The UK’s recent decision to phase out Huawei infrastructure from UK telecoms networks has brought concerns around 5G deployment back to the top of the news agenda. There are a wide-ranging list of reasons, varying in legitimacy, of why different groups are concerned about 5G – whether this is over privacy and data sharing, the cost and logistics of implementing such a major change to the telecoms industry, or even wild conspiracy theories. In the most extreme case, this has resulted in attacks on engineers and the destruction of masts.
However, there is a pressing challenge inherent in 5G that is being drowned out by this noise around network rollouts and the Huawei furore. 5G brings with it unprecedented levels of connectivity, particularly as it extends well beyond mobile devices and into the objects around us, the Internet of Things (IoT). This brings an unprecedented shift to mobile networks as we know it – providing service for phones will no longer be the primary function, instead it will be to provide service for IoT devices.
Already, IoT is by no means a niche market – but with the greater bandwidth that 5G allows these devices will become fully integrated into our daily lives. The smart homeIoT devices market is expected to expand revenue generation from $24.8 billion per annum in 2020 to $108.3 billion in 2029. In response, the traditional mobile ecosystem is set to expand exponentially. With 43 billion IoT devices connected by 2023, 5G networks will be handling unparalleled levels of communication between devices.
Advantages of IoT
There are major advantages to the rollout of IoT devices. In homes around the world, IoT is already in use, whether it be a fridge that tells you, you’re running out of milk or a thermostat that reacts to the weather forecast. But the potential of IoT extends well beyond domestic gimmicks – it is set to have a transformative effect on countless industries. For instance, manufacturing can be made significantly more efficient using the Industrial Internet of Things (IIoT) where processes are automated and streamlined, reducing human error, enhancing product quality and reducing production time and costs.
The applications of IoT do not stop there – it is likely that it will play a role in critical infrastructure in cities around the world. Take for example the city of Santander in Spain: the municipal government has rolled out an app which enables citizens to use services such as a parking search function, environmental monitoring and a live digital city agenda through a network of over 10,000 sensors, communicating in real time and responding to changes instantly.
Inevitably this unprecedented connectivity comes with some major risks. The stakes in terms of security are much higher – 5G networks going down will no longer mean just smartphone disruption – these devices are incorporated into critical infrastructure, and thus could quickly become a matter of national security.
This is an issue as, with standalone 5G networks still in development, the majority of mobile operators are deploying non-standalone 5G, which are still reliant on previous generation networks and all of the security vulnerabilities they hold.
Network protocols
These networks run off inherited signaling protocols (SS7, Diameter and GTP), which are flawed, which means 5G and the IoT that runs on it can be exploited as well. Many of the protocols are decades old and, with operators adopting a ‘connect first, secure later’ approach, they leave themselves exposed to attacks which have been plaguing previous generations for years. In practice, this means that attackers could use a DoS (Denial of Service) attack to interfere with network equipment and leave an entire city without communications, defraud operators and customers, impersonate users to access various resources, and make operators pay for non-existent roaming services.
The issues by no means stop there – another fundamental problem is that greater connectivity means more points of access for a potential hacker, and thus an increased potential for catastrophic damage, as the impact of attacks could be far more extensive than ever before. These attacks don’t just come with financial consequences – the collapse of IoT in critical metropolitan infrastructure, hospitals or industrial manufacturing comes with the very real risk of loss of human life. Indeed, a denial of service attack becomes so much bigger than simply a slow internet connection stopping you from posting a picture on Instagram. It can cripple cities which are beginning to use IoT devices in various ways from national infrastructure to industry to defense.
Mitigating attacks
There are, however, steps that operators can take to mitigate these attacks. Security must be a priority during network design. This is truer now than ever before, as operators begin to roll out 5G networks. Attempts to implement security as an afterthought at later stages may cost much more: operators will likely need to purchase additional equipment, especially when integrating them into complex IoT systems. In addition, signaling traffic must be monitored and analysed as it crosses the network border to identify potential threats and configuration errors.
Such monitoring is encouraged by GSMA guidelines (the GSMA is an industry organisation that represents the interests of mobile network operators worldwide). To implement this, operators need to employ special threat detection systems that can analyse signal traffic in real time and detect illegitimate activity by external hosts. Coupled with filtering or firewalling functionality, these solutions block illegitimate messages without impacting network performance or subscriber availability. This is especially crucial when it comes to IIoT, as a down network for any period of time could have considerable ramifications.
Aside from the practical steps operators can take, it is crucial that government policy adapts to the changing environment around 5G and IoT. Just this week, the Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC) are unveiling details of proposed legislation that will mandate specific cyber security requirements for smart devices into law. This is a considerable step, and would mean the UK Government has the right to ban and confiscate products which do not have sufficient security in place.
IoT and 5G will become immersed in society at all levels, but governments, businesses and individuals must be conscious that with all of the advantages and convenience that these technologies bring, there are extensive consequences if they are not used securely.