The anticipated adoption of 5th Generation (5G) communications has borne with it some very lofty promises. These promises, made by both the public and private sectors alike, have whet consumer appetites for next-generation technologies that surpass the boundaries of what can now only be considered “conventional communications.” The idea of a literal pervasive communications capability that boasts unlimited network capacity, unfettered Internet access, and data rates exceeding 10 Gigabits-per-second, when combined with advances in automation, artificial intelligence, augmented and virtual reality, and geolocation accuracy, 5G creates a very open and largely unexplored landscape limited only by the imaginations of innovative pioneers. Unfortunately, with all its potential for good, the 5G frontier presents significant and largely unknown security and safety risks that are further exacerbated by the absence of any real perceptible boundaries.
Examining what is already known about 5G theory, the integration of 5G communications infrastructure is a massive undertaking. The true implementation of 5G relies heavily on the deployment of microcell (or small-cell) infrastructure to augment macro-sites, or already existing cell infrastructure. To keep up with the promises of faster data rates, more granular signal penetration, and the concentration of 5G-enabled devices, this means a broadly distributed array of stationary and mobile, massive multiple-input multiple-output (MIMO) antennae. Also referred to as “beam forming”, the propagation of signal over MIMO antennae guarantees maximum coverage with minimal interference, device-specific channel isolation, and faster data processing.
The challenge with a 5G ecosystem that supports all of those technologies promised to enhance user experience is that the amount of antenna infrastructure within a service area would need to increase. This presents some significant infrastructural as well as aesthetic challenges. As real estate is relatively limited and federal and state governments typically place regulatory constraints on cell tower infrastructure, where one may currently see a cellular antenna supporting 3rd generation (3G) 4th generation long term evolution (4G LTE) communications every quarter to half a mile, the advent of 5G communications could theoretically turn every piece of infrastructure, to include but not limited to buildings, light poles, manholes, etc., into a 5G-supporting antenna. Furthermore, the introduction of mobile ad-hoc network (MANET) architecture means that 5G communications can be aggregated using other 5G-enabled devices. Essentially, the vehicle passing you on the freeway may be the antenna facilitating your cellphone call.
Of course, this functionality isn’t limited to conventional mobile communications. 5G is purported to be the optimal solution for the growing Internet of Things (IoT), in which the benefits of 5G specifically include massive Machine-Type Communications, enhanced mobile broadband, and Ultra-Reliable Low-Latency Communications. Essentially, 5G and its subsequent MANET nodes can be used to aggregate data used for the control of industrial and domestic services and devices (electric grid, water treatment facilities, pipelines, etc.), online banking, health informatics, video and audio streaming, and the control and guidance of autonomous and/or unmanned vehicles and robotics. From a risk management perspective, a ubiquitous and RF-saturated landscape such as this, where the strength of a chain is always gauged by “the weakest link”, calls into question the integrity and reliability of the broader 5G Wide Area Network, the security and confidentiality of data in motion, and the integrity and availability of end-user devices.
With such a high demand for 5G implementation (along with its associated proposed technologies and capabilities), it is imperative that 5G devices are designed and developed with security in mind, with a considerable testing period for interface and interaction with other existing technologies and services. Furthermore, before 5G is rolled out broadly, individual carriers, in collaboration with the 3rd Generation Partnership Project, or 3GPP, should address existing autonomous inter-domain routing challenges inherent to Border Gateway Protocol (BGP). The need for BGP to maintain continuous router-to-router sessions, the inability of older routing technologies to manage routing table growth, and frequent mismanagement of network links are often the causes of mass network outages. The impacts of these outages become more severe during emergencies and disasters when consumers need connectivity the most; particularly when needing to contact emergency responders. Adding to that IoT scalability, any outage of a broadly promiscuous 5G communications architecture supporting geolocation functionality and safety control features on autonomous vehicles throughout an entire urban service area could be catastrophic. In this environment, redundancy is a necessity that 3G and 4G LTE technologies are ill-equipped to handle.
While consumers may not be thinking of the potential risks associated with the 5G revolution, its incumbent upon security practitioners to meet the demand head-on and become more familiar with 5G technologies. As the race for 5G implementation continues, security practitioners can perform the necessary research to better understand and to inform executive leaders and stakeholders how these technologies will impact consumers, business practices and policies, other existing technologies and services, and organizational security programs. Lastly, while it is not ideal, security practitioners must be prepared with sound, security solutions, even if that means the implementation of “bolt-on” security solutions, retroactively.