Great Power or Great Vulnerability? Securing 5G and 6G Networks

As our world becomes increasingly virtual, fast, and reliable network connections have never been more critical. Businesses and consumers alike expect a fully connected experience in all aspects of their lives and eagerly await 5G’s faster data speeds, lower latency, and increased connectivity.

5G will become a key driver of our digital economy. In their 2020 State of the Mobile Economy report (PDF), the Global System for Mobile Communications (GSMA) predicted that 5G would contribute $2.2 trillion to the global economy by 2034, and in turn, will be “the first generation in the history of mobile to have a bigger impact on enterprise than consumers.” 5G’s always-on connectivity, zero-lag video communication, and augmented reality applications will significantly increase productivity. At the same time, automation, artificial intelligence, and the Internet of Things (IoT) will drive new business opportunities across healthcare, manufacturing, smart cities, and more. 

And while it’s likely at least ten years away, some major carriers are already researching 6G. This next generation promises to bring even faster speeds, even lower latency, and even more bandwidth to instantly deliver information across decentralized, autonomous networks. 

With great power comes great vulnerability 

5G and 6G networks will have a significantly larger attack surface than their predecessors, thanks to innovations in IoT, virtualized networks, and open source technologies. Their software-defined nature brings about various new security concerns that could lead to theft of sensitive data, disruptions of connected devices, and attacks on the network itself at an unprecedented scale. As a result, companies should assess and improve their 5G and even 6G cyber readiness before these networks are widely available. 

IoT’s multifaceted security risks

A 2020 Cybersecurity Insiders survey revealed that 72% of organizations experienced an increase in endpoint and IoT security incidents in the last year, with the top three issues being malware (78%), insecure network and remote access (61%), and compromised credentials (58%). 

An IoT network can include tens of billions of smart devices — and each one is a potential gateway to (or target of) cyber-attacks. Once one device is hacked, it’s possible an attacker could potentially misuse that device and move laterally through the network, accessing sensitive records, intellectual property, and other connected devices. When you think about IoT applications in healthcare, smart cities, and other mission-critical services, the cybersecurity risks become even more apparent. Just imagine an attacker taking control of a connected car or gaining control of someone’s pacemaker!

As IoT accelerates in a 5G- or 6G-enabled world, businesses must invest in security initiatives to protect all entry points. And since networks provide the foundation for IoT, ensuring their reliability and security is critical. Finally, while cyber readiness responsibility should not fall solely on the end-user, companies that leverage IoT should educate employees on cyber hygiene. 

The increased vulnerabilities of virtualized networks 

A key innovation of 5G and 6G networks is the virtualization of network functions previously performed by hardware. While this helps companies manage, monitor, and optimize networks more effectively, it also makes them more susceptible to attacks. If threat actors gain control of the software that manages the networks, they can identify and exploit vulnerabilities in a variety of ways — from wrongful access, to DDoS, to malware. 

To prepare for and prevent attacks on virtualized networks, businesses must embrace “security by design” and build security into each phase of the software development lifecycle. Software-defined cyber protections must be dynamic, with automated responses that stay ahead of equally active security threats. Cybersecurity teams can also measure risk, expose gaps in networks, and fix vulnerabilities before attackers exploit them. Finally, teams should evaluate their software maintenance and update processes to proactively address flaws before cyber attackers discover them.  

Open source creates new security threats

5G and future 6G networks will be built with open-source software and standards, allowing for faster and more frequent implementations and, in turn, a broader attack surface. Open source’s increased transparency means that anyone, including cybercriminals, will be able to inspect the code to identify and exploit vulnerabilities. 

Ironically, as a recent 5G Americas report (PDF) points out, the same transparency that increases risk can also make open source technologies more secure. Increased code visibility enables a much larger community of developers to identify, patch, and update vulnerabilities. To prepare for 5G, businesses need to operationalize how they will manage and act on vulnerabilities and patches flagged by the open-source community. 

Securing 5G and 6G is a top business priority

These upfront security investments and cyber diligence initiatives are smart business strategies for all parties participating in 5G and eventually 6G. Staying more than one step ahead of cyber adversaries will ensure that businesses, customers, employees, and consumers, will be able to reap the benefits of the next generations of networks.