Does The Proposed 5G Network Make Global Industries and Utilities Vulnerable to Attacks?
What is 5G technology?
5G technology is the next-generation standard for wireless communications. It is set to start taking over network environments in 2019. 5G delivers vastly increased capacity, lower latency, and faster communication speeds.5G is the fifth generation of mobile wireless systems and is a way for devices, both mobile and stationary, to send and receive data without being plugged into a wall. The introduction of 5G technology, along with its promise creates security nightmares for multiple industries including manufacturing, critical infrastructures, and building management systems (BMS).
5G is Not Only For Manufacturing
5G isn’t used only for manufacturing; it’s also used in farm equipment; in airplanes and in all kinds of different things that can actually kill people or that allows someone to reach into the network and direct those things to do what they want them to do. It’s a completely different threat that we’ve never experienced before. Organizations incorporating 5G-enabled devices into their IoT/IIoT deployments without proper network monitoring solutions in place need to be cautious — these devices create ways for potential attackers to penetrate these “private” networks from the 5G infrastructure.
Risks Posed by International Threat Actors
Aside from the direct impact of using equipment provided by countries that are usually linked to cyber threat actors such as China and thus having the ability to “monitor” all communications running over the new networks, 5G coverage will ultimately allow organizations with remote sites to deploy IIoT devices with advanced capabilities. These devices are forming the new soft underbelly of organizations, allowing attackers to easily take advantage of their simple to non-existent security. IoT devices generally have little to no security controls on them; they are usually installed without changing the default passwords or simple security measures, allowing attackers to easily use them as part of their attack. A totally connected network will ultimately be very susceptible to cyberattacks. Even before the introduction of 5G networks, hackers have breached the control center of a municipal dam system, stopped a car as it traveled down an interstate, sabotaged home appliances, and even hacked an airplane in midair.
Possible Threats for Manufacturing Facilities
Threats these days such as malware, ransomware, crypto-jacking, identity theft, and data breaches have become so common that people today are more afraid of cybercrime than they are of becoming a victim of a terror attack. Adding 5G devices to complex manufacturing, BMS or critical infrastructure network universe is destined to create more opportunities for attackers. All these connections ultimately increase the attack surface for potential cyber-attacks on operational technologies, which are the soft underbelly of companies. There are substantial risks when it comes to the implementation of even partially outsourced 5G networks in building management systems (BMS) sites and large manufacturers.
Recent Attacks on Building Management Systems (BMS)
Examples of BMS attacks include an attack on apartment buildings in Finland, where residents of two apartment buildings in Lappeenranta, a city of around 60,000 people in eastern Finland, were literally left in the cold for an entire weekend. The environmental control systems in their buildings stopped working, and it wasn’t because of a blackout. It was actually a cyber-attack that took them down.
Another BMS attack took control of the electronic key systems at the picturesque lakeside Alpine hotel, the Romantik Seehotel Jaegwirt, in Austria. At the beginning of the ski season, the hotel was hit by a cyber-attack in which hackers took over the controls of locks on guest rooms. Multiple reports stemming from local and news agency central European news exclaimed that guests at the hotel had been locked in their rooms by the cybercriminals.
When planning a communications system upgrade on the scale of the rollout of the new 5G network, security cannot be a secondary consideration. Safeguards must be built into every part of the network from the word go.
Best Practices for Industrial Security With 5G Connectivity
To truly support environments with thousands or even tens of thousands of connected 5G and traditional devices, a security solution must be in place. It must be able to collect and analyze huge amounts of data from complex and connected devices without missing a single byte, device, configuration, or any other data point, to constantly monitor the network and make sure that no devices are communicated with from outside without authorization.
If data is only sampled and not fully inspected, it still leaves the network vulnerable to a cyber attack as a lot of information — including connections between devices — will simply fall through the cracks.
Once the data is properly collected and analyzed, the security teams need to be able to access this information, assess their actual security risks, and respond to them accordingly.
While 5G can cause many issues for manufacturers, BMS sites and critical infrastructures, OT security solutions (*ahem*) are already in place that can help solve these issues and thwart cyber attackers.