M360 ‘Security for 5G’ Predictions Panel - GSMA Mobile 360 Series

M360 ‘Security for 5G’ Predictions Panel

5G Security predictions for 2020
Following 2019’s M360 ‘Security for 5G’ event in The Hague, we have updated our 5G Security Predictions with inputs from our distinguished security panel: Jamie Collier (Digital Shadows), Philip Celestini (Syniverse), Pieter Veenstra (NetNumber), and William Dixon (World Economic Forum). Thanks to the insights provided by this expert panel we have been able to upgrade and share with you the following 5G Security predictions for 2020:

  1. 5G will accelerate a massive expansion of the attack surface
  2. IoT devices are already driving significant growth in the breadth of the threat landscape. Now 5G’s slicing and softwarization of the network is set to increase its complexity as well. Breaches will only get worse, and this time we will see advanced use of adversarial AI and DIY hacking kits available from the darknet enabling amateurs and hacking-as-a-service.

  3. First exploits targeting vulnerabilities in the 5G software supply chain
  4. The complexity of integrating SDN, NFV, cloud and open source in the 5G software supply chain requires proper planning and AI automation, without which it will become difficult to manage and easy to misconfigure. Furthermore, a multitude of third parties providing network functions to a highly ‘laminated’ 5G stack can fragment the security environment damaging the trust model that governs solutions, systems and networks. If the trust model is not upgraded to meet 5G’s network security topology, authentication of these third parties could become a new attack vector.

  5. Cyber intelligence and attribution weaknesses will be publically acknowledged
  6. Effective cyber intelligence contributes to successful attribution and investigation of cybercrime and improves cybersecurity. But the attribution rate is still too low (e.g. currently estimated at 0.05% of exploits in the USA) and predicted to worsen in the coming year. Poor relationships between public and private cyber intelligence communities will also get worse in 2020 before they get better. When it does, we will see improved partnering and communications, better predictive security engineering, and the indexing of the dark web resulting in a growing number of takedowns.

  7. Data exposure could reach a critical level on the darknet
  8. Poor mainstream digital literacy will continue to expose peoples’ and organisations’ data to breaches. This will be exacerbated by gaps in encryption of non-standalone 5G networks, accelerating the number and size of breaches exposing our data. The quantity and richness of sensitive data sinking into the darknet will increasingly be exploited by adversarial AI capable of optimizing and ‘productising’ this data for financial, industrial and geo-political gain.

  9. A major attack on Industrial IoT impacting critical infrastructure
  10. 5G connectivity will enable a huge increase in the use of IoT devices and industrial control systems for DDoS attacks, phishing, ransomware, and crypto mining. But 2020 will also see emerging exploits that use data corruption through sensors to misinform organizational decision making. Unfortunately cybersecurity basics capable of mitigating these exploits, such as faster patching and improvements in OTA updates, are not expected anytime soon.

  11. New vulnerabilities will be attributed to a lag in 5G security
  12. In the race to 5G deployment there is a risk that security-by-design gets left behind; integrating legacy networks with 5G could create interworking vulnerabilities and gaps in encryption; IP-based signaling security threatens to be insecure and complicated to monitor; hasty deployments could lead to inaccurate provisioning to 5G standards; and availability of cybersecurity skills will also fall behind in 2020 exacerbating the security lag for 5G networks still further.

  13. Early adopters get serious about privacy & security tools to protect their ‘personal economy’
  14. As risk awareness grows, early adopting consumers will invest in privacy & security tools that defend their ‘personal economy’; protecting their net wealth from personalization that over-exploits their spending; defending their knowledge from fakery; and managing their positive reputation and influence. These consumers start to search out and choose companies that will champion their privacy and data, as well as respect and protect their interests.

  15. Enterprises will raise the topic of 5G security assurances for operator SLAs
  16. Complexity and the sheer number of vendors have the potential to fragment the 5G ‘service chain’ causing gaps and leaks resulting in unknown new threats that attract rogue elements. Enterprises recognizing the existence of such threats and the critical importance of network slicing for future business transformation, will be looking for security assurances baked in to operator SLAs.

The views and opinions expressed in this piece belong to the author and do not necessarily reflect those of the GSMA.


Related posts