Here’s a headline you don’t see every day: the internet is getting more secure. But the advent of fifth generation (5G) communications technology gives us the opportunity to make that headline a reality. The transformation of previous generations of hardware-based communications cables, switches, and carriers into a fully cloud-backed and internet-based communications ecosystem will allow network architects to more broadly deploy security solutions, more easily customize security controls to the needs of different types of users, and more agilely respond to evolving threats. These outcomes are not inevitable, but BSA’s new policy agenda for 5G security, Securing 5G: A Call to Harness Software Innovation, provides a roadmap to achieve them.
The notion that 5G technology may improve security probably sounds counterintuitive. Public discourse has focused far more on risks than opportunities. For example, the US Cyberspace Solarium Commission’s final report, released earlier this year, asserted that:
The deployment of 5G systems will dramatically increase the “attack surface,” or the exposed routes through which malicious actors can threaten our networks. An exponential increase in the number of connected devices will more deeply embed the internet in our lives and may, in turn, lead to a rise in the everyday leakage of private data. Worse still, security vulnerabilities will spread into sectors not traditionally associated with cyberspace (e.g., transportation, agriculture, and health care) and thereby increase the risk of catastrophic systemic failures.
The risk of increasing attack surface – which is another way of saying that more devices and more people will be connected in more ways, expanding both the volume of data traversing networks and the potential for vulnerabilities in devices using them – is compounded by concerns around threats to the integrity of the supply chain for key 5G components, such as Radio Access Network (RAN) technologies.
The risks are real. But so too are the opportunities. Software’s unique role at the heart of 5G infrastructure can empower pervasive and customized security features that were impossible in previous generations; moreover, there is an opportunity to harness further software innovation to build on these inherent security advantages.
First, let’s consider how the software-centric design of 5G networks brings inherent advantages over earlier generations.
Previous iterations have relied upon hardware components that quickly become outdated. Such components have been built to last for decades, and their high cost has made it difficult for networks to modernize in step with evolving technologies. More advanced security solutions have been available but not deployed, and it has been difficult for network providers to replace equipment even when it is known to be vulnerable. 5G, on the other hand, will virtualize many network functions, replacing these hardware components with software and cloud services that can be updated constantly, ensuring network defenders have access to the latest security solutions and vulnerability patches without barrier.
Likewise, 5G improves upon key measures to protect individual users – user authentication and encryption – relative to earlier technologies. 5G incorporates 256-bit encryption as standard, a significant improvement over the 128-bit standard in 4th generation networks, and applies encryption to users’ identities and location. Each device will be uniquely authenticated, rather than just authenticating users as in 4G.
A third and powerful advantage of 5G networks will be the ability to created customized computing environments, wherein user access and security controls can be tailored according to the needs of individuals, organizations, or devices. Network slicing will allow, for example, industrial Internet of Things (IoT) applications to connect in a network environment with different security rules than IoT devices for personal use. Likewise, software-defined networking will allow creation of virtual workspaces with security controls tailored to individual organizations, or even the widespread deployment of private networks.
Each of these innovations holds tremendous potential for enhancing the security of our information and telecommunications networks. But we will not realize these gains automatically; achieving these benefits will require policymakers to invest in developing technology, standards, policies, and governance mechanisms needed to bring them to fruition. These steps – including harnessing software innovation, securing the 5G ecosystem, hardening the cloud, managing supply chain risk, and building smart, effective 5G governance – are laid out in detail in BSA’s new 5G security agenda.
Our agenda is built on the premise that securing 5G demands harnessing software innovation. Indeed, it is software innovation, including new ways of deploying cloud services, that underpin the inherent advantages discussed above. But achieving these advantages is only the starting point; software solutions will help us build on these advantages to address the potential risks identified by the Cyberspace Solarium Commission.
Specifically, software can provide solutions to thorny supply chain challenges, such as concerns about RAN technology. Virtualizing RAN by replacing complex and costly hardware with software components will foster a more vibrant, diverse supply chain in which technology providers can compete on the basis of security, not just lowest cost. Software will also power potent new security tools for the 5G environment, such as Artificial Intelligence (AI) engines that can comb through the vast volumes of data expected to transit 5G networks to identify and neutralize malicious traffic. And software and cloud services will be depended upon to secure edge computing environments, which bring the power of the cloud—compute, storage and networking services—closer to users and their devices.
Harnessing the potential of software means investing in the development of new technologies; working to establish open, interoperable, transparent standards; creating incentives for secure software development; crafting policies that embrace critical security technologies like encryption and AI; among other measures. Thanks to the software innovation at the heart of 5G infrastructure, 5G networks will have a running start on cyber defense. Doubling down on software solutions will help us realize the enormous potential of 5G technologies to transform business and society, safely and securely.
