The Australian Government recently auctioned off Australia’s fastest 5G spectrum as demand for faster and denser internet connectivity continues to grow from consumers and businesses alike. If last year was any indication, we need to enable quick, seamless connections to live, work and play in this highly digitised world.
Asia Pacific is predicted to become the leading region in terms of 5G adoption, accounting for 65% of global 5G use by 2024. The power of 5G undoubtedly changes the playing field for both the private and public sectors, with boundless opportunities for greater interconnectivity between intelligent devices. This connectivity increases the value of the network to society in general, as the criticality of any network is proportional to the number of devices connected to it. Examples include highly interactive traffic control systems, smart power grids, smart cities and, of course, autonomous vehicles of all types. The possibilities are endless.
Unfortunately, as we become more dependent on this intricately connected infrastructure, the risk of disruption also increases as more intelligent and interoperable devices are online. The unfortunate side effect of greatly expanded connectivity is an expanded attack surface providing a greater temptation to malicious actors.
History has shown us time and time again that as new technologies emerge, cybercriminals won’t be far behind, testing the new technologies for their resilience to cyber attacks. With today’s highly interconnected organisations, no sector of the economy is without some inherent risk, whether that is the result of a natural disaster or a malicious automated attack. We only have to look at the cyber attack against Colonial Pipeline to understand the extent of the impact on the wider public.
As private and public organisations prepare to fully embrace the opportunities of 5G, it’s important they do so in a way that avoids the risks that arise with it. Below are five steps to a secure 5G implementation.
Build people into your policies — In order to embrace the benefits of 5G and minimise the associated risks, we need to ensure that robust policies are in place to protect OT. This involves people and processes first, then technical solutions. It’s critical that we’re taking people in all areas of an organisation on the journey, ensuring that the risks of deploying 5G devices are considered.
Develop industry-wide collaboration — 5G security policies must include sharing of threat data, security methodologies and interoperability within the wider community. It’s only through this communication and collaboration that we can adequately manage risks and take full advantage of the benefits of 5G.
Share the responsibility — Cybersecurity is a shared responsibility, neither governments nor organisations can address it alone. The private sector owns and operates most networks as well as elements of critical infrastructure. Those owners and operators must be viewed as essential partners in ensuring the protection of this critical infrastructure, especially if 5G is being incorporated. In this shared risk model, the network owners/operators do the utmost to ensure that the infrastructure is as secure and available as it can be. At the same time, the users (public sector) of the infrastructure assume responsibility for the security of their applications. The public sector, as a user of the infrastructure, should build and maintain strong partnerships with the private sector and actively participate in the overall security and availability of the shared network resources.
Close the exposure gap — As data continuously flows through potentially vulnerable 5G infrastructure, a gap will exist between the visibility we have and the true scale of vulnerabilities across the entire attack surface. In order to combat this, it’s key that owners and users of the 5G infrastructure work together to close the gap and combat new and emerging threats.
Prioritise based on risk — An effective 5G security program should be prioritised based on risk. This prioritisation saves both time and resources by focusing on critical vulnerabilities existing on critical assets. Risk-based vulnerability management allows us to focus on what is important to maintain availability and allows lower priority issues to be dealt with later.
Embrace the change, but minimise the risk
Once 5G is widely available, the floodgates will open, and both the white hats and black hats of the world will experience a swift learning curve in navigating the wonders of 5G. The profound speed and reach will connect businesses more than ever before, which will lead to greater efficiency, but also translates to dangerous ripple effects of a successful attack. As we begin to adopt 5G more widely, it’s important that we are taking security into account and ensuring that our organisations and people are protected in doing so.