The upcoming roll-out of 5G across Australia presents many opportunities for the tech industry, but it also presents risks that will need to be faced and managed.
Both the opportunities and the risks of 5G stem from the basic fact that 5G networks are faster than those they are replacing.
This speed means that ideas that have been on the drawing board for quite some time can finally come to life: self-driving cars, remote surgery, and a truly integrated IoT all require 5G to work. At the same time, the speed of 5G networks make threats harder to respond to, giving security professionals less time to mitigate attacks, whether these come from hackers or governments.
For that reason, and as we put it in a previous article, security and regulatory concerns will play a key part in the 5G roll out, and this is an area in which policy makers and politicians need to collaborate with the industry in order to put policy frameworks in place. Exactly what those policy frameworks will look like remains to be seen, but it's pretty certain that they won't include Trump’s crazy plan to build his own 5G network.
Instead, we need to start looking at all aspects of mobile data networks in terms of security.
The opportunities for innovation that 5G promises are vast. As Fred Streefland, CISO for the Benelux and Northern East Europe region at Palo Alto Networks, told ThreatPost recently, the applications for 5G networks covers everything from self-driving cars to remote surgery.
Perhaps most exciting, though, is the rapid expansion of the IoT that 5G could bring about. IoT is already a huge growth sector in Australia, but the speed of the 5G network promises to allow more devices than ever before to be connected.
There are also signs that Australia will become (or perhaps already is) a leader in 5G adoption. The Australian Communications and Media Authority recently revealed it is speeding up the process to release and sell part of the spectrum for 5G services, and has fast-tracked the auction for 5G bandwidth.
Australian companies are on board as well. Telstra is looking to consolidate its dominance in the telecom market by offering 5G in 2019, way ahead of similar systems in Europe and America.
All of this adds up to a huge opportunity. But one that also involves risks.
When it comes to cybersecurity, 5G brings widespread risks across all sectors. There are three areas, though, where these threats are particularly acute.
Read more: There are no hackers - there are only spies
The first is national security. The recent row about Huawei, a Chinese phone manufacturer, is a great example of this. Huawei is now banned from the upcoming 5G rollout in Australia because of concerns that allowing it to participate could allow the Chinese government to expand its already extensive surveillance operations. Further, as a fellow member of the Five Eyes Alliance, Australia allowing Huawei to take part in the 5G rollout could have been construed by Washington as giving China a backdoor into US intelligence networks. Similar rows recently broke out in the UK and US, and have left Huawei facing a ban in both territories.
National security is not something that your average IT professional can do much about, but the other risks posed by 5G are more manageable. One is that 5G poses risks to IoT infrastructure. Since 5G is expected to lead to an exponential expansion of the IoT, robust systems need to be developed for authenticating every device that is connected to the network. The rise in IoT botnets has been one of the stand-out stories of recent years, and this type of threat desperately needs addressing.
Finally, the speed of 5G data exchanges poses a threat in itself. Fred Streefland also told ThreatPost that “Things are moving faster, so if there’s a bad person who wants to do something bad in the network, it probably already happened before we detect it nowadays.”
Meeting these threats will be difficult, but not impossible.
Policy makers undoubtedly have a part to play, and it’s reassuring that some (at least) are taking the security implications of 5G seriously. Back in April, the EU asked its member states to complete a national risk assessment of 5G network infrastructures by the end of June this year, and urged them to update existing security requirements for network providers.
The industry will also need to take its own steps to combat the increased risks that 5G brings. In his interview with ThreatPost, Streefland makes a compelling case for integrating security into the design of 5G networks, and argues that the tech sector will need to work much more closely with telecom providers to achieve this.
There is also much that can be done to improve the security of IoT devices. These will need to be ‘authenticated by default’. As Streefland puts it, “We call it a zero-trust approach. Zero trust means never trust, always verify. So, everything that happens on the network, every device, every IoT device, but also all the data.” This, in turn, requires that consumer tech also needs to be secure by default and from the earliest stages.
Other experts agree. Will Ellis, founder of consumer research group PrivacyAustralia.net, was contacted by email for his thoughts on the topic and put it like this: “Security needs to be built in at the design stage. That’s the only way the IoT phenomenon will ever reach its full potential.”
The Future is (Almost) Here
Ultimately, dealing with the increased threats that 5G brings requires us to draw on similarly new technologies. AI, for instance, is revolutionizing cybersecurity, and could help to secure 5G networks, as could innovative approaches to cloud security.
If we get it right, 5G could herald a new age, in which every device is securely connected and networked, and able to communicate seamlessly and instantly. If we get it wrong, we will merely be undermining all of the work that has been done to secure existing mobile networks.