As I write this, the US Government is currently shut down over the building of a border wall. Now, there are some wide differences in opinion as to whether this wall is needed, but I think most people, even in these divided times, understand the importance of security. While this is applicable to a country’s borders, it is equally applicable to our data.
Considering the continuation (and acceleration) in the growth of data expected to cross wireless networks, one has to wonder why we aren’t paying more attention to some of the potential security issues with the upcoming launch of 5G.
Now, I am far from a security expert and I am definitely not saying that underlying network infrastructure that will power 5G is inherently insecure. There are some pretty smart people who have installed many different security procedures, encryption services and authentication servers to keep it safe. However, some security experts are raising concerns about 5G that are unique, and I am not sure if everyone is listening.
According to Patrick Rhude, Nokia’s head of Product Management Security, 5G networks offer 200x more “attack vectors”, which is another way of saying that there are 200x more different ways for a hacker to gain access to a network, than 4G. Rhude goes on to point out that this is due to the heavier reliance on software, edge computing and cloud-based infrastructure. Ironically, according to Lowell McAdam (CEO of Verizon), this is a selling feature, as the move to put processing power into the cloud (and not on the phone) will be the reason why 5G smartphones will experience extraordinary battery life … up to one month between charging!
However, where does this leave us? The idea behind 5G was to lower the latency of the network (and increase the throughput speed) to the point where real-time surgery and autonomous driving were commonplace. It is also to move vital traffic, such as health records and more, to cellular. Are we going to be able to secure 5G networks to the point where people will feel safe to use them?
Time will tell, and there are some much smarter people than I am working on this. I do think that companies need to take their own precautions … using end to end encryption, keeping key traffic off of the public Internet and the usual care of security remote devices (with non-default passwords) is a good start. And, we need to press our politicians and policy makers to keep the pressure on network carriers and equipment providers to constantly stay ahead of the bad guys …