Industry Thought Leadership

Implications of 5G on Cybersecurity

February, 2020

Rohan Dhamija
Partner, Head – Middle East & South Asia

Shashwat Mishra
Consultant

Malek El Damouri
Associate Consultant

Analysys Mason

Telecommunications networks have laid the foundation for the technologies that the world depends on. Owing to their scale and criticality, mobile operators have become a major target for cyber-attacks. The data boom that accompanied 4G created vast amounts of valuable data for the telecommunications industry and the same can be expected at a much larger scale with the proliferation of new technologies like 5G and IoT. Specifically, 5G’s network design brings about a number of upgrades to the network infrastructure that consequently implies network security challenges that require careful and effective mitigation.

1. Cybersecurity concerns posed by 5G
5G entails several infrastructural modifications to traditional telecoms networks that could pose increased security risks. The most critical security risks / concerns posed by 5G are as follows –

Figure 1: Key cybersecurity concerns posed by 5G [Source: Analysys Mason]

Move towards software defined networking: which leads to a decentralization of core functions that were originally centralised and hence, well protected
Virtualization of network functions: which can increase the risk of cyber-attacks because providing the same level of security as physical appliances will be difficult
Much larger scale: with the expected large-scale proliferation of small cells and the number of connections (IoT-enabled devices running on 5G), the number of attack vectors for cyber-attacks will increase significantly

Among the security risks highlighted above, a key risk that needs to be elaborated on is that the distinction between core and edge networks is expected to diminish with the advent of 5G. Due to its network design, sensitive functions that are currently performed in the separated core are expected to gradually move closer to the edge of the network. This is believed to provide ways to circumvent traditional security controls affecting the overall network integrity, availability as well as the confidentiality of customer data.

2. Steps taken by global 5G leaders to address such concerns
In order to address these network security concerns, careful and effective risk mitigation is required. Governments and telecom regulators typically establish regulations on cybersecurity, however, only a handful of countries have taken notice of the increased security requirements of 5G and addressed the security gap. Australia, the United States and Germany are among the countries leading the charge to develop stricter cybersecurity regulations for 5G.

Figure 2: Shift of sensitive functions from the core towards the edge due to 5G [Source: Analysys Mason]

2.1 Australia
Owing to the increased security requirements of 5G, in August 2018, the Australian Government’s Department of Home Affairs released regulations regarding cybersecurity titled ‘Telecommunications Sector Security Reforms’ (TSSR). The key elements of the regulation include:

Service providers are to protect their networks and facilities from unauthorised access or interference to ensure their availability, integrity and confidentiality of communications
Involvement of vendors deemed likely to be subject to extrajudicial directions from a non-Australian government seen as a risk to the protection of 5G networks
Service providers to maintain competent supervision and effective control over networks including arrangements to maintain visibility of operations, data flow and locations
Providers to notify the government of proposed changes to their networks and services that can compromise their ability to comply with the security obligations
Minister for Home Affairs to have the power to direct a service provider or intermediary to do (or not do) a specified thing that is reasonably necessary to protect networks and facilities from national security risks

2.2 Germany
In October 2019, the German telecommunications regulator Bundesnetzagentur published a new draft catalogue with security requirements. It require providers of telecommunications services to prepare and implement appropriate security measures, with the objectives of protecting communications secrecy, preventing data breaches, preventing network and service interruptions and manage security risks.

While 5G and international security concerns might be the catalyst for these requirements, they will be applied across all networks and communications infrastructure moving forward, as well as all vendors. The following security requirements are planned for the telecommunications networks:

Systems to only be sourced from trustworthy suppliers who comply with national security regulations and provisions for the secrecy of telecommunications and data
Network traffic to be monitored regularly for any abnormality and appropriate protection measures to be taken in case of a concern
Only certified security-related network and system components to be used
Only trained professionals to be employed in security-related areas and professionally competent, reliable and trustworthy contractors to be selected for system-related process outsourcing
Adequate redundancy to be available for critical, security-related network and system components

2.3 United States of America
In July 2019, the US’ Cybersecurity & Infrastructure Security Agency (CISA) released a Critical Infrastructure Security and Resilience Note pinpointing the security concerns that the agency identifies for 5G. The agency highlighted that the use of 5G components manufactured by untrusted companies could expose US entities to risks especially since the technology will use more components than previous generations of wireless networks.

The report suggested several measures the US Government could take to reduce the risks of deploying a 5G network including:

Use of 5G network components manufactured by trusted companies since the proliferation of the technology’s infrastructure may provide malicious actors more attack vectors
Promoting open, transparent and consensus–driven international standards and processes that do not place trusted companies at a disadvantage
Limiting the adoption of 5G equipment with known or suspected vulnerabilities
Development of trusted 5G technologies, services, and products

2.4 Summary of the measures taken
There are several overlapping objectives and procedures that have been observed in the steps taken by the three countries. Each have clearly highlighted the underlying concerns and objectives of the new requirement including consumer protection, business protection and/or national security. Moreover, the areas of focus within these requirements include codes of conduct, monitoring obligations, choice of vendor/supplier, standards of equipment, staff and stakeholder measures and notification requirements.

The figure below highlights the commonalities in the approach taken by Australia, USA and Germany to address 5G cybersecurity concerns.

Figure 3: Measures taken by the three countries for 5G cybersecurity

ATTENTION

SAMENA Trends

July-September, Volume 15, 2024
Digital Transformation and Global Governance
SAMENA ELITE

Apr-Jun, Volume 01, 2024
FWA Service and Device Landscape
SAMENA LEAD Awards 2024

Leadership & Excellence Awards in Digital-development
October 15^th, 2024 | Dubai, UAE
SAMENA Accelerator

10Giga Digital Infrastructure: An Imperative in Regional Advancement
October 17^th, 2024 | Dubai, UAE
FWA Info Series - ELITE FWA Club

FWA as a 5G Monetization Service
The 3 Key to 5G FWA Success - the Network, the Service, the CPE
FWA Market Updates & Trends - The Evolution of the FWA Ecosystem
Industry Reports

Global Digitalization Index 2024
September 2024

The State of Broadband 2024:
Leveraging AI for Universal Connectivity
Part One - June 2024

RIPE NCC | Unlocking Digital Growth: The Role of Internet Exchange Points (IXPs) in the Middle East
February 2024

EDISON Alliance
Impact Report
January 2024
Leaders' Summit 2024

13^th May, 2024 | Dubai, UAE
“Evolving toward Integration, Intelligence & Sustainability in Infrastructure”
Press Release

SAMENA ACCELERATOR on F5G-A Demonstrated Technology Readiness to Help Accelerate 10Gigabit Society into Reality across the Middle East and Central Asia

SAMENA Council’s Leadership & Excellence Awards in Digital-development Concluded with 34 Recognitions Given across 4 Regions

SAMENA Council Leads Space Sustainability Dialogue and Contextualizes Sustainability in view of WRC-27

Dubai to Host SAMENA ACCELERATOR for 10 Gigabit Digital Infrastructure in the GCC and Central Asia
ITU World Radio Communication Conference 2023 (WRC-23)

Dubai, United Arab Emirates, 20 November to 15 December 2023
Latest Video

ITU INTERVIEWS @ GSR-23:
Mr. Bocar A. Ba
CEO, SAMENA Council
IAGDI - CRO Chairman

SAMENA Council Leaders' Summit 2023 | 15^th May, 2023 - Dubai, UAE
Promo
Latest Member Updates

Cisco's 2024 AI Readiness Index: Urgency rises, readiness falls
View Details

Cisco and MGM Resorts International sign multi-year agreement
View Details