attached to it. As 5G bandwidth rates get as high as 10 gb/s, the number of devices connected to wireless networks will continue to explode. As a result, the overall size of the attack surface that needs to be defended will continue to expand. Most cybersecurity teams are already struggling to defend the attack surface as it currently stands. Each new platform added to the IT environment only increases the odds there will be more cybersecurity events to investigate and mitigate.
Hopefully, advances in automation will make it feasible for the existing pool of cybersecurity talent to secure endpoints that will be running a lot more complex software as, for example, augmented and virtual reality applications become more commonplace. There simply won’t be enough cybersecurity professionals available to defend every attack surface without relying on higher levels of automation.
It’s been a long time coming but 5G will transform IT and cybersecurity along with it. However, there will as always be tradeoffs that cybersecurity teams will need to take in stride as 5G networks become more widely employed alongside legacy networks that as is often the case won’t simply disappear overnight.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.