Have you experienced the 5G world yet?  5G is the successor to the 4th Generation cellular technology.  If you live in an area fortunate enough to already be equipped with 5G technology, and you own a 5G device, then you have seen this marvelous advancement in action.  Even if you do not own a fully “5G compatible” device, if you wander into an area that offers 5G services, you may notice that your network connection in the status bar at the top of your device indicates 5G, and the differences are noticeable.

To the novice phone consumer, 5G is remarkably faster than its predecessor.  The full benefits of owning a 5G compatible device include decreased latency, increased battery life, and high-capacity bandwidth.  To clarify, latency is often confused with bandwidth.  Latency is the lag between the sending of a command and the response from the receiving server, whereas bandwidth is the amount of data that can be moved along a communication path over a specified period of time.  This is often perceived as “speed” the most people.   Regardless of the technical distinction, the user experience of latency is one of “slowness” between when an instruction is sent, and when a response is received.  Think of it as the difference between the time it takes the information on your fitness tracker to match the display on its corresponding web console.  Few things are more damaging to an E-commerce business than the perception that a site is slow and unresponsive.  In our hyper-connected world, any slowness can mean the difference between a successful business, and a failed business due to customers visiting the competitor’s faster site.

5G will also enhance the user experience by enabling more devices to connect with no impact to latency, speed, or performance.  Similar to some of the early wired technologies, more connections could create bottlenecks that would result in slow response times.  Previous cellular technologies suffered the same congestion problems, again, increasing frustration.

The anticipated benefits of 5G include revolutionary changes to multiple services, offering advancements in communications for healthcare, critical infrastructure, and manufacturing.

In healthcare, an ambulance carrying a patient would have quicker access to health records that could save that patient’s life.  Other areas of critical infrastructure, such as the oil and gas industry and finance, will benefit from 5G technology.  The entire supply chain industry will be transformed through 5G as well.

There are, however, some challenges facing 5G networks.  A provider cannot just turn on a switch and start transmitting a 5G signal to its clients.  The required hardware is different.  First, the frequency at which the 5G signal operates is higher than previous cellular technologies, which has caused some to speculate about health concerns.  Second, antenna technology is advancing, but the demand for faster networking is outpacing those advancements.  Third, this higher frequency makes for a somewhat fragile signal strength, requiring more antennas, which need to be spaced at closer distances than the earlier generations of cellular antennas.

Cyber threats are also an area of concern for 5G technologies.  Even though the entire infrastructure is different from its predecessors, there are still security holdovers from the earlier communication generations that have not been addressed.

One area of concern is that device capability information is transmitted in advance of the application of any security.  Device capability consists of all the characteristics of the mobile device, including various features that may or may not be enabled on the device.  This weakness was demonstrated at BlackHat 2019.  The lack of security at that level opens up a device for a Man-in-The-Middle attack (MiTM).

Most people may consider a “Man in The Middle” (MiTM) attack as unimportant, saying, “so what is the big deal if someone can figure out if I am using voice dialing”.  Alternatively, a person may approach the MiTM attack with the attitude of “I have nothing to hide, so I have nothing to fear”.  However, attacks against individuals are not necessarily the concern here.  It is true that a person should be concerned about a password theft, or banking fraud perpetrated through a Man-in-The-Middle attack. If these types of attacks are amplified, such as was the case in the attack against the DYN DNS service in 2016, this is where the threat becomes very concerning.

As stated earlier, 5G can revolutionize some points of critical infrastructure.  An attack against that infrastructure through vulnerable 5G devices can result in damage, not only at a massive scale, but also in real-time.  For example, Imagine if every cell phone was used to launch an attack against a water treatment plant, or an electrical grid.

Years ago, one security researcher found a flaw in the automated wireless machines used to feed cattle.  This research was revealed in a presentation at EC-Council’s “TakeDown Con”, in 2016 at the University of Connecticut.  Rather than using that flaw to create chaos, he programmed the feeders to stop in the middle of their feeding rounds and perform a choreographed “dance” in the barnyard.  While comical, when these systems become connected on a 5G infrastructure, the potential disruption becomes less amusing, as demonstrated by his next research discovery; he further found that he could also access the vaccination machinery of some cattle ranches.  In doing so, he could adjust the antibiotic dosage provided to the animals.  Not only is this is a major threat to the food supply chain, but it could be carried out at random, at speeds that would evade detection.

The supply chain of 5G is also threatened in the sourcing of the equipment that will comprise the entire infrastructure.  At a meeting of the U.S. Senate Committee on Science, Commerce, and Transportation, representatives from leading manufacturers stressed the need to properly source the equipment that will compose the 5G infrastructure.  A failure to do so could result in security weaknesses at the very core of the systems.

The increased attack surface of 5G could also threaten autonomous vehicle technology.  As was demonstrated with the intrusion into an automobile’s on-board computer system, a simple traffic jam on a major thoroughfare could result in life and death consequences.  The future of entire cities could rely heavily on this new technology, exponentially increasing the risks.

Artificial intelligence (AI) could also be impacted by 5G attacks.  If AI can be used as a diagnostic healthcare tool, a compromise of that system could mean the difference between effective, or fatal treatment.

Of course, it is easy to postulate all the gloom and doom scenarios with any new technology, and in the discipline of Risk Management, it is part of the job description. To keep it all in perspective, it is important to note that it is not as bleak as it may initially sound.

The benefits of this new technology outweigh the risks.  Reflecting on the vulnerable cattle devices, the researcher also found that the same flaw that allowed access to the cattle’s feeding and inoculation machines could also be used to patch the vulnerability.  He patched the systems to prevent damage by malicious individuals.  With 5G technology, a patch could be applied at scale, and in real-time.

The coupling of 5G and Artificial Intelligence could serve as an automated inoculation system for many vulnerabilities.  Intrusion detection and prevention would be significantly improved.  As one philosopher pondered, what we need is a moral operating system.  A moral operating system, joined with a 5G and AI could change the entire security discipline.  Instead of the usual whack-a-mole style, reactive approach to security, new systems could use the agility of 5G not only in a predictive manner, but towards a self-healing posture.  This real-time resiliency could redefine the future of security.