The 5G paradox: Why increasing IoT efficiency creates new security risks

Apr 08, 2024

Articles / Analysis

With the advent of 5G, the number of connected internet of things (IoT) devices in service is expected to explode from an estimated 16.7 billion in 2023 to 25.4 billion by 2025, according to Statista. The good news is that faster networks will improve the speed at which devices can move data. The challenge is that this stands to create massive new attack surfaces for malicious actors simply due to the sheer number of new opportunities.

5G offers a number of obvious advantages over previous generations of cellular networks, including increased speed, bandwidth and capacity. However, these advantages also make 5G devices more vulnerable to attack. “5G is going to open up a whole new world of possibilities for IoT, but it’s also going to create new security challenges,” said John Kindervag, VP and distinguished analyst at Forrester Research. “Organizations need to be prepared to address these challenges if they want to reap the benefits of 5G.”

Additionally, 5G also will speed up the attacks on enterprises that use the IoT inside their corporate systems. The challenge now is for enterprise security to become faster than the attackers, and that has yet to happen on a widespread basis.

Here are categories of key vulnerabilities likely to happen with IoT systems riding the 5G rails:

To monitor and mitigate these risks, organizations need to take steps to secure their IoT devices and networks. This includes some obvious – and some not-so-obvious – factors, such as the following:

Enterprises should be proactive in protecting their data by using a security package that can detect and prevent IoT attacks. Cisco, Fortinet, Microsoft, Palo Alto Networks, Crowdstrike, Check Point, McAfee and Kaspersky are among the 2023 market leaders in this sector.

Zero-trust network access (ZTNA) is one of the technologies that can be used to mitigate IoT security threats in the 5G world. This new-generation security architecture provides secure access to applications and services based solely on user identity and context — even if users are already inside the network.

In addition, ZTNA can also help to improve the performance of IoT devices by reducing the amount of traffic that needs to be routed through the network core. This is because ZTNA allows enterprises to establish direct connections between IoT devices and the applications they need to access, further bolstering security. This can improve performance and reduce latency, which is especially important for time-sensitive IoT applications.

“ZTNA is the future of network security for 5G enterprise networks,” said Michael Osterman, principal analyst at Osterman Research. “ZTNA provides a more secure and scalable way to access applications and data, and it is essential for protecting sensitive data from unauthorized access. As 5G networks become more widespread, ZTNA will become increasingly important.”

5G new radio (NR) introduces a new security architecture for 5G that is designed to be stronger and more scalable than previous generations of cellular networks. This architecture includes a number of new security features, including end-to-end security — all communications are encrypted from the device to the network; security edge protection proxy — a new network element that helps to protect the network from threats; and a new key management system designed to be more secure and scalable than previous systems.

Overall, 5G NR offers a number of improvements over previous generations of wireless networks, including higher speeds (capable of peak data rates of up to 20 Gb/s); lower latency (designed to have latency of less than 1 millisecond); greater capacity; and stronger security.

5G stand alone (SA) does not rely on 4G LTE for control signaling, unlike previous generations. This makes it a more efficient, secure and scalable architecture, and it allows 5G to be used for a wider range of applications. This can lead to improved performance and lower latency – good attributes for security. 5G-SA is more scalable than 4G LTE, which means that it can support security for more devices and applications, which is important for applications such as massive IoT and virtual reality.

The U.S. government is keenly aware of the ongoing need to protect IoT networks in the 5G age. A coalition that includes the White House, the Federal Communications Commission and several prominent electronics and appliance manufacturers and retailers introduced the new U.S. Cyber Trust Mark program.

The new program, scheduled to be enacted in 2024, would raise the bar for security across common devices, including laptops, smartphones, smart refrigerators, smart televisions, smart climate control systems, smart fitness trackers and many other IoT devices.

It is intended to improve IoT security in a 5G world by providing consumers with a way to easily identify secure IoT devices. The Cyber Trust Mark will be a visual indicator that a device has met certain security standards, based on the National Institute of Standards and Technology (NIST) cybersecurity framework. This will help consumers to make informed decisions about which IoT devices to buy, and it also will help to reduce the number of insecure devices in the market.

Security provider BlackBerry’s recent study found that for millennial (86%) and Gen Z (80%) respondents, a cybersecurity star rating would make them feel safer when using IoT-connected devices. It also revealed that nearly half (42%) of millennial and Gen Z buyers (44%) have IoT devices not connected to the internet due to security concerns.

Under the Cyber Trust Mark program, consumers would see a newly created Trust Mark in the form of a distinct shield logo applied to products meeting established cybersecurity criteria. It would use stakeholder-led efforts to certify and label products, based on specific security criteria published by NIST that, for example, requires unique and strong default passwords, data protection, software updates, and incident-detection capabilities.

NIST also will begin an effort to define security requirements for consumer-grade IoT routers — a higher-risk type of product that, if compromised, can be used to eavesdrop, steal passwords and attack other devices and high-value networks.

The Cyber Trust initiative is designed not only to help users safeguard their own current devices but also to raise awareness about using the same type of security in the new 5G devices they will be purchasing.

This is Part 1 of a three-part SDxCentral series on 5G security. Part 2 will examine network slicing and Part 3 will take a close look at 5G private networks.