5G: A secure technology?
Around two thirds of the world’s population, or roughly 5 billion people, are mobile subscriber and use the third generation (3G) or the fourth-generation (4G) wireless networks1. It enables the consumer to capture the full potential of smartphones and other smart devices. Nowadays the next generation (5G) is attracting a lot of public interests.
5G promises to transform the way people are using the internet. This technology has the ability to improve efficiencies at every level, increasing network bandwidth, speed and reach, while simultaneously lowering latency across almost in every area. Equipment makers and telecom operators are already rushing to test and roll out this next generation of wireless networks, which will be as much as 100 times faster than the today’s 4G standard. The new 5G networks are expected to enable the steering of driverless cars or doctors to perform complex surgeries remotely. Critical new services can emerge, such as remote health care, emergency response, and wide-ranging industry applications that will leverage the Internet of Things (IoT). All these novel services will depend on communication networks, and IT security is in our opinion the key enabler. We believe this will open up vast new possibilities for consumers, businesses as well as for governments. While the economics of 5G are still being worked out, proponents say the potential payoffs can be immense: Companies that own patents stand to make billions of dollars in royalties. Countries with the largest and most reliable networks will have a head start in developing these technologies, enabled by faster speeds. And the dominant equipment suppliers could give national intelligence agencies and militaries an advantage in spying on or disrupting rival countries’ networks.
Is 5G secure?
The most exciting part of 5G is how speed will change the internet. So far, it is simply about transporting data from point A to point B. Today’s internet-connected cars may be able to get driving directions sent to it, but it is essentially the same as getting an email, and that’s nothing else than the one-way transportation of pre-existing information. The autonomous car is vastly different: The 5G network allows computers to orchestrate a flood of information from multitudes of input sensors for real time decision-making. According to Richter (2017), connected cars can create up to 25 gigabytes of data per hour. As Fig. 1 shows, this amount of data is equivalent of nearly 30 hours of HD video streaming or more than a month’s worth of 24-hour music streaming .
Building 5G is not just simply building a network, but it is also about whether that network will be secure enough for the innovations it promises. Let’s take the example of autonomous vehicles again: When 5G enables autonomous driving, do we want those cars and trucks crashing into each other just because somebody has hacked the network? If 5G will be the backbone of breakthroughs such as remote surgery, should that network be vulnerable for somebody breaking into a surgical procedure?
In our opinion the evolving relationships between 5G networks, computing resources and end users will have a huge impact on IT security. The connective power of 5G means a greater number of network endpoints, resulting in more possible openings through which an attacker may penetrate the network. Once compromised, these openings can be exploited at a new speed and scale.
Potential threats range from critical infrastructure connected to a 5G network, including the electrical grid, water systems and fuel pipelines, and a breakdown of communications and massive service outages to unauthorized access to sensitive and private data. As processing power migrates to the edge of networks (i.e. edge computing) to serve new mission critical business applications2, the number of intrusion points will expand massively. As a consequence the security stakes are rising: With today’s 4G networks a large botnet could be used to mount a large-scale Distributed Denial of Service attack (DDoS attack) on websites. But in tomorrow’s 5G world the same botnet could take out an entire network of self-driving cars. The vast number of remote sensors and smart devices connected to global supply chains will radically increase the complexity of security networks. This combined with the enormous amount of data created by 5G will make it even more difficult to spot anomalies3. Recent studies have identified potential vulnerabilities in 5G network architecture that threaten to undercut its promises to drive a new era of innovation. In this context we want to highlight three papers:
- According to scientists from the ETH Zürich, the University of Lorraine/INRIA, and the University of Dundee, a new Authentication and Key Agreement (AKA) flaw was recently discovered that would allow cybercriminals to intercept 5G communications and to steal data. The AKA vulnerability could also cause a user to get wrongfully charged for a third party’s usage of the 5G network4.
- Another study conducted by the European Union for Network and Information Security (ENISA) identified flaws with two signaling protocols in 2G, 3G and 4G networks (so-called SS7/Diameter), which could also appear in 5G networks. The signaling protocol’s vulnerabilities could allow the network traffic to be eavesdropped or spoofed, location intercepted, or used to disconnect a target’s phone from the network. Additionally, ENISA warns that the use of common internet protocols (such as HTTP) in 5G networks means that when vulnerabilities in those protocols are discovered, the software flaw could be transferable to mobile networks as well5.
- Finally, Positive Technologies Inc., a global provider of enterprise security solutions, examined the vulnerability of mobile networks. According to the authors currently no mobile network is secure, subscriber data is in jeopardy and no operator (either big or small) can guarantee a secure network. In their study the researcher launched several cyber attacks and managed successfully to execute 80% of Denial of Service attacks (these attacks lead to a disruption of operations), 77% of data leakage attacks and 67% of fraudulent actions6.
Implications and conclusion
5G could open up new security challenges. As this new mobile network begins to roll out, organizations are increasingly looking for service providers who are able to offer a resilient network with robust cybersecurity mechanisms in place to secure their connected customers and make sure applications and services that come across their networks are clean and secure. In a survey conducted by Ericsson, which included the Top 20 global mobile service providers, 90% of the respondents identified IT security as a key differentiator in 5G adoption7. 5G security vulnerability fuels operators’ business risk to offer reliable and secure availability of life-critical consumer applications and business-critical enterprise mobile services. Establishing a high reputation will be critical for mobile network operators. Therefore we think there are two implications for investors:
- First, the growing awareness of novel 5G security vulnerabilities will surely accelerate the efforts to protect the communication networks. The current challenges are unspecified cybersecurity goals and there is a lack of precision in the definition of standards8. In our opinion key 5G security initiatives should include tools based on artificial intelligence (AI) with the aim of identifying threats quickly. Other open areas that need to be addressed are questions about access control and how an integrated security architecture can adapt to the changing network environment.
- Second, 5G security requires a new holistic and transformative approach: Prevention becomes more critical than ever. An increasing level of security automation is needed as well as the integration of big data analytics. As of today we believe the rollout of 5G is unchartered territory and unforeseen consequences might happen. Therefore we think new 5G security solutions will directly benefit specialized IT Security companies.
In our opinion IT security is a fundamental enabler for 5G. With its proliferation we think new companies with cutting edge technologies are well positioned to capture market share from established incumbents. We expect these trends highlight the need for a best of breed approach. Very often the providers of such products and services are young and innovative companies in the small and mid cap world. We think IT security-related issues are becoming increasingly omnipresent in our daily lives and the implications from the ongoing digitization of our society are becoming more critical.
As long-term oriented investors we think the theme security and safety in general are compelling long term secular growth themes for patient investors. Based on these convictions we are shareholders of a number of young and innovative companies which are developing novel security solutions in 5G and IoT. Companies that delivers cloud-grade scalability, visibility and control with advanced protection for mobile networks as well as in the field of next-generation firewalls are in our opinion well positioned.