5G deployments will bring new threat vectors

As 5G deployments expand, 5G networks will become an attractive target for criminals and foreign adversaries to exploit, according to the US Cybersecurity and Infrastructure Security Agency (CISA).

The agency has published a new research paper exploring the potential threat vectors of 5G infrastructure.

The paper identified three primary threat vectors — policy and standards, the 5G supply chain and 5G systems architecture.

On policies and standards, the report states that it is critical that international standards for 5G and related infrastructure are “open, transparent, and consensus driven”, and that nation states not be allowed to “attempt to exert undue influence on standards that benefit their proprietary technologies and limit customers’ choices to use other equipment or software”.

The paper also cites the risk that standard bodies may develop optional security controls that are not implemented by operators, which could introduce gaps in the network and open the door for malicious threat actors.

Supply chain risks meanwhile relate to efforts by threat actors to exploit technology supply chains for “espionage, sabotage, foreign interference, and criminal activity”.

CISA found that the 5G supply chain is susceptible to the introduction of risks like malicious software and hardware, counterfeit components, poor designs, manufacturing processes and maintenance procedures.

The introduction of counterfeit components to the 5G supply chain could result in compromised devices or infrastructure that leave end-user devices at threat of compromise.

On systems architecture, CISA found that 5G networks will use more ICT components than previous generations of wireless networks, which could provide malicious actors with other vectors to intercept, manipulate, disrupt and destroy critical data.

Coupled with legacy vulnerabilities from wireless architectures and the potential discovery of new weaknesses, 5G systems architecture could prove to be a key threat vector, the report states.

In addition, the enhanced security capabilities of 5G could be rendered moot by downgrade attacks, which would force users onto 4G networks so known legacy vulnerabilities can be exploited.

The findings from the research will be used to inform the implementation of the US National Telecommunications and Information Administration’s (NTIA) National Strategy to Secure 5G. One of the goals of the strategy is to address the cybersecurity risks to and identify core security principles of 5G capabilities and infrastructure.

The strategy also aims to promote the responsible global development and deployment of secure and reliable 5G infrastructure.

Image credit: ©stock.adobe.com/au/A Stefanovska