How 5G and IoT expands the attack surface of a Network

 

The fifth generation (5G) of cellular phone technology is upon us. You can hardly turn on your TV or stream a YouTube video without seeing an advertisement for 5G. Beyond the speed and latency advantages that 5G will offer for consumer mobile devices, the Internet of Things (IoT) will benefit from 5G’s capability to support many more simultaneous connections. With a much wider pipe—with up to 20 times the capacity of 4G (minimum peak data rate of 20 Gbps versus 1 Gbps)—5G can support many more simultaneous connections. And the invention of 5G allows for network latencies as low as 1 millisecond, up to 10 times greater than 4G. Ubiquitous IoT devices, such as sensors in vehicles, traffic lights, and roadbeds, will benefit from performance increases in 5G and make possible sci-fi use cases, including autonomous automotive applications.

But along with all the great benefits of speed, throughput, low latency, and futuristic functionality comes a downside: an expanded attack surface. With the forecast of connected IoT devices and applications estimated to exceed 67 billion by 2025—perhaps up to 75 billion—the field is rife with targets. And because many vulnerable IoT devices ship with default passwords that are rarely changed and ports that always seem to be open, for hackers, it’s like shooting fish in a barrel. The process of securing IoT devices, like any software development process, is also vulnerable to design flaws and coding mistakes.

However, not every 5G vulnerability can be laid at the doorstep of IoT devices. With new 5G wireless technology replacing older 4G LTE technology, uncertainties and risks can abound within the 5G protocols themselves. And because 5G standards are relatively young, with their definitions still evolving, 5G and IoT devices will need better security.

Would 5G and IoT cyber security compliance standards help?

Cyber security compliance standards for 5G and IoT devices can have overlapping jurisdictions in terms of applications and sectors. For example, the Payment Card Industry Data Security Standard (PCI DSS) applies to 5G networks and IoT devices involved in financial transactions conducted with credit or debit cards, and the FedRAMP cyber security standards apply to transactions involving the federal government. However, the evolving status of 5G standards and fast-changing nature of IoT devices make these kinds of compliance rules and regulations “very cumbersome and overweight,” according to Protocol, and not designed for environments that change regularly.

Nevertheless, the need to manage the risk of billions of IoT devices will continue to change the requirements and scope of 5G security. Consequently, development organizations need a proven, scalable, standards-based technology solution going forward, according to Risk & Insurance.

The National Institute of Standards and Technology (NIST) recently posted a set of draft recommendations regarding IoT cyber security. Though not enforceable, it calls for IoT manufacturers to design cyber security capabilities into their systems, including baselines for data protection, logical access to interfaces, software and firmware updates, and cyber security state awareness.

Even in existing technologies, researchers continue to discover unknown problems. For example, researchers at the Korea Institute of Science and Technology discovered 36 security flaws in 4G last year. So the reality of 5G is that as a new technology, it’s bound to have security vulnerabilities.


Thanks for reading..

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.

 
Ed Campbell