5G networks are expected to play a crucial role in shaping the future digitalization of our society and economy. 5G functionality will extend beyond mobile communication services – it has the potential to enhance Intelligent Automation, Virtual Reality and bring us the so-called Internet of Things. Thus, successful 5G implementation might prove to be a decisive factor in ensuring future competitiveness for companies and national governments.
However, our enthusiasm for the new technology should go hand in hand with proactive security measures – new technological capabilities will also bring new security concerns. Given the potential impact of 5G, adequate security measures are a matter of national (and EU-wide) importance.
During Riga Security Forum, we invited several industry experts to discuss questions related to this pivotal topic:
- Kristiāns Teters (CERT IT Security Specialist)
- Evijs Taube (LVRTC Board Member)
- Kaspars Pollaks (LMT Head of Business Area Defence and Public Safety)
- Jesper Olsen (Palo Alto Networks Director & Chief Security Officer in Northern Europe)
5G in the contemporary geopolitical context
In 2019, EU’s Network and Information Systems Cooperation Group published a report on 5G cybersecurity. The report recognized the potential benefits of 5G – but also identified certain security concerns associated with implementing the new technology. The report emphasized risk scenarios arising from the following factors:
- Insufficient safety measures, such as improper configuration of networks and lack of access controls
- Potential supply chain issues – insufficient supplier diversity and low quality of provided products
- Operational risk scenarios – potential state interference or network abuse by organized crime groups
- Interdependence issues – disruption of the network due to support system issues (for example, arising from electricity supply failures or such incidents)
- End user risk scenarios – exploitation of devices used in the network
The report identified the risk posed by state (or state-backed) actors as the most significant one since they are most likely to have the incentive and the necessary resources to conduct attacks on 5G networks.
This argument has only gained strength since the publication of the original report. Recent geopolitical developments, namely the Russian invasion of Ukraine, have confirmed fears that cyberattacks can be used by non-EU-aligned countries to act against their national interests. Amidst these tensions, the topic of 5G security risk mitigation has become especially important.
According to Kristiāns Teters, CERT has been working hard since the invasion to ensure the security of Latvian cyberspace. Threats such as DDOS attacks are a daily occurrence, and the fact that the general public may not be aware of it attests to the efficiency of the countermeasures in place. Kristāns thinks that we are adequately cyber-resilient at the moment, but the question is – will 5G disrupt this equilibrium?
Kaspars Pollaks also has some insight to offer from following the conflict in Ukraine. According to him, civilian communications are being increasingly used on modern battlefields. In Ukraine, military radios are giving way to apps such as WhatsApp and Signal since these means of communication have less risk of being intercepted by the enemy. Julia Gifford notes that we are effectively observing “the smartphonization of war”.
In previous decades, we could often witness a trend of military technology (like satellite communication) being adopted by civilian industries. In this case, we can observe the opposite. Kaspars refers to the concept of network-centric warfare, which postulates that information advantage can be a crucial element in achieving a competitive advantage on the battlefield. There is no doubt that 5G technology will play an important role in this end.
However, these new solutions will also certainly bring associated security challenges. Jesper Olsen of Palo Alto Networks emphasizes it will likely involve “New requirements for connectivity across different sets of military networks.”
The potential use of third-party network suppliers also invites new vulnerabilities. According to Jesper, “Expansion in one area requires expansion in another area.” Namely, all the potential communication advantages will have to be supported by adequate security measures. That may yet prove to be a formidable challenge.
5G: the great expectations
Innovations such as 5G are often accompanied by a wave of optimism, which is only natural given its potential. According to Jesper, this mentality sometimes leads companies to overlook the security challenges in adopting new technologies. 5G is no exception, and Jesper emphasizes that there are still plenty of security concerns associated with the new network.
A key term emphasized by the panelists is “resilience”. Future networks will not count for much unless they are dependable for everyday use and able to withstand most potential outside threats. In general, a network can be defined as reliable if it’s continuously available for use, performs as expected and can recover from any disturbances in short order. This will also be the benchmark for the 5G network. The public will also want to be assured that there are no privacy concerns.
Will 5G perform in line with these expectations? Cautious optimism might be warranted in this case. Since Palo Alto was the first company in the world to offer a 5G-native security solution, Jesper has some insights to offer. According to him, the primary challenges were related to the prevention of known and unknown threats and response capabilities – so, in principle, nothing new compared to security concerns we had with previous network generations.
It was a logical choice for Palo Alto to move into this new territory based on the extensive knowledge gained from working with previous technologies, which made them realize that security components had to be implemented in the new network from the very beginning.
Skills for quantum future
The future also promises new challenges beyond enhanced network capabilities. Evijs Taube of LVRTC thinks quantum computing will be one such case. In layman’s terms, quantum computing will offer new capabilities for solving certain problems, such as factoring very large numbers. However, this will likely prove to be a double-edged sword – new capabilities will also create corresponding exposure risks.
Quantum computing might profoundly change the cybersecurity landscape since these computers will be capable of swiftly breaking the existing encryption methods. Although we might be a decade away from widespread adoption of this technology, organizations should already start thinking about what it will mean to existing implementations of encryption, according to Jesper. Building and securely implementing a strong defense algorithm can take 10 or even 15 years. It’s a strategic race that will award early adopters and those taking a proactive approach.
Quantum computing also raises a related question – that of talent. Who will be working to implement and oversee these increasingly sophisticated technologies? The development of future networks is likely to require an impressive number of well-educated specialists. A shortage of skills could lead to a bottleneck, which might slow down the effective adoption of these innovations.
To that end, all panelists agreed that investing in the necessary skills is a must. Universities should provide education that prepares students to work in the most technologically advanced environments. And perhaps sometimes it’s not a question of formal education – Evijs stated the importance of recognizing talented people (who might yet not have any credentials) at an early age as they can often provide a fresh perspective and think outside the box.
After all, the Baltic countries can’t boast of a high population, so investing in a skill-based education and economic development is a sensible approach for this region.
Promoting a flourishing tech innovation ecosystem
Having discussed matters related to different aspects of the future networks, we might ask – is there a point where all these perspectives converge? The answer can be found in the term “ecosystem”. When referring to tech innovation and implementation, ecosystem refers to all the elements that work together to make it a reality. It’s an interconnected environment that consists of institutions, cultural values, technological know-how, companies and people working in the relevant fields. The right combination of these elements allows technologies to flourish. The question is – how to foster this kind of environment?
The panel discussion hints towards some values that can help achieve that. First, a forward-thinking mentality – pursuing promising innovations from their inception and swiftly reacting to new trends. That brings us to the second value – these efforts are more likely to succeed if they are collaborative, with private and public sectors working together, cross-industry knowledge sharing taking place, and governments working in tandem with the citizens.
And last but not least – Neils Kalniņš, Director of 5G Techritory, makes an important point: in pursuit of future networks, we shouldn’t forget that it’s ultimately about connecting together people. The pursuit of technology is not a goal in itself but means by which to create a safer and more rational world.
Join 5G Techritory 2022 on November 29-30 to hear other experts and key players involved in 5G development.