In October, after months of deliberation and consideration, the European Commission published a report that highlighted the wider cyber security risks of 5G networks by state-backed entities. The lack of market incentives to address the risks means that introducing regulation to safeguard 5G networks looks increasingly likely.
Weeks before, the EU’s Network and Information Security Co-Operation Group (NIS) completed its risk assessment of the cyber security of international 5G networks. The report highlighted that threats, threat actors, network vulnerabilities and risk scenarios are presently not adequately mitigated to provide the utmost confidence in 5G.
The Specifics of the Report
Anyone who’s not an expert in cyber security or 5G would be forgiven for scratching their head and wondering what the big deal is. However, there are several factors that compromise the suitability for 5G technology to be rolled out across every single network right now – factors that consumers should at least be aware of.
For starters, there is a concern that a lack of investment at the software development stage has compromised the security of the networks. This could pose a threat to users, with people’s personal data being at risk of being stolen or cloned by individuals and entities.
There is also the concern that certain aspects of present network equipment won’t have the capacity to handle the performance of 5G networks. Base stations were highlighted as examples of this. A standard 5G base station is responsible for the spatial filtering of multiple input and output (MIMO) antennas and it’s not yet known if these base stations will be able to support 5G performance.
It’s also been questioned whether telecoms companies are overly dependent on a small number of suppliers – Vodaphone 5G, EE, O2 and Three. Now the problem is that of the four main suppliers, the full extent of their cyber security infrastructure is unknown.
However, the biggest concern highlighted by the report was state-backed threats. This is an ongoing issue, one that was in the news just this last week. APT41, one of China’s most prolific hacking groups, has apparently developed a new kind of malware that can steal SMS messages from a cellular network.
Before comprehensive public confidence can be attained, pervasive threats must be mitigated. Staunch regulation seems to be one of the surest ways to safeguard networks – though this will come at a cost to both consumers and suppliers.
The Threat Actor Landscape
At present, both state (foreign governments and agencies) and non-state actors (individuals and organisations) have the potential to pose a cyber security threat. However, even if excluded from the 5G infrastructure supply chains, state and state-sponsored actors retain the capability to threaten the confidentiality, integrity and availability of 5G networks.
Need evidence of this? According to the NCSC (the National Cyber Security Centre), Russian hackers have breached UK systems without supplying telecommunications components. Then there’s all the hullabaloo surrounding Chinese ICT company, Huawei, and how the state-backed hacking group, known as APT41, was able to steal geopolitical text messages using malware dubbed ‘Messagetap’.
The threats from non-state actors is likely to be from organised cyber-crime groups or determined hacktivists. There’s also the possibility that hackers could seek to exploit individuals for personal financial gain by gaining access to 5G networks and stealing user’s personal data.
It’s clear that there is still a heightened threat to 5G user’s and the security of our data. Whilst the technology is still relatively new the threat actor landscape will always be greater. However, once protocols are put in place, the opportunity for incursion will diminish.
Will 5G Networks Be Regulated?
The EU has already announced its commitment to ensuring a high level of cyber security of every 5G network across the EU. Whereas this doesn’t automatically mean that 5G will be subject to governmental oversight, it is clear evidence that the EU is taking the issue of 5G cyber security very seriously.
However, it’s clear that collaboration between network operators, governments, local authorities, municipalities and the private sector is a requisite to ensure successful deployment for, if nothing else, it will streamline the process, removing any bureaucratic hurdles related to permit processes and regulations. What form is regulation likely to take?
Access to Sites and Antenna
Whilst 5G will leverage existing infrastructure assets, the inevitable increase in traffic, rise in spectrum bands and increase in equipment is critical to network success. Base stations and antennas must be optimally located to support the infrastructure and provide the requested services to society.
In urban areas with a short distance between sites, it may be possible to make use of the existing network grid. However, as more capacity is required, more base stations and antennas will be required. To fully leverage the technology, spatial solutions must be identified.
It’s therefore imperative that local and central authorities take an active role in making sure that permissions to establish or lease access to sites, antennas, equipment, transmissions and fibre cabling. There is no one solution to resolve these issues. Policy makers must pursue a feasible solution within the parameters of their geographic location.
Transmission Capacity
As network performance expectations rise, including capacity, peak rates and low latency, transmission capacity must be improved. 5G networks will require upgrades to ensure seamless connectivity.
It’s very likely that a broad range of country-specific solutions will be required. It’s likely that mobile operators will lease 5G transmission capacity and that regulated access to this infrastructure will be needed.
To build more transmission capacity, easy access to duct and trenches will be required. Where governments and municipalities have control over some assets, access should be mandatory and at a reasonable cost.
5G Realisation through Collaboration
To ensure efficient deployment and optimised benefits, broad collaboration between network operators and public and private sectors will be required to broaden the societal benefits of 5G.
The public sector is touted as being the frontrunner of the 5G revolution. Collaboration with local and central authorities can be established to exchange infrastructure build-out plans. This must be achieved within regulatory boundaries.
Such initiatives lower costs and increase benefits for all parties and society. Communities that want to benefit from using 5G sensors to monitor different infrastructure such as water pipes, electricity, buildings can benefit from collaborating with third parties, providing that all regulations are met.
In collaborating with network operators, roll-out speed will be increased for both active and passive network sharing. Not only is this cheaper but it will reduce any unsightly aesthetic in rural and urban environments.
Are We Facing the Prospect of Staunch Regulation of 5G Networks?
It’s likely that the ubiquitous integration of a 5G network ecosystem will not be free of regulatory oversight. However, give the implementation of a vastly different and evolved infrastructure, that for society to benefit from EE, O2, Three and Vodafone 5G compromises must be made.
Does this mean that we’re facing staunch network regulation? Probably not, at least not staunch regulation. There will be regulatory changes, of course, but any changes to the current 4G and 4G LTE ecosystem when 5G is officially launched across all networks are likely to be in-keeping with the goal of boosting performance so that everyone can enjoy a better overall experience.