The Connected Future | 5G networks Security
Dr. Evangelo Damigos; PhD | Head of Digital Futures Research Desk
- Sustainable Growth and Tech Trends
Publication | Update: Oct 2020
According to SDxCentral research, telecoms are working to combat cyberattack challenges by securing the edge and architecting their networks to detect breaches through automation.
5G Security Threat Landscape
5G networks support a massive number of connected devices. They enable a huge increase of bandwidth over LTE, and create a threat landscape different from previous networks. Security challenges stem from the very attributes that make 5G such an improvement.
IoT, which is a major component of 5G network architecture, remains a major security risk. IoT devices are one of the most-attacked types of hardware, making up over 78% of malware detection events in communication service provider networks in 2018, according to a report by Nokia.
“If an IoT device today is plugged into the network, and it doesn’t have protection in it, it’s infected in three minutes or less,” said Mary O’Neill, VP of security at Nokia at an MWC Los Angeles press conference in 2019.
High-profile breaches are on the rise. In 2019, publicly-recorded breaches increased by 25%, and the rate of breaches is “exponentially increasing,” according to Wipro’s 2019 State of Cybersecurity Report.
The coming 5G networks have the potential to explode vertical industries, enabling the creation of a wide array of new services — all of which will demand new, varying levels of security.
Autonomous Vehicles: The threat of automotive cyberattacks will rise as autonomous vehicles become more widespread. To combat this, the National Highway Traffic Safety Administration employs a multi-layered approach to cybersecurity as it approves driver assistance technologies.
Healthcare: In the healthcare field, 5G capabilities will help with faster transfer of large patient files, remote surgery, and remote patient monitoring via IoT devices among other advances. However, those advances are tempered by the need for ever-stronger security. Creating risks that include medical identity theft, invasion of health privacy, and medical data management. The above Wipro report states that the healthcare industry was the target of 48% of data breaches in 2018. It adds that the growth of IoT device use will make dealing with increasing cybersecurity risks more challenging.
Smart homes: 5G-enabled smart homes will require stronger methods of authentication, such as biometric identification, seen in software made by Sensory that uses voice and face recognition, or the bevy of fingerprint-access door locks available at hardware stores. In December 2019, a set of breaches into Amazon’s home camera security product Ring sparked outrage, as hackers were able to access cameras in users’ homes and on their front porches.
In general, IoT devices and sensors will demand more complex authentication to prevent unauthorized access.
5G Security and New Network Architectures
Cloud virtualization technologies such as software-defined networking (SDN) and network functions virtualization (NFV) are thriving in anticipation of 5G networks. However, they too come with new security concerns. Because of their open, flexible, programmable nature, SDN and NFV open up a new avenue of security threats. For example, a network element of an SDN such as the management interfaces could be used to attack the SDN controller or management system and bring down the system.
Research from the Journal of ICT Standardization suggests a multi-pronged approach to 5G security, including trust models, Authentication and Key Agreement (AKA), and an Extensible Authentication Protocol (EAP)-based secondary authentication, among others.
The security of 5G network infrastructure must evolve alongside the standard. For example, because 5G networks can be sliced into uniquely purposed slices, each virtual network slice could demand unique security capabilities based on the needs of different usage scenarios. Also, compromised Radio Access Network (RAN)-side 5G devices might present a larger Distributed Denial of Service (DDoS) threat.
Vulnerabilities for a network with a distributed 5G core. Source: 5G Americas
Five ways in which 5G networks are more susceptible to cyberattacks
There are five ways in which 5G networks are more susceptible to cyberattacks than their predecessors, according to the 2019 Brookings report, Why 5G requires new approaches to cybersecurity.
- The network has moved away from centralized, hardware-based switching to distributed, software-defined digital routing. Previous networks were hub-and-spoke designs in which everything came to hardware choke points where cyber hygiene could be practiced. In the 5G software defined network, however, that activity is pushed outward to a web of digital routers throughout the network, thus denying the potential for chokepoint inspection and control.
- 5G further complicates its cyber vulnerability by virtualizing in software higher-level network functions formerly performed by physical appliances. These activities are based on the common language of Internet Protocol and well-known operating systems. Whether used by nation-states or criminal actors, these standardized building block protocols and systems have proven to be valuable tools for those seeking to do ill.
- Even if it were possible to lock down the software vulnerabilities within the network, the network is also being managed by software—often early generation artificial intelligence—that itself can be vulnerable. An attacker that gains control of the software managing the networks can also control the network.
- The expansion of bandwidth that makes 5G possible creates additional avenues of attack. Physically, low-cost, short range, small-cell antennas deployed throughout urban areas become new hard targets. Functionally, these cell sites will use 5G’s Dynamic Spectrum Sharing capability in which multiple streams of information share the bandwidth in so-called “slices”—each slice with its own varying degree of cyber risk. When software allows the functions of the network to shift dynamically, cyber protection must also be dynamic rather than relying on a uniform lowest common denominator solution.
- The vulnerability is increasing by attaching tens of billions of hackable smart devices- IoT-enabled activities, ranging from public safety things, to battlefield things, to medical things, to transportation things—all of which are both wonderful and uniquely vulnerable.
Microsoft reported that Russian hackers had penetrated run-of-the-mill IoT devices to gain access to networks. From there, hackers discovered further insecure IoT devices into which they could plant exploitation software.
The new capabilities that will be made possible by applications on 5G networks hold tremendous promise, the Brookings report said. While the emphasis is on the connected future, at the same time there must be a strong focus on the security of those connections, devices, and applications, the report said.
Wipro’s report outlined five network components in ensuring 5G security:
- A secure edge
- A secure SDN controller
- Proactive analytics
- Hypervisor and container security
- Security through orchestration
Securing the edge means ensuring real-time detection capabilities at the edge. The network must find and stop breaches before they make it to the core.
Securing the SDN controller means enabling dynamic security protocol through northbound and southbound APIs. Northbound APIs gather intelligence about network activity. Southbound APIs control switches, routers, and firewalls to end attacks as they occur.
Proactive security analytics uses machine learning and AI to detect unusual activity in the network that may indicate a breach. This detection is based on previously-learned network patterns and trends in previous breach attempts.
Hypervisor and container security mean ensuring that virtualized network elements are protected from exfiltration and VM-based attacks that come from east-west and north-south traffic. Network operators should include hypervisor inspection and hardening mechanisms in order to guard against such attacks.
Finally, security through orchestration means taking advantage of 5G’s software-defined, disaggregated architecture, and orchestrating VNFs and NFVs to automatically react in the event of a breach. These functions can alert the orchestrator of a breach. The orchestrator can, in turn, instruct the SDN controller to enact security protocol and control routers and firewalls in order to halt the attack, as well as tighten access control.
5G Security: Key Takeaways
- 5G security is more important than ever, as breaches continue to increase in frequency and volume
- IoT devices pose a huge threat to the network
- 5G use cases, such as autonomous driving, healthcare devices, and smart homes mean that attackers have more access to personal data than ever
- A 5G network must be architectured to evolve to growing security needs
- 5G requires end-to-end security that uses its software-defined architecture to automatically detect and mitigate threats
Objectives and Study Scope
This study has assimilated knowledge and insight from business and subject-matter experts, and from a broad spectrum of market initiatives. Building on this research, the objectives of this market research report is to provide actionable intelligence on opportunities alongside the market size of various segments, as well as fact-based information on key factors influencing the market- growth drivers, industry-specific challenges and other critical issues in terms of detailed analysis and impact.
The report in its entirety provides a comprehensive overview of the current global condition, as well as notable opportunities and challenges.
The analysis reflects market size, latest trends, growth drivers, threats, opportunities, as well as key market segments. The study addresses market dynamics in several geographic segments along with market analysis for the current market environment and future scenario over the forecast period.
The report also segments the market into various categories based on the product, end user, application, type, and region.
The report also studies various growth drivers and restraints impacting the market, plus a comprehensive market and vendor landscape in addition to a SWOT analysis of the key players. This analysis also examines the competitive landscape within each market. Market factors are assessed by examining barriers to entry and market opportunities. Strategies adopted by key players including recent developments, new product launches, merger and acquisitions, and other insightful updates are provided.
Research Process & Methodology
We leverage extensive primary research, our contact database, knowledge of companies and industry relationships, patent and academic journal searches, and Institutes and University associate links to frame a strong visibility in the markets and technologies we cover.
We draw on available data sources and methods to profile developments. We use computerised data mining methods and analytical techniques, including cluster and regression modelling, to identify patterns from publicly available online information on enterprise web sites.
Historical, qualitative and quantitative information is obtained principally from confidential and proprietary sources, professional network, annual reports, investor relationship presentations, and expert interviews, about key factors, such as recent trends in industry performance and identify factors underlying those trends - drivers, restraints, opportunities, and challenges influencing the growth of the market, for both, the supply and demand sides.
In addition to our own desk research, various secondary sources, such as Hoovers, Dun & Bradstreet, Bloomberg BusinessWeek, Statista, are referred to identify key players in the industry, supply chain and market size, percentage shares, splits, and breakdowns into segments and subsegments with respect to individual growth trends, prospects, and contribution to the total market.
Research Portfolio Sources:
Global Business Reviews, Research Papers, Commentary & Strategy Reports
M&A and Risk Management | Regulation
The future outlook “forecast” is based on a set of statistical methods such as regression analysis, industry specific drivers as well as analyst evaluations, as well as analysis of the trends that influence economic outcomes and business decision making.
The Global Economic Model is covering the political environment, the macroeconomic environment, market opportunities, policy towards free enterprise and competition, policy towards foreign investment, foreign trade and exchange controls, taxes, financing, the labour market and infrastructure. We aim update our market forecast to include the latest market developments and trends.
Review of independent forecasts for the main macroeconomic variables by the following organizations provide a holistic overview of the range of alternative opinions:
As a result, the reported forecasts derive from different forecasters and may not represent the view of any one forecaster over the whole of the forecast period. These projections provide an indication of what is, in our view most likely to happen, not what it will definitely happen.
Short- and medium-term forecasts are based on a “demand-side” forecasting framework, under the assumption that supply adjusts to meet demand either directly through changes in output or through the depletion of inventories.
Long-term projections rely on a supply-side framework, in which output is determined by the availability of labour and capital equipment and the growth in productivity.
Long-term growth prospects, are impacted by factors including the workforce capabilities, the openness of the economy to trade, the legal framework, fiscal policy, the degree of government regulation.
Direct contribution to GDP
The method for calculating the direct contribution of an industry to GDP, is to measure its ‘gross value added’ (GVA); that is, to calculate the difference between the industry’s total pretax revenue and its total boughtin costs (costs excluding wages and salaries).
Forecasts of GDP growth: GDP = CN+IN+GS+NEX
GDP growth estimates take into account:
All relevant markets are quantified utilizing revenue figures for the forecast period. The Compound Annual Growth Rate (CAGR) within each segment is used to measure growth and to extrapolate data when figures are not publicly available.
Our market segments reflect major categories and subcategories of the global market, followed by an analysis of statistical data covering national spending and international trade relations and patterns. Market values reflect revenues paid by the final customer / end user to vendors and service providers either directly or through distribution channels, excluding VAT. Local currencies are converted to USD using the yearly average exchange rates of local currencies to the USD for the respective year as provided by the IMF World Economic Outlook Database.
Industry Life Cycle Market Phase
Market phase is determined using factors in the Industry Life Cycle model. The adapted market phase definitions are as follows:
The Global Economic Model
The Global Economic Model brings together macroeconomic and sectoral forecasts for quantifying the key relationships.
The model is a hybrid statistical model that uses macroeconomic variables and inter-industry linkages to forecast sectoral output. The model is used to forecast not just output, but prices, wages, employment and investment. The principal variables driving the industry model are the components of final demand, which directly or indirectly determine the demand facing each industry. However, other macroeconomic assumptions — in particular exchange rates, as well as world commodity prices — also enter into the equation, as well as other industry specific factors that have been or are expected to impact.
Forecasts of GDP growth per capita based on these factors can then be combined with demographic projections to give forecasts for overall GDP growth.
Wherever possible, publicly available data from ofﬁcial sources are used for the latest available year. Qualitative indicators are normalised (on the basis of: Normalised x = (x - Min(x)) / (Max(x) - Min(x)) where Min(x) and Max(x) are, the lowest and highest values for any given indicator respectively) and then aggregated across categories to enable an overall comparison. The normalised value is then transformed into a positive number on a scale of 0 to 100. The weighting assigned to each indicator can be changed to reﬂect different assumptions about their relative importance.
The principal explanatory variable in each industry’s output equation is the Total Demand variable, encompassing exogenous macroeconomic assumptions, consumer spending and investment, and intermediate demand for goods and services by sectors of the economy for use as inputs in the production of their own goods and services.
Elasticity measures the response of one economic variable to a change in another economic variable, whether the good or service is demanded as an input into a final product or whether it is the final product, and provides insight into the proportional impact of different economic actions and policy decisions.
Demand elasticities measure the change in the quantity demanded of a particular good or service as a result of changes to other economic variables, such as its own price, the price of competing or complementary goods and services, income levels, taxes.
Demand elasticities can be influenced by several factors. Each of these factors, along with the specific characteristics of the product, will interact to determine its overall responsiveness of demand to changes in prices and incomes.
The individual characteristics of a good or service will have an impact, but there are also a number of general factors that will typically affect the sensitivity of demand, such as the availability of substitutes, whereby the elasticity is typically higher the greater the number of available substitutes, as consumers can easily switch between different products.
The degree of necessity. Luxury products and habit forming ones, typically have a higher elasticity.
Proportion of the budget consumed by the item. Products that consume a large portion of the consumer’s budget tend to have greater elasticity.
Elasticities tend to be greater over the long run because consumers have more time to adjust their behaviour.
Finally, if the product or service is an input into a final product then the price elasticity will depend on the price elasticity of the final product, its cost share in the production costs, and the availability of substitutes for that good or service.
Prices are also forecast using an input-output framework. Input costs have two components; labour costs are driven by wages, while intermediate costs are computed as an input-output weighted aggregate of input sectors’ prices. Employment is a function of output and real sectoral wages, that are forecast as a function of whole economy growth in wages. Investment is forecast as a function of output and aggregate level business investment.