A recent report from the U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the Office of the Director of National Intelligence, warns of three major threat vectors that can potentially imperil 5G networks.
The report, titled Potential Threat Vectors to 5G Infrastructure, details outcomes from the 5G Threat Model Working Panel, which was launched under the National Strategy to Secure 5G to analyze weaknesses in 5G infrastructure. The panel examined current 5G projects for possible risks, identified, and created mock situations for 5G implementation. They then determined the risks, which include the following.
Policies and Standards
Within the policies and standards threat vector category, the report found a pair of sub-threat vectors related to open standards and optional controls when creating the foundation for 5G infrastructure. Standards developed by “adversarial nations” that include “untrusted technologies and equipment that are unique to their systems” could contain untrustworthy technology that might hinder competition and interoperability. The report also found that adopting optional security controls help to protect networks from hackers.
“Nation states may attempt to exert undue influence on standards that benefit their proprietary technologies and limit customers’ choices to use other equipment or software,” the report states. “There are also risks associated with the development of standards, where standard bodies may develop optional controls, which are not implemented by operators. By not implementing these subjective security measures, operators could introduce gaps in the network and open the door for malicious threat actors.”
Supply Chain Risks
The report points to the 5G supply chain as a second vector threat, especially because the race to sell new devices creates a large market for counterfeiters. The report states that bad actors can use supply chains to “exploit information and communications technologies (ICTs) and their related supply chains for purposes of espionage, sabotage, foreign interference, and criminal activity.”
Supply chain sub-threat vectors include components passed on from third-party suppliers, vendors, and service providers. Because flaws and malware introduced early in development are tricky to spot, lead developers may mistakenly approve flaws or malware. Malicious actors could later exploit these vulnerabilities.
5G Systems Architecture
Despite IT and communication companies ramping up 5G security, cyber criminals can still exploit “both legacy and new vulnerabilities”.
“For example, the overlay of 4G legacy and 5G architectures could provide the opportunity for a malicious actor to carry out a downgrade attack, where a user on a 5G network could be forced to use 4G, thereby allowing the malicious actor to exploit known 4G vulnerabilities,” according to the report.
Additionally, 5G networks are utilizing a larger range of information architectures than ever before. Features of such architectures include configuration, spectrum sharing, software-defined networking, and multi-access edge computing. This can give hackers a greater ability to target systems and networks. For example, a firmware vulnerability could allow a hacker to penetrate the multi-access edge computing (MEC), swipe private data, and alter and even deny access to data.
As technology continues to evolve toward 5G, it’s vital for technical professionals and industry leaders to understand how to deliver on the 5G vision while meeting consumer demand for higher communication speeds. Is your organization ready? Consider training your team with 5G Networks, a three-course program from IEEE and Nokia.
Connect with an IEEE Content Specialist today to learn more about the program.
Interested in learning more about 5G for yourself? Visit the IEEE Learning Network today!
Bridging the 4G/5G Gap
Join IEEE for a two-part paid course series, “Bridging the 4G/5G Gap: Telecommunications Roadmap for Implementation”. Speaker David Witkowski will provide historical and technical context, risk vs. reward tradeoffs, and the necessities for 5G integration.
Attendees will earn a Certificate of Completion and up to 4 PDHs/0.4 CEUs for attending both events.
On-demand, available with purchase of both parts
Duration: 2 hours
Date: Wednesday, 9 June 2021
Time: 1:00pm ET
Duration: 2 hours
Kanowitz, Stephanie. (18 May 2021). 5G infrastructure faces foundational threats. GCN.