The human will to innovate is seemingly relentless. The history of our species is one of continual development, with the last 350 years, in particular, representing staggering technological progress.
The first industrial revolution mechanized production using natural elements like water. The second revolution used electricity to enable mass production; the third used electronics and information technology to automate production. The fourth industrial revolution unfolding all around us is characterized by an exponential growth in data production and the merging of the physical and digital.
Cyber-physical systems (CSPs) like the internet of things (IoT) and industrial control systems (ICS) are capable of reading and influencing physical and biological domains. They are the first wave of super-integrated realities that will see objects, systems, and humans connected in seamless and constant communication.
5G will be fundamental to this world; it is difficult to overstate this emergent technology’s importance. Though it is technically the next stage in the development of wireless networks, the 5th Generation of cellular is also nothing like its preceding four generations. As a symbol of what is to come, it straddles the physical and virtual realms, resting on physical infrastructure but operating completely in the cloud.
This evolutionary leap into the digital ether will redefine the nature and potential of communications networks. Suddenly, radical applications like autonomous vehicle operation and remote surgery and drone-operated warfare move from the conceptual to the practical.
In just the next few years we will see 5G unlock new possibilities in almost every industry, from healthcare to public safety to domestic leisure to travel, childcare, shipping, manufacturing and even warfare.
5G will change everything.
But in order for the shift to proceed safely, we will need to rethink how we approach cybersecurity. 5G is not the same as 4G or 3G. What worked in the past will not work in the future.
Two sides of the same network
Significant data breaches have been a genuine cyber threat for some time, but recently these attacks have moved into the cloud. With 5G these dangers increase in complexity, scale, and magnitude.
The reasons for this are the same as those that make 5G so powerful.
5G is very very fast. With a theoretical top speed of 20 Gbps it is up to 200 times faster than 4G. 5G also has breathtakingly low latency (the time it takes for a system to receive a response to a request). The average human reaction time to a stimulus is 250 milliseconds (ms). Most humans perceive 100ms as instantaneous. 5G’s reaction time is 1ms.
5G is able to produce these sensational results because it is an all-software cloud-based network operated through distributed digital routers. It is a decentralized system that optimizes processing speed and power by relocating operations to the fringe.
This is a revolutionary system with almost limitless possibilities, but it is also vulnerable.
Because software is inherently hackable a network, like 5G, built on software engineering is by definition open to hacking. Also, many of these software functions will be operated by AI, which is itself prone to hijacking. Take control of the AI and you take control of everything it operates.
Imagine the repercussions of a cyber attack in civic environments where AI is likely to look after traffic management and fleets of self-driving cars.
3G and 4G networks are more centralized, making it easier to conduct cyber hygiene. 5G’s edge computing decentralizes processing, moving it away from the ‘core’ of the network to the data source. This is partly what makes 5G’s sub-second latency possible, but it also makes the network harder to police.
The potential attack surface available to cyber-criminals also expands drastically under 5G. It’s connection capacity – up to one million devices per square kilometer – relies on a dense infrastructure which creates many times more network entry points for hackers.
Network slicing, another highly-anticipated feature of 5G networks, is in its infancy. We still have much to learn and understand about this ability to create multiple virtual networks on top of a common shared physical infrastructure. It is already clear, however, that cybersecurity will be a new challenge as each virtual network slice could demand unique security capabilities.
But the security risks related to 5G are not only embedded in the network, they are also born from what 5G enables.
Everything is connected
The internet of things (IoT) already connects billions of devices, chips, and sensors, everything from smart cars to children’s toys. In a 5G world, the IoT will grow exponentially to a massive internet of things (mIoT) that includes sub-domains such as the industrial internet of things (IIoT) and civic internet of things (cIoT).
The recent tech war between the US and China has centered on the purported vulnerability of Chinese companies’ technology. Products from firms like Huawei stand accused of having ‘back doors’ built into them to allow foreign agents to hack into devices and spy on their owners.
Whether this is true of Huawei or not, it is credible scenario. Even basic devices can, without our knowledge, be turned into microphones or cameras by someone who gains remote access. But infringements of personal privacy are relatively small concerns when measuring the potential fallout from the 5G mIoT.
Through 5G, smart cities will become truly possible for the first time: billions of devices with multiple application types. The attack vectors become limitless. Furthermore, products developed with short-term profit-focus are being designed as iterative models, always released as a minimum commercially-viable product. They have no baked-in protection against hackers. Security is almost impossible.
When hackers or cyber terrorists manage to compromise the systems that keep a smart city or smart factory or smart port functioning, the consequences are large-scale and a threat to physical life. When water supply, power supply, traffic management, waste removal or connectivity are disrupted, humans suffer.
5G is poised to become the most critical of critical infrastructures. Though consumer benefits like real-time gaming and lightning-fast movie downloads currently occupy the attention of the media, the real value of 5G will be felt in much bigger systems. Healthcare, transport, food and agriculture, energy, defense – each of these sectors will be revolutionized by 5G.
However, without sufficient consideration paid to cybersecurity, 5G networks could deliver as much pain as they deliver pleasure. Security cannot be an afterthought – it needs to be built into 5G from the ground up or we risk too much exposure to incursions by cyber attackers.
The US National Security Telecommunications Advisory Committee (NSTAC) recently told President Trump that, “The cybersecurity threat now poses an existential threat to the future of the nation.”
Implementing this level of security will require collaboration and organization. In most western countries, licenses to deploy 5G are granted to numerous operators. With diversity comes less alignment.
For 5G to deliver on its promises we will need to see improvements in public policy, corporate alliances, and potentially more public-private partnerships. Governments and businesses will need to work together to establish policies and operational agreements that protect free-market capitalism while guaranteeing the safety of our citizens.
Technology is changing at an exponential rate. Cybercriminals and cyber terrorists know this and take advantage of it. When 5G comes online the battlefield opens up. We need to act now in an agile and co-ordinated fashion if we hope to make the coming decades the prosperous ones the world deserves.
For over 30 years, Marin Ivezic has been protecting people, critical infrastructure, enterprises, and the environment against cyber-caused physical damage. He brings together cybersecurity, cyber-physical systems security, operational resilience, and safety approaches to comprehensively address such cyber-kinetic risk.
Marin leads Industrial and IoT Security and 5G Security at PwC. Previously he held multiple interim CISO and technology leadership roles in Global 2000 companies. He advised over a dozen countries on national-level cybersecurity strategies.