Safeguarding the future: Managing 5G security risks

By Samantha Kight, Head of Industry Security, GSMA 

5G mobile connectivity is expected to add nearly $1 trillion to the global economy by 2030, with almost half of this coming from new enterprise services and apps, across sectors including finance, healthcare, and education. 

But, as 5G connectivity becomes even more fundamental to our daily lives, so do the cyber security risks it can bring. We need to ensure 5G security addresses the security risks of our interconnected world is as secure as possible, but how? 

Managing the opportunities and risks of 5G connectivity 

As 5G usage gathers pace in both consumer and enterprise settings, its benefits will spread across the global economy. We reached more than one billion 5G connections worldwide at the end of 2022. And, today, over 230 mobile operators in more than 90 markets have launched commercial 5G services.  

Whether  5G mobile is enabling rapid medical care and treatment or replacing the complex cabling between machines, improving productivity and workplace safety at the world’s largest fully connected factory, 5G is revolutionising enterprise services. 5G mobile connectivity is undeniably  delivering on its promise of huge productivity and societal gains. 

However, as highlighted by several speakers at our recent M360 UK Mobile Security & Industries event, as 5G connectivity proliferates and becomes more embedded in every aspect of our lives, so do the security risks associated with this revolutionary technology. From potential cyber-attacks to privacy concerns, managing  security risks is an essential priority for individuals, businesses, and governments alike. 

Compared to its predecessors, 5G networks boast a wider attack surface due to the increased number of connected devices and the denser network infrastructure. Additionally, its reliance on cloud, virtualisation, and software-defined networking (SDN) introduces new avenues for exploitation. However, while 5G has a larger attack surface, the security capabilities designed into 5G by default, are significantly more sophisticated and effective those provided by legacy mobile technologies. 

Some of these 5G security risks include: 

  • Cyber-Attacks: 5G networks will be exposed to various cyber threats, including Distributed Denial of Service (DDoS) attacks, potential data breaches, and ransomware. The higher data speeds and lower latency provide cybercriminals with new opportunities to launch sophisticated attacks. 
  • Supply Chain Vulnerabilities: With 5G infrastructure being built by multiple vendors across the globe, the supply chain becomes complex and potentially more vulnerable to security breaches. A compromised component within the supply chain could lead to widespread vulnerabilities. But at the same time, supply chain competition can drive innovation and enhancements. 
  • Privacy Concerns: The massive influx of data generated by 5G-connected devices raises privacy issues. Unauthorised access to sensitive information can have negative consequences for individuals and organisations. 
  • IoT Vulnerabilities: The proliferation of the Internet of Things (IoT) devices on 5G networks creates a challenge in securing these devices, as many IoT devices may not yet have robust security features. 

Knowledge sharing provides vital protection in an increasingly interconnected world 

For several reasons, the security requirements needed for 5G connectivity are also at risk of fragmentation – something the GSMA is seeing and is focused on. 

As the global mobile industry association, the GSMA sits in a unique position to bring together mobile operators and ecosystem partners and help define industry security specifications. We leverage our global community and platforms to promote awareness and find solutions to tackle industry fraud and security, as well as to assess, analyse, and report on the industry threat landscape.  

This is how, working with our members and industry partners, we recently launched the GSMA Mobile Cybersecurity Knowledge Base (CKB).  

The Mobile CKB brings together a comprehensive threat analysis, the combined insight and intelligence of industry experts from across the ecosystem, including MNOs, vendors, service providers, and regulators. It also includes input collected from public sources such as 3GPP, ENISA and NIST. 

By identifying and understanding the security threats posed by 5G and other mobile networks, we have been able to map these threats to appropriate and effective security controls and provide useful guidance and best practice on a range of risks and mitigation measures.  

As we look to the future, this kind of collaboration across the mobile industry, as well as digitally transforming industries, is vital  to making the interconnected world as secure as possible. But, as connectivity becomes even more deeply embedded in our everyday lives, we need to remember threats are not static and neither is the GSMA Mobile Cybersecurity Knowledge base. 

Security threats evolve and change, just as technology itself does, so we need to constantly reinforce our efforts, working diligently and dynamically to mitigate risks. 

That is why initiatives, such as the GSMA Fraud and Security Group (FASG) are also crucial, where we bring organisations together to identify, prevent or mitigate against fraud and security threats. 

Compared to legacy technologies, the increased use of cloud and open source, means that attacks or threats detected against one network are more likely to be applicable to many networks. Aggregation of threat intelligence across networks provides the ability to detect threats much earlier, which may be too small or distributed at a single network level to be readily identifiable.   

According to GSMA Intelligence, by 2030 5G  will overtake 4G to become the globally dominant mobile technology, with 5.3 billion connections. This brings opportunities and a range of enhanced network security benefits including improved encryption and enhanced threat detection. 5G’s improved speeds, alongside the growing use artificial intelligence, means CISOs and organisations can also utilise the technology to identify threats much faster, analyse vulnerabilities and find fixes. 

The benefits of 5G are clear and increasingly evident. But, to ensure its full potential is realised, cybersecurity practices must evolve in line with this global roll out. Continued  collaboration is critical as security will now have to move at the speed of 5G.