5G will change the world - but who will keep it safe?

The advent of 5G networks brings a wealth of new opportunities. Individuals will be able to access a whole range of services more easily, while businesses and governments will be able to use faster download speeds to deliver an entirely new level of service, using a multitude of increasingly interconnected platforms. But why is 5G so different from what has come before, and what new security threats does it pose?

5G networks will make available many more connections across a spectrum of services that have previously not been connected. This poses a wide and unprecedented set of risks that need to be considered by a significantly broader set of stakeholders than has previously been the case. A number of providers, many of whom run ‘critical’ services, will increasingly come to rely on 5G mobile networks to run their services and provide access to their customers. This can extend from the obvious, such as financial services, which already provide a vast array of products via mobile networks and devices, to the less obvious, such as healthcare and transport providers, who will increasingly offer a greater number of interconnected services that will come to rely on high-speed mobile networks.

The development of machine-to-machine (M2M) technologies and subsequently the internet of things (IoT) has led to a much greater dependency by all sectors of business, the consumer market and governments on mobile network services. 5G cements that transition and adds to that dependency. The reality for 5G and the future is that the vast majority of services will have some kind of requirement for additional resilience which must be met – much more so than now. Our previous article on IoT sets out the risks of increasing interconnectedness of devices and the measures that can be taken to address some of the key vulnerabilities.

The proliferation of connected devices poses new and increasingly complex questions for security of access and identification. Currently, network operators and service providers generally manage their own authentication for their own services. In the future, however, access to one network or service may allow routes into other connected services and devices. There will therefore need to be much greater collaboration to ensure interoperability of user access. This also changes the trust equation between service providers and consumers, who are already concerned about the levels of privacy they have or don’t have online.

The providers of network infrastructure have an increasingly important role in ensuring the stability of the network as well as protecting the networks from interference from criminals and hostile nation-state activity. There has been much public debate on the role of suppliers of 5G network infrastructure as governments come to realize that this infrastructure will become critical to a far broader array of important services than previously. Never before have networks been relied upon for such an extensive number of services and it will be vital to protect them from interference – whatever its source.

Responses to these and wider challenges will need to take into account the full extent of networks and services that will be used for service provision across industries. A much more comprehensive approach than has been seen to date will be required across networks to ensure that interconnections are understood and can be mitigated. There are several ways in which this might be achieved:

Extensive cooperation will be required between entities that have not cooperated before and that will increasingly be dependent on telecoms networks to support the secure provision of their services. Organizations such as the GSMA and the World Economic Forum have a crucial role to play in encouraging their members to connect with the wide range of stakeholders they will need to engage with in a strategic way, and help them to navigate the variety of new of issues at play.

Extensive cooperation between the public and private sectors will also be needed in view of the growing reliance of critical infrastructure on mobile networks. Governments will need to work together with experts in industry to set clear guidance on what is expected of operators and equipment vendors; ensuring that interoperability across sectors, networks and borders will be possible. They will also need to consider questions on supply chain investment in a holistic and open manner, taking account of geopolitical realities and the potential damage of an overly nationalistic view of the issues at stake.

Growing trust and transparency will be required between the varying operators and service providers who will become increasingly interdependent. In turn, these operators will need to provide more transparency, both to governments and to consumers, on how they are ensuring that their products and services are secure.

Recent initiatives in the UK and in the EU states have sought to develop approaches to testing 5G equipment security before it is embedded in critical networks and systems. Such approaches could well assist in providing additional transparency and confidence in equipment and services as well as in increasing overall levels of security and helping to resolve legacy issues. Care will, however, need to be taken to ensure that such approaches do not cause undue market distortion if biased towards larger operators. There will also need to be political consensus, ideally at an international level, on the outcomes of any transparency-related analysis to avoiding undermining trust and certainty for equipment providers.

Robust security will need to be designed into both devices and network equipment from the outset, with a continuous product security lifecycle in place to manage it, as well as a secure software development lifecycle. The networks of the future will be largely virtualized, software-based networks. This means they will be difficult to test as verifiably secure at any point in time. Governments and others such as large businesses who interact with a range of other suppliers and networks will need to consider how appropriate incentives are put in place throughout the supply chain to encourage effective consideration of security in the development and operation of new networks.

To ensure interoperability around the globe and to truly realize the benefits of the Fourth Industrial Revolution, governments will also need to consider how they can promote more international approaches to securing and building trust in next-generation networks. This is most likely to come through setting aside trade disputes and geopolitical differences in order to focus on the benefits to be harnessed through new technologies and services, setting agreed benchmarks and behaviours to ensure security at an international level.

Questions are also being raised about the potential oversight of new network infrastructure, and about whether an independent global oversight body might be created to ensure that communications infrastructures are reliable and don’t have backdoors for intelligence agencies. Whether this is a realistic suggestion in the short to medium term remains to be seen.

Industry bodies from all sectors and governments will need to come together to consider these challenges and to develop collaborative solutions to ensure that the benefits of new networks can be securely and effectively harnessed. Development and implementation of effective solutions will require consideration of both technical and wider political issues – it is likely that some crucial differences in current positions will need to be resolved or set aside if progress is to be made.