The Nightmare Scenario
Late last year CISA, along with the NSA and ODNI, published Potential Threats to 5G Network Slicing, the latest in a series of reports assessing the rising security risks of 5G networks. The report includes a chilling “real world” threat scenario of a malicious actor who launches an International Mobile Subscriber Identity (IMSI) caching attack against a 5G network slice used to connect to and communicate with autonomous vehicles.
Once in the network, the actor launches a DoS attack to cause disruptions between the autonomous vehicle and its authorized controller. The attacker then launches a configuration attack that compromises authentication and authorization policies more broadly thereby granting illicit access to the network slice overall. The result: loss of authorized control over multiple driverless vehicles with obviously disastrous results.
Offering fast download speeds, low latency, and increased traffic capacity, 5G enables a new level of interconnectedness between people and things. In addition to enabling enhanced person to person communications on 5G networks, experts have predicted vastly accelerated growth in the IoT with up to 75 billion devices connected by 2025. An increasing number of these devices will be engaged in mission critical functions that, if compromised, can have serious consequences. These functions include remote monitoring and maintenance in industrial and consumer environments, and key functions to support robotic manufacturing, telemedicine, home automation, smart cities, autonomous vehicles, traffic control, supply chain management, and remote surgery.
Higher Stakes and an Expanded Threat Landscape
5G is raising the stakes on network security while at the same time dramatically increasing the overall threat landscape.
First, 5G networks are generally more decentralized than previous telecommunications generations. Moving the network closer to its endpoints increases speed and lowers latency. But it also makes the higher number of traffic routing points more difficult to monitor and maintain from a security perspective.
Second, while 5G allows the true potential of the IoT to be realized, each of the billions of new devices connected to the network adds a new potential breach point. And not all device manufacturers are prioritizing security in their designs nor have governments established standards to ensure that new connected devices are adequately protected from intrusion. This includes everything from your smart home devices to your car’s infotainment system.
An “All Hands-on Deck” Response
By all accounts, 5G is a game-changing technology that will have immense positive impacts on our lives. But the benefits come with added risks that are going to take a concerted effort by governments, private companies, and consumers to effectively address.
Through CISA and other agencies, the US Government has taken a proactive stance to keep 5G networks secure, seeking to stay ahead of the curve by clearly outlining potential threats and mitigation strategies. Network providers need to do their part as well by focusing on software protections and collaborating with outside firms on better encryption approaches and advanced monitoring. Beyond the network itself, IoT device manufacturers need to build in security to their online products and consumers must take all available steps to secure all their internet devices.
As our world becomes more connected, our shared responsibility for its protection grows in kind. At BlueWing, we continue to support private sector efforts to address and mitigate the risks associated with ongoing 5G advancements.