M360 Security for 5G: Security for 5G Predictions 2020
Mark Little, Senior Manager, Consultancy, GSMA Intelligence
Going into this year’s M360 ‘Security for 5G’ event we have selected eight 5G security predictions for 2020. On Tuesday 28th May 2019 17.30-18.00 in The Hague, our distinguished Predictions panel will discuss 5G security and add their own predictions to the list.
- 5G will accelerate a massive expansion of the attack surface
- A major attack on Industrial IoT impacting critical infrastructure
- First exploits targeting the 5G software supply chain (e.g. SDN/NFV, Cloud)
- Hackers will exploit 5G security lag
- GDPR downsides for business will emerge
- Consumers get serious about privacy & security tools to protect their ‘personal economy’
- Cybersecurity goes on the attack in the dark net
- Better integrated cyber defenses and multi-layered security will be proven against a major cyber exploit
IoT devices are already driving significant growth in the breadth of the threat landscape. Now 5G’s slicing and softwarization of the network is set to catalyze its complexity as well. Breaches will only get worse, and this time we will see advanced use of AI and DIY hacking kits available from the dark net enabling amateurs and hacking-as-a-service.
5G connectivity will enable a huge increase in the use of IoT devices and industrial control systems for DDoS attacks, phishing, ransomware, and crypto mining. However, attribution and intelligence on cyber-attacks is expected to improve markedly next year enabling better predictive maintenance and coordination of strategic response.
SDN, NFV, cloud platforms and open source software are powerful technologies central to the future of mobile networks’ supply chain. But without proper planning and automation the complexity of this supply chain can make it easy to misconfigure leading to the exploitation of network vulnerabilities in 2020.
In the race to 5G deployment there is a risk that security-by-design gets left behind; integrating legacy networks with 5G could create interworking vulnerabilities; IP-based signaling security threatens a protocol that could be insecure and complicated to monitor; hasty deployments could lead to inaccurate provisioning according to 5G standards; availability of cybersecurity skills will also fall behind in 2020 exacerbating the security lag for 5G networks still further.
The 5G attack surface could make GDPR compliance more expensive. New business application development will become conflicted between spending on GDPR compliance and security-by-design or even between paying the cheapest between ransomeware demand or ICO fine. Chasing GDPR compliance, could distract companies leading to critical cyber-security omissions.
Increased awareness of digital risks. People start to defend themselves and their ‘personal economy’; protecting their net wealth from personalization that over-exploits their spending, defending their knowledge from fakery; and managing their positive reputation and influence. Consumers start choosing companies that champion their privacy and data, respecting and protecting their interests.
Next year we will see cybersecurity forces indexing the dark web and a growing number of missions to disrupt illegal data market places. Failure to degrade the power of the dark net as a considerable cybercrime asset will increase the velocity and frequency of major exploits.
In 2020 the bad actors will not have it all their own way. Cybersecurity forces will see some big wins and new multi-layered security approaches will prove their worth. Cyber defenses will see closer integration across security, attribution, intelligence, strategic response, and cyber insurance.
The views and opinions expressed in this piece belong to the author and do not necessarily reflect those of the GSMA.