Intelligence Brief: What does 2020 hold for 5G security? - Mobile World Live

Intelligence Brief: What does 2020 hold for 5G security?

21 JUN 2019

Following the GSMA’s recent Mobile 360 Security for 5G event in The Hague, we have updated our 5G Security Predictions with inputs from our distinguished security panel: Jamie Collier (Digital Shadows), Philip Celestini (Syniverse), Pieter Veenstra (NetNumber), and William Dixon (World Economic Forum).

Thanks to the insights provided by this expert panel we have been able to upgrade and share with you the following 5G Security predictions for 2020.

Accelerating a massive expansion of the attack surface
IoT devices are already driving significant growth in the breadth of the threat landscape. Now 5G’s slicing and softwarisation of the network is set to increase its complexity as well. Breaches will only get worse, and this time we will see advanced use of adversarial AI and DIY hacking kits available from the Dark Web enabling amateurs and hacking-as-a-service.

First exploits targeting vulnerabilities in software supply chain
The complexity of integrating SDN, NFV, cloud and open source in the 5G software supply chain requires proper planning and AI automation, without which it will become difficult to manage and easy to misconfigure. Furthermore, a multitude of third parties providing network functions to a highly ‘laminated’ 5G stack can fragment the security environment, damaging the trust model which governs solutions, systems and networks.

If the trust model is not upgraded to meet 5G’s network security topology, authentication of these third parties could become a new attack vector.

Public acknowledgement of cyber intelligence and attribution weaknesses
Effective cyber intelligence contributes to successful attribution and investigation of cybercrime and improves cybersecurity. But the attribution rate is still too low (currently estimated at 0.05 per cent of exploits in the USA, for example) and is predicted to worsen in the coming year.

Poor relationships between public and private cyber intelligence communities will also get worse in 2020 before they get better. When it does, we will see improved partnering and communications, better predictive security engineering, and the indexing of the Darkweb resulting in a growing number of takedowns.

Data exposure could reach a critical level on the Darknet
Poor mainstream digital literacy will continue to expose peoples’ and organisations’ data to breaches. This will be exacerbated by gaps in encryption of non-standalone 5G networks, accelerating the number and size of breaches exposing our data. The quantity and richness of sensitive data sinking into the Darknet will increasingly be exploited by adversarial AI capable of optimising and productising this data for financial, industrial and geo-political gain.

A major attack on Industrial IoT impacting critical infrastructure
5G connectivity will enable a huge increase in the use of IoT devices and industrial control systems for DDoS attacks, phishing, ransomware, and crypto mining.

But 2020 will also see emerging exploits which use data corruption through sensors to misinform organisational decision making. Unfortunately cybersecurity basics capable of mitigating these exploits, such as faster patching and improvements in OTA updates, are not expected anytime soon.

New vulnerabilities attributed to a lag in 5G security
In the race to 5G deployment there is a risk security-by-design gets left behind: integrating legacy networks with 5G could create interworking vulnerabilities and gaps in encryption; IP-based signalling security threatens to be insecure and complicated to monitor.

Hasty deployments could lead to inaccurate provisioning to 5G standards; and availability of cybersecurity skills will also fall behind in 2020, further exacerbating the security lag for 5G networks.

Early adopters get serious about tools to protect their personal economy
As risk awareness grows, early adopting consumers will invest in privacy and security tools which defend their personal economy, protecting their net wealth from personalisation that over-exploits their spending; defending their knowledge from fakery; and managing their positive reputation and influence.

These consumers start to seek out and choose companies which will champion their privacy and data, as well as respect and protect their interests.

Enterprises will seek 5G security in operator SLAs
Complexity and the sheer number of vendors have the potential to fragment the 5G service chain causing gaps and leaks resulting in unknown new threats which attract rogue elements.

Enterprises recognising the existence of such threats and the critical importance of network slicing for future business transformation will be looking for security assurances baked in to operator SLAs.

– Mark Little – senior manager, GSMA Intelligence

The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.