These risks are all associated with 5G, but those linked to previous generations can’t be neglected either. 5G will have to support legacy devices even in the most forward-thinking markets, and beyond the local market backward compatibility will be needed for many years. Connectivity to other regions for roaming is probably the most enduring: vacationing in small exotic locales usually requires us to use earlier mobile technologies, as the local economies may not be able to support the expense of upgrading, and that opens both us and our home network to the threats they contain.
To be clear, telecom networks are still the most secure way to connect devices; the same authorization and encryption you receive on a cellular device via SIM/eSIM/UICC technology underpins all connectivity, and this applies to IoT as well. 5G also benefits from security being a primary concern from the time these standards were initiated, marking a significant improvement from previous generations. In short, while all of the technical threats outlined previously are real, 5G also represents the best security choice for any connected device.
Not all threats are technical, however. Another factor in this perfect storm of security has to do with the integration of other industries’ processes, workflows and expectations. Telecom has been a beacon of reliability for the last 140 years, achieved through design, testing, massive investments and cooperation between operators. However, all this takes time, and history tells us that time is not always available.
Some operators will recall the time and effort that went into the Rich Communication Suite (RCS) 15 or so years ago. Ironically, the technology is now being revived, but back then a host of competitors—Skype, WhatsApp, Telegram, and others—moved faster and captured the market. This is because telecom operators were held to a higher standard, both by regulation and to retain their premium reputation.
The telephone has always been our lifeline in times of emergency; 911 has been drilled into our psyche since we were children. If you ever have to call that number, you will use your mobile operator’s direct service. This level of trust results from absolute diligence in service delivery and testing, which can take time.
So how does this work when 5G provides ubiquitous connectivity and new IoT apps appear every day? As some industry verticals move very quickly, how do we ensure security before integrating them to 5G? And remember, rolling out the service is just the very start: long-term security must encompass maintenance and management, including regular patching, upgrades, configuration, and more.
We can see clear signs of an acceleration in the industry already. After updating the 5G advice, ENISA noted that due to the “dynamic nature of 5G technology and the related threat landscape” they “may consider using an alternative electronic format ... to better support regular updates.” This is surely wise—and it shows how forward-thinking organizations understand the unparalleled threat to security. But it also indicates that ENISA understands that 5G is going to be far more dynamic and require a whole new way of working to keep pace with the changes and innovation we will experience.
In summary, we need to work together. Operators must be supported by all their vendors cooperating, with security specialists advising network equipment providers to secure as efficiently as possible. Providers of connected services and devices must share needs with their telcos to allow them to best understand them and support them. Finally, as consumers, we must be mature enough to grasp that security is an imperative. Our buying decisions have enormous power.
5G will soon touch every aspect of our lives. When it’s truly secure, it can be hugely beneficial. When it’s not, it can bring disaster. We have to do it right.