5G momentum is ongoing, and there is competition on how next-generation 5G networks are deployed and will evolve in the coming years. But with the promise of better connectivity, these networks also involve big security threats.
Speaking at the Center for Strategic and International Studies (CSIS), FCC Chairwoman Jessica Rosenworcel mentioned that “the truth is that 5G networks connecting so much more in our lives will mean a broader attack surface for cyber events.”
Telecommunications provide the framework for an international, hyperconnected economy. This makes 5G network security an issue not only at the national level but globally as well.
According to the CSIS, 5G will shape the economic future of the United States, as 5G is the infrastructure for the next phase of digital transformation. But 5G still raises security issues that must be addressed to truly accelerate innovation and growth.
Based on a research study, the United States is expected to account for 50% of data breaches or compromises worldwide by 2023. As the lead target for cyberattacks, the US must ensure that its 5G networks are secure and resilient. This presents an opportunity for the country to set a global example in 5G network security — one that extends across policy, technology and standards and maximizes economic returns without compromising national security.
5G will open up possibilities for communications that are yet to be fully realized as connections between people and things surge, impacting agriculture, education, healthcare, energy, transportation and other verticals in society.
The Cybersecurity Problem
According to Rosenworcel, the FCC is meeting the 5G security imperative through a strategy that can “deter, defend and develop.” They are focusing on deterring bad actors, defending against untrusted vendors and developing a market for trustworthy innovation. “By doing this, we are working to help improve communications security at home and shine as an example for the rest of the world,” explained the FCC Chairwoman.
In compliance with the Secure and Trusted Communications Networks Act, the FCC has banned telecom as well as surveillance equipment or services from Chinese companies, namely Huawei, ZTE, Hytera, Hikvision, Dahua, China Mobile, China Telecom, China Unicom and Pacific Network Corp., as well as its wholly-owned subsidiary, ComNet. The FCC’s rules prohibit the use of federal funds to purchase equipment or services from these companies and provide US companies with clear signals regarding security risks.
On a similar note, the Canadian government also banned Huawei and ZTE’s 5G equipment in 2022. The restrictions were announced by the country's Industry Minister, Francois-Philippe Champagne, as a move that will improve Canada's mobile internet services and "protect the safety and security of Canadians."
Canada first announced a review of Huawei equipment in September 2018, and the companies that have already installed the equipment made by the Chinese manufacturers should remove it.
According to a 2022 research study commissioned by Nokia, 5G was supposed to make wireless networks more secure. But such optimism has not panned out, as nearly three-quarters of the 5G network operators surveyed experienced up to six security breaches or cyberattacks in the past year, causing network downtime, customer data leaks, regulatory liabilities, fraud and theft.
Beyond the new protocols and cloud-based architectures introduced as part of the 5G standards (which aim to boost the defenses of telecom infrastructure), network operators’ abilities to confront these threats must improve.
Many have revealed their insufficiency to manage ransomware threats, phishing and social engineering attacks.
A host of deployments will use 5G at the enterprise level, such as in factories, ports and hospitals. With these examples, both licensed and unlicensed spectrum will continue to coexist and be utilized, depending on the use case. Issues like interference and performance arise, which are particularly evident in the US aviation sector.
It is worth noting that the Federal Aviation Administration (FAA), AT&T and Verizon have collaborated extensively to ensure 5G C-Band radio frequency transmissions and aircraft operations can safely co-exist.
Initiatives in Securing 5G Networks
The adoption of 5G is booming in North America and is set to dominate the wireless services sector by 2025, according to GSMA Intelligence. This makes the topic of network security a priority within the region.
To support the removal of untrusted network equipment, the FCC set up a $1.9 billion reimbursement program. But the “rip and replace” process is a time-consuming and costly endeavor, and the program has proven to be underfunded.
This could be an opportunity for carriers to transition to open radio access network systems, which the FCC believes can help diversify 5G technology and grow the market for more secure 5G equipment.
On or before February 1, 2024, US airlines must modify each airplane to be radio-altimeter tolerant in order to remain secure in the presence of 5G C-Band interference.
After June 2023, approximately 21 telecom companies, including AT&T and Verizon, will begin transmitting in the C-Band at some point. In response, a Notice to Air Missions (NOTAMs) will be issued to list the specific airports where the radio altimeter is unreliable due to the presence of 5G C-Band wireless broadband interference.
The proposed Airworthiness Directive (AD) would maintain the same level of safety afforded by aviation systems before the use of the C-Band by 5G broadband networks and minimize erroneous system messages.
In Canada, a “5G and beyond” mobile network technology consortium will develop artificial intelligence systems to detect a range of cyberattacks on 5G network slices in real time.
The group, led by a team of computer scientists at the University of Waterloo, is funded by the Department of National Defense (DND) through its Innovation for Defense Excellence and Security (IDEaS) program for CAD1.5 million.
The three-year project brings together academic and industry partners, with support from Rogers Communications Canada, to create new solutions that will secure 5G mobile networks.
The Canadian Center for Cyber Security had earlier mentioned that threat actors can exploit 5G systems and disrupt the current 4G/LTE network infrastructure in Canada. Thus, traditionally insecure IoT devices are especially vulnerable as they become part of a 5G network.
As a result, the governments of Canada, Singapore and the United Kingdom have united in their belief that the IoT offers tremendous economic and social benefits and that appropriate cybersecurity requirements must be built into these connected products. This could work effectively in parallel with 5G network connectivity.