Light Dark
September 10, 2021 By George Platsis 3 min read
Intelligence & Analytics
Mobile Security
Cloud Security
Data Protection
Risk Management
Security Services
Threat Hunting

So, 5G is one of those once-in-a-generation types of leaps that will alter how we operate. However, 5G security comes with a lot of challenges. Private 5G networks require us to look at attack surface management in a different way. How do they change the way we need to defend our data? And, what is the best way to use them safely?

5G Security for Attack Surface Management

An immediate appeal of private 5G networks is the supposed cost savings from a capital cost perspective: you no longer need to bust up concrete and cut up walls to run cables. Why the italics though? Because the usual bean-counting does not take into account a hidden but brutal cost: the breach.

They say in life two things are certain: taxes and death. Perhaps for the enterprise nowadays, these two things are certain: taxes and breaches, meaning that 5G security concerns have an impact on your breach resilience.

Yet, 5G security is something different. The U.S. Cybersecurity and Infrastructure Security Agency give a good rundown of possible 5G attack vectors:

  • Policy and standards: fast deployment has led to open standards and inconsistent use of security controls.
  • Supply chain: counterfeit components and inherited components. Devices are not always certified, meaning: do you really know what’s in your network?
  • Architecture: software/configuration (plugging in a wire is easy by comparison), network security (exploits will always be there), network slicing (no clear standards, meaning you can move laterally in an easier manner), legacy infrastructure (bringing over any previous vulnerabilities), multi-access edge computing (core elements can now be at greater risk), spectrum sharing (frequencies are scarce) and software-defined networking (threat actors just need to inject some code to unleash havoc).

How 5G Security Adds to Other Risks

These come in addition to other risks today:

  • Manageability: Lots of devices, lots of data. Think endpoint security and traffic analysis.
  • Supply chain: Think hardware and software vulnerabilities. Lots of them. Wires are pretty easy things to trust, regardless of where they are made. Wireless nodes, not so much.
  • Usage: What will the network ultimately do and what will be allowed on it? If you decide to deploy a private 5G network, can you really risk having personal devices on it?

The Possible Hidden Risks

Some of these 5G security problems exist in a private wired network, while others are new. And think for a moment what all the 5G and Internet of Things devices will do for inventory management. Is your configuration management database ready for the influx of devices? The moment it becomes easier to connect, more devices will connect.

Are you ready to take the time to whitelist every device, or will you take your chances and hope you have a tool that discovers all assets? Pro tip: knowing an asset is on the network and knowing what that asset is doing while on the network are two very different things. Monitoring all that valuable data and sifting through the noise is no easy task.

There is another attack surface issue: physical changes. If you are on a private network with no outside connections, there is some peace of mind that wires will keep the data contained. But can you really say that about a ‘private’ wireless network? Wi-Fi has been around for a while and we still see attacks happening as a result of spoofing, misconfigurations, man-in-the-middle tactics and good old-fashioned jamming. What’s stopping somebody from parking a truck near your private network and cranking up some microwaves to degrade and interfere with your network? Almost makes a direct-denial-of-service attack look state-of-the-art. And let us not forget that frequencies are already scarce to begin with.

Finally, 5G security includes privacy concerns as well. Will you allow personal devices to be a part of your private network?  What safeguards do you have in place to ensure possible personally identifiable information does not get siphoned off on a much more highly exposed network?

Business Models Change With a Private 5G Network

Private 5G networks may look great out of the gate, but there is a lot of long-term thinking that needs to be done, especially considering we still fail with the basics. There are a lot of changes happening too, which need to be considered. Work-from-home and remote work has proven to be effective, meaning the business needs for a private network change, at least in the short-term.

Will a private network add a hidden cost to your ledger? Unknown, but it is something to consider.

So is the capital spent on a private 5G network really worth it? Perhaps it is. You have to do the math: understand the business and before you take the plunge, consider all the identifiable 5G security risks and associated costs.

 

 |  |  |  |  | 
George Platsis
Senior Director, Educator and Author

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature