Despite the hype surrounding the roll-out of faster, higher-bandwidth 5G, the reality is that many of the services that it will enable have already been provided through its 4G predecessor and various networks. But the technology underlying 5G marks a break with the past in some important ways, including a fundamental reconceptualisation of what a communications network looks like. While the previous four generations of mobile technology were founded on physical architecture, 5G is first and foremost a virtual network — finally turning the convergence of networks and wireless communication into reality.
This shift to 5G is happening against the backdrop of the COVID-19 global emergency where larger numbers of people are working from home via communications links that are increasingly based on 5G networks. Companies that are more advanced in their digital transformation are telling us that their investment in technology, cyber security and resilience has paid off as they respond to the challenges to their operations brought by the novel coronavirus.
But these shifts have also placed intense scrutiny on cyber security. Because 5G networks connect many more devices than previous technologies, increasing the potential attack surface for cyber adversaries, there is a belief that is riskier than its predecessors. In truth, however, many of 5G’s anticipated vulnerabilities result from other elements of the ecosystem — notably the security of the end devices.
The good news is that the challenges to cyber security in 5G networks can be overcome, providing a solid basis for the innovation to deliver on its full promise.
As with any new technology, the introduction of 5G requires a revisit in an organisation’s approach to cyber security. However, this should not distract from planning for the 5G revolution and the significant opportunities it offers. In fact, by understanding and countering the risks specific to 5G, companies can build greater resilience, and use the technology as a powerful force to generate revenues and profit in their businesses as well as good in society.
Although consumers are excited by the prospect of downloading ultra-high-definition movies in seconds, the true benefits of the technology will manifest through a wide range of innovative applications. These may well change not only how we entertain ourselves but also how and where we work, how we move around, and how we keep ourselves healthy — with AI-enabled personalisation embedded in 5G applications playing a growing role. It will provide the bedrock for smart cities, Fourth Industrial Revolution [4IR] operating models, smart homes, smart transportation, smart healthcare and myriad other potential use cases.
Keeping 5G networks secure will be key to realising the full potential benefits for consumers, businesses and entire societies alike, and for ensuring the safety of end users.
A vital first step towards protecting any network against cyber threats — 5G included — is to understand where vulnerabilities might arise. Primarily, this is at the points of interconnection, where risks transition from one part of the network to another. With 5G, as with 4G, different companies are often involved on each side of these transitions, meaning a coordinated approach is vital to ensure security is effective from end to end.
All participants in the 5G ecosystem — including mobile operators, network vendors, system integrators and end businesses — should agree to identify, profile and assess the health of every component before it’s permitted to connect to the network, and, if appropriate, limit access to the 5G service based on this assessment. This can be achieved with a strategy grounded in the following elements:
The strategy will help organisations to work collectively to secure the 5G environment, while not overly impacting the ability of each business in the 5G ecosystem to serve its customers and interact with partners. A proven way of operationalising this strategy is to adopt a ‘zero-trust architecture’ (ZTA) approach. This is a comprehensive security model that addresses the ‘who, what, where, why and how’ when critical data and infrastructure assets are being accessed
Under a ZTA, security capabilities enforce policy and protect all users, devices, applications and data resources, and the communications traffic between them, regardless of location or connection method.
Companies that are supported by a zero-trust approach are well placed to build and embed cyber resilience in the 5G era. According to PwC’s latest Digital Trust Insights report, resilient companies get ahead with the following approach:
Together, these three characteristics enable an organisation to shift from a traditional disaster recovery/business continuity model to resilience by design — something that many companies will need to do as they navigate the COVID-19 crisis recovery. It is a proven way to secure organisations, operations and systems against cyber threats — and is as relevant and effective in a 5G environment as in any other.
The advent of 5G represents a shift in the cyber security landscape. It will be the medium through which the workflow and decision chains of the automated interconnected components in tomorrow’s critical industrial and societal networks will flow. Without it, the growing millions of connected devices would be effectively useless.
Against this background, nobody would question that effective cyber security across the 5G ecosystem is non-negotiable. Effective security in a 5G world requires every participant in the value chain to play their part. A zero-trust approach backed up by ‘resilience by design’ puts cyber security at the centre of every 5G deployment.
Doing so will enable a sound cyber strategy that will ensure companies can roll out 5G quickly and safely, enabling individuals, business and society as a whole to enjoy the potential of this powerful new tool confidently and securely.
For further information on cyber security and resilience in the era of 5G, download the full report Securing 5G’s future: Why cybersecurity is key to realising the full promise of 5G networks.
© 2017 - 2021 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Liability limited by a scheme approved under Professional Standards Legislation.