(Written by Martyn Warwick for Telecom TV, 19/02/2018. To read the article on the Telecom TV website, click here).

  • 5G security threats more extreme and daunting than anything ever before
  • But commercial pressures to launch 5G services is trumping known security shortfalls
  • New security standards and protocols still a year and more away…
  • … and retro-fitting them will be impossible

As they say in some states south of the Mason Dixon line, “its a bucket of frogs to a bottle of soda pop” that 5G is going to feature big time next week at Mobile World Congress 2018 in Barcelona. The hype machine has already been cranked into overdrive and you can bet your bottom dollar that massed ranks of 5G evangelists lined up in various big tents emblazoned with big shiny logos will be hymning the technology’s praises to the heights and doing everything they can to convince delegates, journalists, the public and each other that 5G is the answer to any communications technology question that anyone could possibly ever ask.

And so it might prove to be – if the industry can tone down the over-exuberance a bit and the operators can bring themselves publicly to admit that the security of 5G networks is a problem of the first magnitude.

The security challenges facing operators and service providers of 5G networks are bigger, more extreme and more daunting than anything the industry has even seen. Security is absolutely fundamental to the successful delivery of 5G networks across a wide range of industry verticals and the array of cyber threats that the likes of e-health services and connected cars could face, will, literally, be a matter of life and death. That’s why operators will have to – must – invest enough time, effort and hard cash to ensure that 5G network security is strong enough to cope with the challenges and attacks that are certain to come.

There are some industry players who believe that the commercial imperative and impetus behind the 5G hype is so intense and far-advanced that operators are in cut-throat competition and vying with one another to be the first on the scene with new services that, while snazzy, appealing and potentially highly lucrative will also be inherently insecure and wide open to a multiplicity of potentially disastrous attacks and invasions.

One such critic is Steve Buck, the CEO of Evolved Intelligence, the Bristol-UK headquartered, provider of security and analytics services and solutions to the mobile comms sector. Speaking at a journalist-only gathering in London on Friday last, Mr. Buck said, “Unfortunately, bragging rights and commercial pressure overcome security every time – or at least they have done with the launch of every other generation [of mobile technology] we’ve witnessed.” He added, “For 5G, security is even more fundamental. You can’t be talking about things like driverless cars, smart surgery, IoT technology and so on without also talking about the security side of things. It’s very worrying.”

Steve Buck says that while the industry’s 3rd Generation Partnership Project (3GPP) and the GSMA are, even now, in the process of defining the standards for the SEPP security proxies and protocols that will be the gatekeepers for 5G networks, their deployment is still at least a year to a year-and-a-half in the future and operators are already under immense commercial and financial pressure to launch 5G services without SEPP being finalised.

This, he reckons, is a recipe for disaster: “Building security into 5G is vital from the outset”, he says, “and the percentage extra spend to make 5G secure is marginal given the costs already committed to network infrastructure roll-out. We need to plan now because it is all but impossible to retrofit security once a 5G network is up and running.”

We know that 5G, when it comes, will use mobile clouds, SDN and NFV to provide the capability for massive connectivity and network flexibility at manageable cost and by now there can be little residual doubt that 5G will confer huge benefits across multiple vertical industrial sectors.

However, security in (and of) 5G networks lags a long way behind the ability of operators to launch new services and apps and given that service providers want to begin to make a return on their expensive 5G investments from the very moment they come on stream, there is a distinct possibility that the absence of sufficiently sophisticated and robust security will result in catastrophic malicious attacks and incursions that could have the gravest consequences not only for operators, enterprises and individuals but, in extremis, also for entire countries.

When rogue agents bring down a national power grid, cripple hospitals and health care networks and steal the data and identities of hundred of thousands or perhaps even millions of people, it’ll be too little too late for the operators to apologise and promise to put things right after the event. They won’t be able to do so and they themselves probably won’t be around for long afterwards. Some CEOs and top executives might eventually find themselves in jail though.

Steve Buck will expand on his argument in a “5G Reality Check” presentation he will give at Mobile World Congress next week. His trenchant views based on a deep understanding of network security and years of frontline experience in the mobile sector should make for interesting listening as we live through interesting times.