5G is perhaps the biggest critical infrastructure build the world has seen in twenty-five years. It will allow for the connection of millions of Internet of Things (“IoT’) devices. However, with these added benefits comes related vulnerabilities and cybersecurity risks.
What are the specific cybersecurity risks are associated with the 5G network?
First, the 5G network itself can pose many security risks. The 5G infrastructure is built using many components, each of which may be corrupted through an insecure supply chain. Significantly more software is being used allowing for more entry points and more potential vulnerabilities. Similarly, more hardware devices are required (cell towers, beamforming devices, small cells, etc.), and each one of these hardware devices must be adequately secured. Small, local cells may be more physically accessible and therefore subject to physical attack. Further, 5G will be built, in part, on legacy 4G LTE components – which themselves can have vulnerabilities.
Second, with specific focus on IoT devices, cybersecurity protections will need to become much more granular and more capable of being deployed on less intelligent “Things.” Historically, one could think of a Thing as a device that can be connected to a network, but which lacked sufficient processing power to handle more advanced computations. Things are “dumb.” By connecting a processor, we could make such dumb Things “smart.” These new smart IoT devices are interesting vectors of attack by malicious actors and further confound overall cybersecurity programs. The ability to detect a cyber attack on a light bulb will require additional cybersecurity solutions.
Finally, with 5G facilitating the implementation of more IoT devices, more sensitive data may be stored requiring the need to protect edge computers servicing the IoT device. If we consider the ubiquity of thermometer scanning now and how those and similar IoT devices could easily become part of 5G, then we begin to understand the seemingly exponential possibility for threat vectors on our networks. We may have sensitive data (Am I sick? What time do I show up for work?) and we may have the concern that a malicious actor may look to infect a network through a Thing. Will thermometers need malware protection? More devices arguably allow for more places for a hacker to attempt to attack and thus the possibility of a greater availability of distributed denial of service (DDOS) attacks. There were reports of Things being used collectively to deny service with the LTE network. With 5G, the concept of an army of coffee makers attacking by all issuing a request to an address will become a greater possibility and manufacturers could be liable to other parties if their insecure Things are used to deny the service of someone else.
Regardless of the attack vector, incident response practices are universal, and Octillo’s Incident Response Team can help prepare your team from IoT and other attacks.
What potential solutions are available to mitigate this risk?
Companies looking to incorporate 5G should partner with experienced tech counsel who can assist by reviewing contracts, conducting risk assessments, and evaluating and updating incident response plans and procedures to account for any additional risks associated with 5G.
In addition, there are already some attempts at governmental solutions. In March 2020, President Trump issued a National Strategy to Secure 5G – requiring, in relevant part, that the Unites States must identify cybersecurity risks in 5G.
The CISA (Cybersecurity & Infrastructure Security Agency) also issued some documents relating to the security of 5G. Similarly, we are seeing a push for international standards and certain untrusted companies have had their products banned from use. The Federal government is using regulations to limit the adoption of equipment that may contain vulnerabilities.
So, what is the solution? The same as always. Innovation. Businesses are encouraged to develop trusted solutions and innovation in this space. Advanced cybersecurity monitoring and protection by design will continue to be needed.
The Octillo Team of lawyers, who are also technologists, is well-versed in new and emerging technologies and works with clients to facilitate innovation through the use of IP protections. We also assist companies in the implementation new technologies, like 5G, taking into consideration the cybersecurity, data privacy, and regulatory obstacles associated with their use. From patent acquisition to policy drafting and review, Octillo attorneys are here to help your company capitalize on innovation.
*Attorney Advertising. Prior results do not guarantee future outcomes.
Subscribe to our Newsletter.