Unsafe At Any Speed: Multiple Vulnerabilities Afflict 5G

The coming network needed for autonomous vehicles, virtual reality, and the Internet of Things will also bring cybersecurity danger.

US government agencies, especially the military, need to be wary of embracing 5G network technology, despite its benefits, simply because so many vendors are based in China. That means military networks may lag behind capabilities widely available to ordinary citizens with the latest smartphones.

“Use of 5G components manufactured by untrusted companies could expose U.S. entities to risks introduced by malicious software and hardware, counterfeit components, and component flaws caused by poor manufacturing processes and maintenance procedures,” concludes the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), which recently released a 16-page overview of the security risks introduced by 5G adoption in the U.S.

“5G hardware, software, and services provided by untrusted entities could increase the risk of compromise to the confidentiality, integrity, and availability of network assets,” the report says. “Even if U.S. networks are secure, U.S. data that travels overseas through untrusted telecommunication networks is potentially at risk of interception, manipulation, disruption, and destruction.”

Present-day 4G Long-Term Evolution (LTE) networks have throughput in the 100 megabits per second (Mbps) range and a latency of under 100 milliseconds. 5G is expected to increase data rates to 20 gigabytes per second (Gbps) — that’s a 1,600-fold increase —  and reduce latency 95 percent, to under 5 milliseconds. Such lightning-fast connections are seen as essential to a host of new applications, like self-driving cars and linking of billions of ordinary appliances into a sprawling Internet of Things.

But along with those benefits, however, come a truckload of security vulnerabilities that fall into four categories: the supply chain could include bugged or sabotaged hardware and software; deploying the larger number of smaller systems required for 5G could create new openings for attack; network security could suffer as new 5G systems are layered on top of existing 4G ones; and competition and choice could erode in the face of rising global giants like Huawei.

“There remain the same security vulnerabilities that exist today in all wireless networks: hardware, software, data model, power application, supply chain,” said retired Air Force Brig. Gen. Robert Spalding, former chief China strategist for the chairman of the Joint Chiefs of Staff and the Joint Staff, and former senior director for strategic planning at the White House National Security Council.

“The main difference is the enhanced speed and connectivity. More bandwidth and lower latency will mean an exponential increase in the threat landscape. Total connections will move from 10,000 to 3 million per square mile. These extra connections will be machines that track everything we do,” Spalding told me. “These vulnerabilities would make 5G unusable for the military, unless mitigated.”

While at the National Security Council, Spalding gained notoriety for a leaked memo in early 2018 where he advocated on security grounds for a nationalized American 5G network. He is presently a senior fellow at the conservative Hudson Institute.

Following are details about the four areas of 5G vulnerability identified by DHS CISA:

Supply Chain: Use of 5G components manufactured by untrusted companies raise the threat of malicious software and hardware, counterfeit components, and poorly designed and manufactured systems that will be vulnerable to cyberattack and disruption.

“Compromised devices may provide malicious actors with persistent access to 5G networks and the capability to intercept data that routes through the devices,” states the overview report. “Compromised devices may infect connected computers, phones, and other devices with malware and may have data rerouted, changed, or deleted. Untrusted companies that have significant international market share within telecommunication networks may introduce risks even if they do not have a large presence within the U.S networks. Therefore, even if the U.S. network were completely secure, data traveling overseas may pass through untrusted telecommunication networks and potentially be vulnerable to interception, manipulation, disruption, or destruction.”

Read More
%d bloggers like this: