Skip to main content
Journal Magazine: Informing Workplace and Facilities Management Professionals - return to the homepage Journal magazine logo
  • Search
  • Visit Journal Magazine on Instagram
  • Visit Journal Magazine on Twitter
  • Visit @Journal_Mag on Facebook
Visit the website of the Chartered Insurance Institute Logo of the Chartered Insurance Institute

Main navigation

  • Home
  • News
  • News analysis
  • Features
  • Study Room
    • A-Z
    • Question and Answer (Q&A)
    • Study Room Features
  • Opinion
  • CII Radio
  • Events
  • Digital Magazine
    • The Asia-Pacific Journal
Quick links:
  • Home
  • Opinion
Risk

5G risks

Share on
  • Twitter
  • Facebook
  • Linked in
  • Mail
  • Print
Open-access content Monday 21st June 2021
Authors
Mark Hawksworth
web_cyber-attacks_credit_Fit Ztudio_shutterstock_1902776437.png

Mark Hawksworth examines 5G networks and their increased exposure to cyber attacks

Cyber and ransomware attacks are on the increase with experts estimating that the yearly cost could increase to as much as $6tr (£4.3tr) by the end of 2021. The introduction of 5G across the UK is seen as vital for our economic growth but it also provides criminals with another opportunity to exploit. 

Kinetic cyberattacks refer to a class of attack that can cause direct or indirect physical damage, injury, or death solely through the exploitation of vulnerable information systems and processes. 5G networks have a larger attack surface which will have greater consequences for business than just data breaches alone and will leave UK business exposed to Kinetic cyberattacks. 

We have seen recent reports of cyber kinetic attacks on infrastructure and institutions including transit, power plants, water facilities, oil pipelines and hospitals. The attacks demonstrated the collateral damage that can occur when a group seeking to monetarise an attack (in this case using ransomware) actually resulted in the operator going off-line due to the nature of the network damage sustained.

The evolution of cyberattacks has now resulted in monetarisation moving to a data exfiltration model. There is an increased potential for threat actors to unlawfully access 5G devices and stored data

New threats

Kinetic Cyber is not new, it is just far more likely on 5G networks, which has the potential to introduce new threats and make existing threats worse.

5G networks will underpin equipment controlling physical functions such as traffic flow control, power, emergency services and building management systems; they
have been designed to move away from traditional centralised, proprietary hardware-based switching to software based digital routing. This most recent communication generation seeks to use an entirely new transport vehicle by moving to more mainstream commercial off-the-shelf (COTS) servers running open-source software stacks, with the advantage that these new systems will be more economic to buy and operate.

These changes in architecture and hardware (over previous generations) remove natural constrictions, where hardware-based security had been traditionally implemented. 5G replaces historic hardware controls with software-based network functions, which provide external actors with a larger digital surface to attack.

Even if a new technology could be introduced that made it possible to adequately handle vulnerabilities within the network, 5G networks are also managed by software, which is also vulnerable to attack. The networks are connected by application programming interfaces (APIs) and 5G will use APIs to enable communications between service functions. Insecure APIs can expose core services to attack and place the entire 5G network at risk. Rather like attackers who currently seek out network administrative accounts, threat actors who gain control of APIs could gain control of the network.

Cyber risk on 5G is further compounded by the need for end users to take greater responsibility for their own security at a time when the external attackers have the upper hand. With increasing communication speeds coupled with weaker security end users will have a greater exposure in the short to medium term. The evolution of cyberattacks has now resulted in monetarisation moving to a data exfiltration model. There is an increased potential for threat actors to unlawfully access 5G devices and stored data. Automatic scanning of any compromised devices will allow the attackers to quickly identify any data of value which can be removed from that device for monetarisation at some point in the future. 

Looking at larger systems, organisations hold an increasing amount of personal data on their networks. This poses a risk to people’s rights if data held on these network devices have data exfiltrated from that device which then allows for it to be monetarised by either extortion or threat of publication. 5G will bring end users much closer to real time / video-based services, however, these advantages come with increased risk, risk that is essential we understand and manage.  

Mark Hawksworth is global technology specialist practice group leader at Sedgwick International UK

Image credit | Shutterstock
Also filed in:
Opinion
Risk
Topics:
Cyber
Cyber Secutiry
Technology

You might also like...

Share
  • Twitter
  • Facebook
  • Linked in
  • Mail
  • Print

Today's top reads

BECOME A MEMBER

BECOME A MEMBER

SUBSCRIBE TO PRINT

SUBSCRIBE TO PRINT
The-Journal_NEW.png
​
FOLLOW US
Twitter
Facebook
Youtube
CONTACT US
Tel: +44 (0) 20 7880 6200
Email
Advertise with us
​

About the CII

About us
Membership
Qualifications
Events

The Journal

Digital magazine
Podcasts
Blog
News

General Information

Privacy Policy
Terms & Conditions
Cookie Policy

Get in touch

Contact us
Advertise with us
Write for The Journal
Want to receive The Journal?

© 2022 • The Journal Magazine is published by Redactive Media Group. All rights reserved. Reproduction of any part is not allowed without written permission.

Redactive Media Group Ltd, 71-75 Shelton Street, London WC2H 9JQ