5G promises faster speeds and greater security risks

TechRepublic's Karen Roby talks with Radware exec Mike O'Malley about the growing security risks that accompany 5G for providers, smart cities, and the enterprise.

5G promises faster speeds and greater security risks

TechRepublic's Karen Roby talked with Mike O'Malley, vice president of Marketing for Radware, about the growing security risks we are sure to face as 5G becomes more mainstream. The following is an edited transcript of their interview.

SEE: 5G: What it means for IoT (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

Mike O'Malley: What enterprises and service providers are coming to understand is that 5G is going to be a huge increase in capability, both in speed and lower latency. Think about it in terms of going down the highway, where today I'm going down the highway at 60 miles an hour, and with 5G I'm going to be able to go down the highway at 600 miles an hour.

It's an incredible leap in terms of performance, and that's great for consumers because now they're going to be able to access video streaming, interactive applications, very high bandwidth applications on mobile. But at the same time, it's also a tremendous opportunity for hackers, and enterprises and service providers both need to understand this because they're going to need to protect these new applications as well.

Think about some of the big, nasty breaches that we've seen on the wired side, like the Dyn attack or other major breaches. What we're going to see there is, we're going to see these now all move over to the wireless network, and all of those big nasty attacks that are being done today, all those same tools now will be used on the wireless side because it will have just the same capabilities, and both service providers and enterprises are going to need to prepare for that.

Karen Roby: Before we get to enterprise more specifically, do you feel like the providers are prepared? Is this something that they have known that they need to be ready for? Or is it something where they're kind of playing catch-up now?

Mike O'Malley: So there's two things going on there. The service providers are generally prepared. We see about 60% of them today saying that they feel like they have a good handle on 5G security. But the bigger concern, I think, is on the enterprise side. Where the service providers, who are the guys that know the most, these are the ones who should understand the security implications of this. They're the most concerned, but they are preparing for it, but what we do see is  that the enterprise customers just think this is another G--this is 4G to 5G. I made it a little faster, but they don't understand the increase in performance and the implications of what that's going to mean and how that's going to change how they handle their network.

SEE: Security Response Policy (TechRepublic Premium)
Karen Roby: When you talk about the enterprise side of things, what's to come for them, and are you seeing a big education gap there?

Mike O'Malley: We are definitely seeing a big education gap. What we're seeing is that enterprises are embracing things like IoT applications, more and more mobility, bring-your-own-device, all of these mobile-based services. But at the same time, 5G is going to change very much the way those are delivered, and so service providers are making lots of changes to their networks and how they're deployed to provide security. At the same time, enterprises need to understand what's going to be their responsibility and how those services are going to operate on their networks, and they need to prepare for that because they're going to have responsibilities as well.

Karen Roby: Expand a little bit on the types of attacks that you could see happening here. I know you mentioned off camera one thing that's really scary is smart cities, how potentially those could be impacted.

Mike O'Malley: Absolutely. 5G is going to bring a lot of new applications, industrial IoT, telemedicine, smart cities. So let's take smart cities as a concrete example. So if I'm offering a smart city solution in Chicago, and I'm the application owner, let's say, that has the smart cameras and maybe smart devices on all of the taxis so I know in real time where all the taxis are in the city. If I'm that application owner, I need to be concerned now about those devices getting hacked and launching attacks on the rest of the network.

There's two pieces there that need to be understood. One is the service provider needs to protect himself from the attack, right? This is like when the airbag drops in the airplane and they say put the airbag over yourself before you put it over a small child. It's the same thing. First the service provider has to preserve themselves; otherwise, the whole network goes down. So they're taking steps to do that, but then also there's the enterprise and the application owner's concern because he needs to be concerned, first of all, that these smart cameras, for example, they have an application that they're going to talk to that's going to tell you what's going on in the city at all times. Well, they need to make sure that that application doesn't get attacked by its own cameras and take the application down. They need to protect against that.

Then the second piece is if those devices do get attacked, maybe they're just the means to an end, and the attack isn't destined for the application owner himself but somewhere else in the smart city. Now, I'm an application owner whose network is being used as a platform to attack the rest of the smart city and maybe take other applications down, and now maybe I'm responsible for taking all the smart city applications in Chicago down because my smart cameras got hacked. There's really responsibilities on both sides, but this is where application owners and enterprises need to be a lot more savvy as 5G comes into being to understand what kind of capabilities hackers are going to have. And they need to be even more diligent now about their devices because they're going to be much more attractive to hackers than they've been in the past.

Also see