The 2020 version of the Verizon Mobile Security Index included a section on 5G and the Internet of Things (IoT) that delves into how the attack surface is expanding because of the increasing number and types of connected devices. For example, the report, which is based on a survey of 850+ professionals who buy, manage, and secure mobile and IoT devices, indicated that 31% of respondents admitted to having suffered a compromise involving an IoT device.
While 5G wireless service has more security considerations than any other mobile generation, it is built on virtual networks, which are not native to telcos, said Jimmy Jones, telecom cybersecurity expert, Positive Technologies. "The question becomes, 'How do you expand your vulnerability exposures to cloud ones as well as network ones?'"
With the move from 4G to 5G, there obviously are upgrades involved, and people must access the network in different ways. The possibility is there that they could do so maliciously and create threats, Jones said. Another factor is that 5G is designed for IoT, which is hugely diverse and has multiple use cases.
"(You) slice the network and tailor each particular slice of the network to support a (particular) application. What that means is that telephone operators, instead of looking after one fundamental network, are (looking after) tens or hundreds," Jones said.
Telcos have a lot of experience with person-to-person communication, but this could be flipped on its head with 5G, where the talking is to machines. There also has been an explosion in mobile licenses, and the number of companies providing service has gone up.
"It's no longer an old boys network," Jones said. "(You) have to be connected to all different companies. Everyone expects the mobile network to work."
There are more interfaces for IoT, and by opening up the network for more specific applications - like power meters, for example - the telcos are moving away from their core business.
"You are building in a likelihood for problems. The first market mover advances. Instead of the long, slow process of bringing a telco application to market, there is a much faster line to market," Jones said. "What we need to make sure (of) is that the trust level isn't eroded by bringing on applications that are not what we think of as telecom standards."
Jones said that it will be key for telcos to work with security experts that understand multiple verticals. "(They) need to understand physical threats, but also real-world threats. Really what telcos need to do is to speak to companies who understand both sides."
