This week, we have a guest post from Majid Ali, Principal Cyber Security Consultant at NTT Security.

 

From smart cities and smart airports to self-driving cars, and all the way through to automation of factories – these all have incredible potential thanks to 5G.

 

The next generation of mobile technology truly has something special to offer. Not only will it promise faster download speeds, higher uploads, and low latency, but also look to revolutionize to the telecommunications industry as a whole. 


The coming years will witness a race to deploy 5G coverage globally, with providers eyeing up the prize of being able to put that long sought after 5G logo on all of their marketing material and profess to be the first provider to deploy 5G to its customer base. 


One could be forgiven for getting caught up in the hype. After all, it's difficult not to given the amount of research, investment and thought processes that have gone into 5G. So with all the hype and discussions around 5G, is it really the holy grail of next-generation communication?  


In some sense: yes. With predictions by Gartner on the number of internet ready devices connecting to the internet by 2020 reaching a staggering 50 billion, followed by one billion 5G devices by 2023, it’s not surprising we’ll see 5G become increasingly part of our everyday lives. We’ll see the establishment of smart cities and autonomous vehicle connectivity, as well as the integration of Artificial Intelligence (AI), providing connectivity critical infrastructure and much more. Ultimately, the use cases associated with 5G truly are endless. 


Yet, with so many positives and promises around 5G, do we have anything to worry about? The simple answer to this is: yes. With any great advancement, comes the risk of someone wanting to cause harm – be that for ego, financial gain, state sponsored espionage or rogue actors all wanting the same thing. And that’s knowledge. The ability to know what is occurring, how it occurs and when it occurs provides these actors a means to launch sophisticated attacks to gain access to your data.


With all these concerns about malicious attacks and the individuals behind them, what should providers and government bodies be doing to combat this emerging threat? The first step in this process would be to think like an attacker. Threat modeling is an invaluable process that will allow organizations and individuals to map out attack vectors and provide adequate countermeasures. The STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege) threat modeling process from Microsoft is a great starting point for looking at 5G attack vectors and mapping them to the relevant areas within the STRIDE model. 


Secondly, acknowledging and appreciating that 5G, while it sees the deployment of new supporting infrastructure, will no doubt leverage components of its predecessors – the 3G and 4G networks. Therefore, attacks attributed to those older networks may allow a malicious individual to move laterally across networks to get to the intended target, which reinforces the importance of businesses thinking like an attacker so that they can stop them.  


Lastly, a unified collaboration effort needs to occur between providers, government bodies and independent organizations to enhance those well-established standards such as ETSI and 3GPP to address the continuously growing threat landscape when it comes to 5G implementation. 


NTT Group, for example, in conjunction with its subsidiaries NTT Docomo, NTT DATA, NTT Security and Dimension Data, is at the forefront of developing and helping its clients embrace 5G in a well thought-out and risk-based approach – bringing 5G closer to becoming the holy grail of next-generation communication.