With 5G reshaping the smartphone market, 5G security must follow. Nearly one in three smartphones sold in the first quarter of 2021 can connect to a 5G network. This is just one year after the emergence of the world’s first 5G commercial network in South Korea. This growth has allowed the number of annual 5G-enabled smartphone shipments to exceed 200 million units in just one year. That’s four times the time it took 4G to reach the same milestone. This growth also comes with risks.
An overview of 5G security risks
The United States Cybersecurity & Infrastructure Security Agency (CISA) examined three of these threat vectors as part of the Enduring Security Framework’s 5G Threat Model Working Group. First, he looked at policy and standards. He found that networks could be more open to digital attacks if network operators did not implement optional 5G security controls. Next, the architecture of 5G systems, another threat vector identified by CISA, shows some built-in issues. Threat actors could exploit vulnerabilities in devices and infrastructure to disrupt networks and steal critical data exchanged between users.
The last threat vector, the Supply Chain, is a major concern for companies and agencies themselves because it is a double-edged sword. On the one hand, 5G allows users to share data faster with new technologies that 4G networks cannot handle. On the other hand, it helps make networks more complex, which means it is easier for malicious actors to sneak into the network. It also makes it harder for Defenders to do their jobs, as they don’t always know someone might get access to their Crown Jewels. Now they have to focus less on a corporate intranet and more on service providers, vendors, suppliers and partners.
How to increase 5G security
With the rise of 5G, you can’t afford to take a reactive approach. After all, 5G is brand new. It goes too fast and it brings new challenges that many of them have never seen before.
Instead, you can take a proactive response like threat modeling. One of the main benefits of threat modeling is its potential to help the entire business by getting key stakeholders to review how the business operates. It takes into account that threats continue to evolve. As such, it avoids feeling comfortable in an outdated risk profile. Instead, companies can move towards “living security documents” that they can reassess over time.
Creating a living document begins with a discussion. By sharing knowledge among themselves, stakeholders can then work together. This makes it easier to create new methodologies and tools that can help you deal with risk effectively.
Ultimately, threat modeling is a process. It works for the long haul, and needs work for the long haul as well. You may need to rehearse the solutions so that people are familiar with them during risk assessments and subsequent threat model analyzes. This way your team can confirm that they have eliminated the associated risks on an ongoing basis. This is the only way to detect new and emerging threats, including those brought by 5G, before they enter their environment.
Security – A Crucial Part of 5G’s Potential Success
Threat modeling is essential in the 5G era because it is essential to any telecommunications revolution. If 5G is to gain traction, security teams must prevent malicious actors from misusing it. It also means carriers need to address 5G privacy concerns from the start. These efforts require a proactive approach that only threat modeling can provide.