According to a report by PwC, the increase in productivity based on 5G will give the global gross domestic product an increase of $1.3 trillion by 2030. An increase resulting from the implementation of the new communication standard, which will take businesses and services to new heights. PwC’s projections show how 5G technology, used in combination with investments in artificial intelligence (AI) and the Internet of Things (IoT), could offer the potential for rethinking business models and the emergence of new services. These opportunities will also bring cyber security risks, requiring companies and governments to consider new regulatory approaches focused on the secure use of 5G.
So many risks…
Although 5G is revolutionary with its high speeds and connectivity capabilities, there are several ways in which it can also open the door to new vulnerabilities. The standard will lead to the explosion of IoT and IoMT (Internet of Medical Things) where cyber security will be paramount. For example, with new medical technologies, doctors could place a patch with a heart sensor on a patient’s chest, from which they would then stream ECG (electrocardiogram) data to a cloud server for analysis and interpretation. This is critical data that, if compromised by hackers, can be manipulated, which opens the scenario to remote control of such accessories that can alter analysis, diagnosis and the validity of prescribed drugs.
The challenges of protecting organisations from cyber attacks increased dramatically during the pandemic as ‘working from anywhere’ was accepted as part of the ‘new normal’ in modern corporate culture. Unfortunately, with such a large population spending time online from home using more devices susceptible to attack, cybercriminals are easily finding ways to outsmart their victims.
…but also benefits
But while the rapid shift to a remote workforce has created new opportunities for cybercriminals, forward-thinking companies are targeting their investments in 5G technology solutions to combat the enemy and prove they can operate successfully in an entirely virtual age. Think of scenarios where the massive use of devices of different origins and with different applications increases the risk that a single vulnerability found in one type of device, or a possible misconfiguration, could expose a huge amount of data in a very short time or grant control of entire portions of devices (think, for example, of scenarios such as those seen in the Mirai case).
One of the promises offered by 5G in the security field is the ability to monitor the digital activities of potential criminals faster, in real time. But that’s not all: innovations in algorithms and machine learning will make it possible to implement risk prevention operations and anticipate attacks. Knowing where and how crackers will strike will be crucial to beat them to the punch.
Therefore, from a strictly cybersecurity-related point of view, two problems arise: the first is the implementation and secure deployment of the infrastructure on the service provider side, and with it the provision of technical and organizational security measures; the second is instead due to the increase in the attack surface and the risk levels associated with it, and is consequent to the very paradigm that 5G embodies: that of a distributed ecosystem, continuously connected, composed of a multitude of devices with different ‘vertical’ applications that fall on strategic sectors.
Governments must establish a new cyber regulatory paradigm
As part of the international drive towards the deployment of 5G networks and, at the same time, their adequate protection, in June 2021 the European Commission established the office of the European Union Agency for Cyber Security (Enisa) in Brussels, with a plan for a new joint cyber unit “to address the increase in serious cyber incidents affecting public services and the lives of businesses and citizens across the European Union”. The Commission underlines that “it is becoming increasingly necessary to deploy advanced and coordinated cyber security responses in the face of a growing number of cyber attacks of ever-increasing scale and impact on our security. All relevant actors in the EU must be ready to respond collectively and to exchange relevant information on a need-to-share, rather than a simple ‘need-to-know’ basis”.
The aim is to ensure that the operational phase of the Joint Unit starts on 30 June 2022 and is fully operational within the following 12 months, i.e. by 30 June 2023. The European Union Agency for Cyber Security (Enisa) will act as the secretariat in the preparatory phase and the joint cyber security unit will operate in the vicinity of Enisa’s Brussels office and Cert-Ue, the Computer Emergency Response Team of the EU institutions, bodies and agencies.
At European level, the importance of 5G networks has already been recognised, not only for digital communications, but also for other sectors such as banking or healthcare. Ensuring cybersecurity is therefore a key issue for the Brussels leadership. Already in 2020, at the height of the pandemic, the EU agreed on a toolkit to identify possible common measures to mitigate the main risks to next-generation networks.
According to the parameters, individual users can also implement good practices to protect themselves. For example, implementing advanced threat prevention to protect all connected devices. Using micro-scale plug-ins to control every property of the device interfacing with the 5G network. Using a VPN (Virtual Private Network) to ensure privacy, anonymity and data security and, finally, keeping all IoT devices up to date, as well as using strong, differentiated passwords.