From a geopolitical perspective, the greatest risk arising from 5G networks is the possibility that any one nation state could have a monopoly over this critical technology.
Rather than governments viewing 5G rollout as a race against one another, it is in everybody’s best interests that 5G infrastructure is rolled out only when its security can be guaranteed.
5G will ultimately become a way to automate our factories, create smart cities and operate connected cars, not merely a way to get better cell phone coverage. However, 5G is both promising and risky. In this situation, the cyberworld meets the physical world and the vulnerabilities associated with 5G technology could have very damaging consequences.
Threats to manufacturing and industrial sectors
The manufacturing sector is a prime example. Globally, competition in the manufacturing sector is fierce. To make their factories smarter, more efficient and more productive, manufacturers are exploiting 5G networks at a rapid pace, without having necessarily assessed all of the security risks.
The manufacturing sector is embracing the next generation of manufacturing technology, dubbed ‘Industry 4.0’. Manufacturers are rapidly adding monitoring and control technologies to their production plants, analysing data to enhance productivity, stability, safety and ultimately improve efficiency to increase profits.
5G is a key component of Industry 4.0: it greatly enhances connectivity for monitoring and control of manufacturing processes but adds a new element of risk as well.
There is already risk of cyberattacks on factories due to their increasing connectivity to the internet, which can enable hackers to reach industrial control systems that were previously digitally isolated.
These risks will be compounded when they are connected over 5G networks if one nation state has a monopoly over 5G technology.
In the event of a global conflict, that nation state could disrupt other countries’ manufacturing operations. In an increasingly competitive climate, it raises the potential for rivals or bad actors to cause disruption to factory floors. An attack could be highly targeted to impact particular sectors and even particular companies.
How do we respond to this risk?
A key to reducing the vulnerability of 5G networks – either from deliberately introduced ‘back doors’ or from cyber criminals – is to make them less dependent on proprietary technologies, by creating open software standards that would enable 5G networks to use 5G network equipment from multiple vendors.
There is already considerable momentum in this direction with Open Radio Access Networks (OpenRAN). The initiative aims to reduce the reliance on a small number of vendors of 5G network equipment by decoupling the hardware and software components of the network.
Leading the move to OpenRAN is the O-Ran Alliance. It was founded by mobile network operators to clearly define requirements for open radio networks and help build a supply chain ecosystem.
The alliance argues that traditional network equipment supply chain and procurement models must change: “Status quo, proprietary product architectures and complicated, vendor specific operations and management (O&M) systems will not serve … operator’s collective goals and must evolve to overcome the real capital, operational and technical challenges the industry is facing today.”
Ideally, we will see nation states come together and develop a set of common standards. Network operators will be able to build their networks based on these common standards and use hardware from multiple 5G vendors, rather than a single company such as Huawei.
Some may say this approach is optimistic, but it is good for business on a number of levels. It would bring down the cost of 5G and improve security. Opening the code up to the research community would enable researchers to find bugs and work with vendors in a responsible manner to patch and disclose those bugs.
Open coding standards are good for security, good for competition and good for geopolitical stability.
Eddie Stefanescu is Regional Vice President of Business – APJ at Claroty, an industrial cybersecurity company.