Business Transformation

Keep Your 5G Attack Space in Check

The new technology promises high speeds, enhanced productivity, and a turbo-charged economy. It will also have three threat vectors. Here's how to address them.

A 300,000-square-foot industrial shed in the Dallas suburb of Lewisville sits baking in the Texas sun. Sandwiched between a highway interchange and a handful of similarly vast structures, only solar panels in the parking lot set it apart from the rest of the industrial landscape.

Inside is the future: the nation’s first fully automated 5G smart factory. Run by Swedish telecom giant Ericsson, the plant boasts 200 robots and runs on a private, closed-loop 5G network that boosts productivity and shields data from the reach of cyber intruders, making it one of the industry’s most secure facilities.

“If you drive by on the road outside,” says Peter Linder, head of Ericsson’s 5G marketing in North America, “you don’t have access” to the network.

Control all network IT assets in minutes with automated client management.

The technological strengths of 5G, a.k.a. fifth-generation wireless cellular technology, will provide the foundation for a Fourth Industrial Revolution, boosting productivity and turbo-charging economies. But the revolution will also arrive with unique cybersecurity vulnerabilities. In practice, all 5G devices will be interconnected. That increases their cyber risk. In addition, 5G technology is still in its infancy and not yet fully tested. Unless enterprises have their antennas up and their network hatches battened down, hackers could have a 5G data field day.

Designed for cloud computing, 5G’s faster speeds and low-latency (nearly instantaneous reaction time) give businesses the capacity to use machine learning to increase automation and improve efficiency. Because of the increased capacity it offers, 5G enables data from Internet of Things (IoS) devices to be processed locally with edge computing, installing applications like artificial intelligence directly on endpoints. In a smart factory setting, 5G allows for parts and equipment to be organized, stored, and tracked electronically. Everything from forklifts to manufacturing robots can be connected and controlled by this high-speed network.

At the Lewisville factory, the benefits that Linder touts are clear. He says output per employee is 120% higher than at the company’s next most automated plant. But, he says, the real benefit is the flexibility that 5G provides. Operators at the Lewisville factory can swiftly adapt production to changing consumer demands, disrupted supply chains, and rapid innovation.

Threat vectors

As 5G paves the way for similar smart factories and smart cities—as well as empowering remote workforces—securing devices and networks will be a challenge. More tools, in the already sprawling enterprise IT toolkit, will be needed to segregate, parcel, and securely store the extra data over public 5G networks.

Our factory is at the absolute forefront of what is going on in the U.S., so we can share the knowledge.
Peter Linder, head of 5G marketing in North America, Ericsson
The three prime threat vectors for 5G technology, according to a recent report by the federal Cybersecurity and Infrastructure Security Agency (CISA):

  • Policies and standards: Nation-states could try to monopolize 5G standards in important emerging markets like autonomous vehicles or telemedicine to benefit their own technologies. Their technologies, in turn, may be untrusted and could put the U.S. at a disadvantage. Where security protocols for telecommunications are optional, some networks—whether corporate, academic, or consumer household—may carry unknown vulnerabilities.
  • Supply chain: Like any supply chain, 5G’s could be susceptible to malware infection. There’s also an increased risk for introducing counterfeit components into the system.
  • 5G architecture: While telecommunications companies have designed 5G to be more secure, it will often sit on top of 4G Long Term Evolution networks that contain legacy vulnerabilities. That could allow bad actors to force downgrades on vulnerable 4G configurations and, from there, change access to information, steal data, and even clone end-user devices.

So how can 5G technology be locked down? A big selling point of the platform is the ease with which data can be removed from silos to enable businesses to gain strategic insight. Breaking up system silos and releasing information onto shared platforms within an enterprise system may seem like adding a new attack space for hackers. But if done properly, IT teams can mitigate that threat. For instance, the use of zero-trust practices, in which every endpoint and IP address must be verified before data can be shared on a network, have over the past year of remote work become a gold standard.

5G protection

To boost 5G security more generally, companies can operate private 5G networks much like Ericsson’s in Lewisville. Unlike public 5G, which includes several different parts of the wireless spectrum, a private 5G network inhabits a relatively narrow band, making it easier to manage. It is also more secure because data remains on
the enterprise’s own network instead of being transmitted over public networks.

While 5G [is designed] to be more secure, it will often sit on top of 4G networks that contain legacy vulnerabilities.
Enterprises that use 5G public networks for their products or for the devices that enable remote work must be vigilant, embedding security protections into every endpoint. Whether it’s a smart thermometer in a hospital, sensors for monitoring factory inventory, or the laptop of an employee connecting to a network, the new avenues for potential security breaches must be policed. To do this, IT leaders should focus on maintaining and updating operating systems, firewalls, and software.

This is where practicing good cyber hygiene comes in. Whatever the technology supporting a company’s enterprise system, the most successful intrusions are often the result of a routine operational lapse: failing to know what endpoints are connecting to a network, not rapidly monitoring and deploying patch updates, or making incorrect security configurations. Cyber hygiene helps reduce common vulnerabilities by identifying risks and deploying tools to reduce or resolve them.

[Read also: Cyber hygiene—proactive risk management starts here]

A solid cyber hygiene foundation can be created by following some basic best-practice steps: Maintain a rigorous IT asset inventory (so you know exactly where your most prized assets are stored). Ensure that passwords are strong, software is updated regularly, data backup procedures are in place, administrative privileges are under strict controls, and an incident response plan is in place.

Drones and sensors

Back at Ericsson’s Lewisville plant, robots outnumber employees as people and machines connect remote sensors and controls with cloud-level computing capacity and artificial intelligence to produce transmitters for 5G technology. Robots and drones even unpack parts that arrive by truck. The new automated system eliminates 65% of the manual material handling, getting parts to production lines 75% faster, says Linder.

The plant is also a test bed for Ericsson’s customer solutions. Through agile workflow and its industrial IoT architecture, the 5G smart factory team has developed 25 use cases that can be deployed at scale at other plants. Among them: efficient energy management, digital performance monitoring, and using augmented reality headsets for remote maintenance and factory troubleshooting.

[Read also: Bodies electric: the promise of 6G wireless technology]

Linder concedes that not every company is in the sweet spot Ericsson occupies—using 5G know-how to produce secure 5G kits for companies. “We drink our own champagne,” he laughs. “Our factory is at the absolute forefront of what is going on in the U.S., so we can share the knowledge.”

Rather than allow cyber intruders to spoil the party, Linder stresses, embedding 5G operational transitions with 5G security will keep risks at bay and not allow them to become breaches.

Peter Green
Peter Green is an award-winning editor and reporter. He has worked at the International Herald Tribune and Bloomberg News and specializes in investigative reporting and covering technology news.