Telecommunications networks have laid the foundation for the technologies that the world depends on. Owing to their scale and criticality, mobile operators have become a major target for cyber-attacks. The data boom that accompanied 4G created vast amounts of valuable data for the telecommunications industry and the same can be expected at a much larger scale with the proliferation of new technologies like 5G and IoT. Specifically, 5G’s network design brings about a number of upgrades to the network infrastructure that consequently implies network security challenges that require careful and effective mitigation.
1. Cybersecurity concerns posed by 5G
5G entails several infrastructural modifications to traditional telecoms networks that could pose increased security risks. The most critical security risks / concerns posed by 5G are as follows –
Figure 1: Key cybersecurity concerns posed by 5G [Source: Analysys Mason]
Among the security risks highlighted above, a key risk that needs to be elaborated on is that the distinction between core and edge networks is expected to diminish with the advent of 5G. Due to its network design, sensitive functions that are currently performed in the separated core are expected to gradually move closer to the edge of the network. This is believed to provide ways to circumvent traditional security controls affecting the overall network integrity, availability as well as the confidentiality of customer data.
2. Steps taken by global 5G leaders to address such concerns
In order to address these network security concerns, careful and effective risk mitigation is required. Governments and telecom regulators typically establish regulations on cybersecurity, however, only a handful of countries have taken notice of the increased security requirements of 5G and addressed the security gap. Australia, the United States and Germany are among the countries leading the charge to develop stricter cybersecurity regulations for 5G.
Figure 2: Shift of sensitive functions from the core towards the edge due to 5G [Source: Analysys Mason]
Owing to the increased security requirements of 5G, in August 2018, the Australian Government’s Department of Home Affairs released regulations regarding cybersecurity titled ‘Telecommunications Sector Security Reforms’ (TSSR). The key elements of the regulation include:
In October 2019, the German telecommunications regulator Bundesnetzagentur published a new draft catalogue with security requirements. It require providers of telecommunications services to prepare and implement appropriate security measures, with the objectives of protecting communications secrecy, preventing data breaches, preventing network and service interruptions and manage security risks.
While 5G and international security concerns might be the catalyst for these requirements, they will be applied across all networks and communications infrastructure moving forward, as well as all vendors. The following security requirements are planned for the telecommunications networks:
2.3 United States of America
In July 2019, the US’ Cybersecurity & Infrastructure Security Agency (CISA) released a Critical Infrastructure Security and Resilience Note pinpointing the security concerns that the agency identifies for 5G. The agency highlighted that the use of 5G components manufactured by untrusted companies could expose US entities to risks especially since the technology will use more components than previous generations of wireless networks.
The report suggested several measures the US Government could take to reduce the risks of deploying a 5G network including:
2.4 Summary of the measures taken
There are several overlapping objectives and procedures that have been observed in the steps taken by the three countries. Each have clearly highlighted the underlying concerns and objectives of the new requirement including consumer protection, business protection and/or national security. Moreover, the areas of focus within these requirements include codes of conduct, monitoring obligations, choice of vendor/supplier, standards of equipment, staff and stakeholder measures and notification requirements.
The figure below highlights the commonalities in the approach taken by Australia, USA and Germany to address 5G cybersecurity concerns.
Figure 3: Measures taken by the three countries for 5G cybersecurity
9th May 2022
“Thriving with Resilience & Integration in the New Opportunity Realm”
Innovation and Resources for the 5G Era
Leaders' Summit 2022
The SAMENA Council Leaders’ Summit 2022 addresses critical issues of the ICT industry and emphasizes on collective leadership approaches
SAMENA Telecommunications Council at MWC22 highlights importance of key recommendations and outcomes of the UN Broadband Commission’s WG on 21st Century Financing Models to close the connectivity gap
TRA Bahrain - Public Consultation for the Purpose of Amending the Regulation on Permitting, Installation, Upgrading and Maintenance of Public Radiocommunications Stations
CITC - Public Consultation On Amateur Radio Service Regulations
CITC - Public Consultation On The Spectrum Use Regulations of Space Science, Radio Astronomy and Meteorological Services
CITC - Public Consultation On Information Memorandum for Spectrum Auction in 2100 MHz for Non-Terrestrial Networks
Accelerating Fiber & IPv6+ Deployment to Catalyze New Business and GDP Growth
October 20 | Dubai UAE
Measuring digital development:
Facts and figures 2021
Digital Economy Report 2021
Cross-Border Data Flows And Development: For Whom The Data Flow
The State of Broadband 2021:
People-Centred Approaches for Universal Broadband
21st Century Financing Models for Bridging Broadband Connectivity Gaps
stc academy offers educational programs for gamers and game developers this gamers season
stc boosts the 5G network capacity by over 60%