U.S. Warns of 5G Wireless Network Security Risks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an infographic underlining some of the risk factors associated with 5G wireless networks.

Building upon existing 4G Long-Term Evolution (LTE) infrastructure, 5G is designed to improve bandwidth, capacity, and reliability of wireless broadband services. The technology is intended to meet increasing data and communication requirements, offering capacity for tens of billions of connected devices. 

While 5G is expected to deliver a broad range of improvements and a better user experience, supply chain, deployment, network security, and competition and choice vulnerabilities could negatively impact the security and resilience of 5G networks, CISA says. 

In a recently published infographic, the agency details upon these risks, presenting what in its opinion represent points of vulnerability in 5G networks. 

“The 5G supply chain is susceptible to the malicious or inadvertent introduction of vulnerabilities such as malicious software or hardware; counterfeit components; and poor designs, manufacturing processes, and maintenance procedures,” CISA’s infographic reads (PDF). 

With untrusted entities providing hardware, software, and services for 5G networks, the risk of network asset compromise is increased, and this could impact confidentiality, integrity, and availability of data, CISA says. 

The agency also notes that, even if U.S. networks are secure, U.S. data remains at risk when traveling overseas through untrusted telecommunications networks. 

Potential security issues residing in the deployment of 5G networks include an increased attack surface, due to both a larger number of information and communication technology (ICT) components used compared with previous generation of wireless networks, and to locally-built networks, the infographic says. 

“Improperly deployed, configured, or managed 5G equipment and networks may be vulnerable to disruption and manipulation,” CISA notes. 

Not only will 5G networks be, in some cases, integrated with 4G LTE networks that contain some legacy vulnerabilities, but the new technology too may introduce unknown vulnerabilities, which could impact the new networks regardless of the amount of security built into them, the agency notes. 

In some cases, vendors such as Huawei build proprietary interfaces into their technologies, which limits customers’ abilities to use other equipment, forcing customers to either continue using an untrusted supplier or to completely replace existing equipment, the agency also points out. 

“Lack of interoperability may also make it difficult for trusted companies to compete, potentially limiting their ability to invest in R&D and eventually driving them out of the market,” CISA says. 

The compromise of various elements that constitute a 5G network, the agency also notes, could result in data interception and compromise, or even in disrupted data and services at a large scale. 

Related: The Time is Now to Secure for 5G