The 80s witnessed the launch of the first generation of mobile data, and the world of wireless telecommunication was never the same again. What first started as data transmission through noisy, analogue signals on large, clunky devices that could barely be called ‘mobile’ – graduated to a 4G network boasting of download speeds close to 100 Mbps, impeccable security and encryption, and top-notch latency, in less than 4 decades. A little over 10 years after the first 4G prototype was introduced, we are today standing at the cusp of 5G architecture, a telecom revolution that redesigns everything from the internet to telecom networks. This innovation also brings with it data security challenges that were thus far absent.
While the intermediate upgrades from 1G to 4G were huge leaps in technology for their time, the bare bones of their structure remained pretty much the same – with an enhanced hardware framework each time. This meant that data protection protocols remained securely bound to the hardware, inaccessible to any external systems and therefore protected.
One of the more significant milestones that 5G architecture brings is the replacement of hardware with software, in a much more permanent manner – one that ensures future upgrades to be largely digital, without the need to break down and build back physical networks each time, making it about as easy as installing a new software update on your phone.
Data speed vs data protection
This new era in technology definitely brings with it several opportunities in areas such as healthcare, manufacturing and transport. However, as we study the potential data protection risks it poses on businesses and consumers more deeply, researchers have realised that the 5G architecture is also making itself an increasingly attractive target for cybercriminals. This anticipated data risk stems from the fundamental fact that by virtue of being an entirely digital system, 5G offers a larger surface area for hostile agents to work with.
This is a side effect of benefits like lower latency, increased bandwidth, the consequent increase in volume and diversity of data, and compatibility with I0T devices. The built-in safeguards that older networks up to 4G had by the way of ‘choke-points’ – hardware components that had the ability to halt malicious attacks on consumer and business data – have now been removed from the upgraded versions altogether, and largely replaced with software.
A glaring error on an organisational level here is treating 5G data security requirements the same as those for 4G – something that needs to be fundamentally rethought both on the physical and virtual planes of the system. One of the perks of 5G is greater functionality of new IoT devices, which means spreading the network security thin across multiple connected devices and networks – not all of which are built with equal security measures or regulations – making data on the systems particularly vulnerable to cyber-attacks.
Divide and Protect
One of the effective ways to combat this is network slicing – segmenting data into smaller groups and isolating them to separate subnetworks during transmission and follow that up with unique user authentication for each slice. Of course, organisations need to design their 5G infrastructure in a way that supports such data separation and management.
Another approach is adopting a zero-trust framework that reduces the risk and impact of attacks through the independence of user privileges and processes, therefore creating a more resilient and data-secure environment for the organisation and consumer alike. The ‘never trust, always verify’ approach enforces contextualised and risk-based access decisions to limit the available attack surface for data on 5G systems.
As the implementation of 5G architecture expands, so will the potential and vulnerability of business and consumer data to cyber-attacks. In addition to designing secure 5G infrastructures, it’s important to foster a cyber-aware culture with proper governance and leadership. Eventually, cybersecurity frameworks need to be integrated with business strategies, instead of operating in a silo.
As the race for acquisition and deployment of 5G technology ramps up, it will be equally important to build security for customers and businesses simultaneously, to make this break-through technology one that is accessible and safe for everyone.
(This article is written by Barry Cook, Privacy and Group Data Protection Officer – VFS Global. The views expressed in this article are of the author.)