5G networks more vulnerable to cyberattacks, conference told
‘For a service provider, it’s not if I get breached, it’s when I get breached’
OTTAWA Next-generation 5G mobile networks are expected to connect millions of things, be they self-driving cars in need of real-time data or cows with collars that monitor livestock health. But the vast number of connections and the updated network architecture greatly expand the number of access points for hackers to attempt cyberattacks, a conference on 5G was told on Wednesday.
5G networks have 200 times more attack vectors, or paths to gain access to a network, compared to their 4G predecessors, Nokia’s head of product management security Patrick Rhude, one of the panellists discussing cybersecurity, said at the Canadian Wireless and Telecommunications Association event.
“The whole attack surface has really multiplied,” Rhude said.
Telecoms’ existing networks aren’t immune to cyberattacks, Rhude said, citing as an example an Asian mobile operator that detected a security breach last May — 240 days after malicious actors entered its system.
The difference with 5G is the magnitude of access points connected to the network, he said, adding that some Internet of Things devices can be hacked in 15 minutes. 5G networks are also more reliant on software, edge computing and cloud-native architecture, creating a huge increase in the interconnections within a network.
Charles Eagan, BlackBerry Ltd.’s chief technology officer, agreed the network complexity and the expanded physical attack surfaces present a challenge for securing 5G networks.
“I don’t want to be doomsday, but … I like to say we’re tripping over the start line of a secure connected world,” Eagan said. “We’re going to make it fundamentally more challenging as we move into 5G.”
BlackBerry, which has transitioned to security software from smartphones, recommends securing the supply chain and using trusted components as the first steps in securing a network.
“Make sure all the components you’re using have good pedigree,” Eagan said.
Both BlackBerry and Nokia executives agreed that it’s not enough to build a secure network, but that telecoms must constantly monitor security so they detect threats or breaches as quickly as possible.
“For a service provider, it’s not if I get breached, it’s when I get breached,” Rhude said.
The technical discussion on 5G network security comes amid a political debate over whether Canada should ban Chinese telecom giant Huawei Technologies Co. from its 5G networks.
Canada’s allies suspect Huawei of spying for the Chinese government, though it has strongly denied such allegations.
The U.S., Australia and New Zealand have all announced plans to block Huawei from the next-generation networks. The Canadian government is reviewing whether to do the same, with a decision expected in the next few months.
Tensions remain high after Huawei’s CFO was detained in Vancouver on behalf of the U.S.
Huawei, which has operated in Canada for a decade, has partnered with BCE Inc. and Telus Corp. to trial 5G technologies. Rogers Communications Inc. partnered with Ericsson for its 5G network, and Shaw Communications Inc. uses Nokia equipment. Canada’s Big Three telecom providers have all used Huawei radio equipment, although never in their network cores.
Huawei is one of three major 5G equipment suppliers, alongside Finland’s Nokia and Sweden’s Ericsson. Executives from Nokia and Ericsson both spoke at the 5G conference on Wednesday. Huawei, also a member of the wireless association, did not present this year.
CWTA president Robert Ghiz told reporters that Canada’s facilities-based carriers will abide by the federal government’s decision on Huawei. “Our members are very respectful of the regulations that are brought forward by the federal government, so we’re waiting to see what the federal government has to say on the issue.”