This article from Allianz experts focuses on 5G risks. The global rollout of the 5G network promises to be transformative, with unprecedented levels of speed, capacity and potential – but the interdependent nature of the technologies involved also brings a proliferation of risks. Here, Allianz Global Corporate & Specialty (AGCS) experts discuss the opportunities and the threats that will face risk managers as the digital revolution progresses.
- 5G has the potential to transform almost all industry sectors, ushering in a new world of hyper-connectivity and facilitating the Fourth Industrial Revolution.
- As a software-dependent network with high dependencies and an increased ‘attack surface’, it will present significant new security risks.
- Risk mitigation measures must take into account all stakeholders across the supply chain.
- Collaboration across sectors, institutions, governments and nations will be required to create the infrastructure required and agree standards.
In China, doctors perform ultrasounds on Covid patients in Wuhan using an ultrasonic robot they control from 700km/435 miles away. In South Korea, manufacturers adjust their maintenance schedule according to data gathered from sensors enabled by a subscription-based smart factory service. At an American football stadium, fans stream rich game action to their smartphones, discussing team stats transmitted almost instantly in augmented reality.
RELATED: 5G cybersecurity has never been more important, says Strand Consult´s review of EU OpenRAN Report
These are just three use cases illustrating the potential of 5G-enabled technologies, from the countries taking the lead in its rollout. This is advancing at different speeds across numerous regions, and it is estimated the number of 5G global connections will reach one billion by the end of 2022, according to the mobile network operators organization GSMA[1]. By 2025, two in five people around the world could be living within reach of a 5G network.
In our increasingly connected world, the proliferation of smart devices and data-hungry apps is putting pressure on existing 4G networks. The 5G – or fifth generation – network promises to be up to 100 times faster than 4G, with lower latency (the time needed to send data from one point to another) and greatly increased capacity. It will enable the hyper-connectivity that could power us through the Fourth Industrial Revolution using the Internet of Things (IoT), transform the way we travel, remodel our healthcare, optimize food production, and maximize energy sources and usage. Technologies such as artificial intelligence (AI), virtual and augmented reality, advanced analytics, and robotics will be boosted by 5G’s enhanced reach, speed, and reliability. All this could enable global economic output of $13.2trn by 2035, say researchers at IHS Markit[2].
All sectors could be affected – virtually
5G is going to enable the advancement of technological applications across almost all sectors. Telecommunications companies will be able to provide faster speeds for communications, streaming or downloads. In the office, we’ll be able to host more people on a video call. With 5G’s greater capacity, we’ll be able to better utilize advancements like cloud computing and storage. Telcos will monitor equipment remotely and use drone technology for smarter maintenance. Tech businesses will process more data and use AI to enable advances such as smart mobility and autonomous vehicles. For consumers, the streaming trend that rocketed during the Covid lockdowns will be given a boost with greater speeds and bandwidth.
These developments represent significant opportunities for the tech, media and telecoms sector. By 2035, it is believed the global 5G value chain – such as the network operators, application developers, technology providers, and equipment manufacturers – could create $3.6trn in economic output and support 22.3mn jobs.[3]
High dependencies create high risks
As well as unlocking vast potential, the 5G rollout will introduce significant new risks, meaning the risk profile of companies using or providing 5G goods and services will change. Businesses will have to adapt to an ongoing technological revolution which presents many unknowns. Unforeseen consequences, real or perceived, are a hazard – as was seen in January 2022, when concerns over the effects of 5G technology on aviation systems disrupted airlines in the US, or in April 2020, when conspiracy theorists in the UK vandalized phone masts in the mistaken belief they were linked to the Covid-19 outbreak.
Unlike previous generations, the 5G network will be a software defined network and ‘virtualized’, meaning many functions that once relied on hardware will now be virtual software capabilities, with attendant software-related security issues. As the amount of interconnected devices, networks, services, and mobile data increases, so will the potential attack surface.
The interconnected nature of the 5G network, with its infrastructure, service providers and users, also magnifies the issue of supply chain security and business interruption losses should something go wrong.
The high dependencies in the overall concept, from the companies that provide the 5G-enabled technological solutions to those that buy and use them, is the critical issue here. One of the most important features of 5G, with its speed and low latency, is that it offers solutions in real time, 24/7. So if there’s any interruption in the chain it could have a direct impact on the processes that follow, not only for a specific client, but potentially on a regional or even global level.
These solutions could be deployed in mission-critical systems within first response services, transport, healthcare, and energy provision, where low latency or interference could have near-instant knock-on effects, with catastrophic consequences.
What businesses need to consider
Businesses will need to ask whether the speed of the rollout correlates to their security measures. If you’re a provider, what procedures are in place to ensure the stability of your systems and services? Issues such as connectivity, identity and access management, and device locations all come into play. Risk management will need to centre around the availability, security and integrity of all systems because an interruption could not only result in financial losses for your business but also reputational damage.
Equally, businesses need to identify all the relevant stakeholders in the ecosystem – their network infrastructure providers, customers, end users, data centers – to determine the opportunities for attack or outage. Even trusted suppliers can be hacked, as was seen in 2020, when an attack on the US technology firm SolarWinds affected Microsoft, Intel, and government agencies, costing each company affected an average of $12mn or 11% of annual revenue.[4]
The supply chain is not only vulnerable to cyberattack or human failure, but also to geopolitical upheaval and natural catastrophe. Bottlenecks, such as the Suez Canal blockage of 2021 or the recent semiconductor shortage, could also disrupt service provision, as could overreliance on certain suppliers. There is concern, too, over communication gaps with so many stakeholders involved – if updates for new components or software are not well communicated by manufacturers or service providers to users, there could be consequences along the supply chain.
A closer look at the cyber threat
5G will enable the proliferation of highly complex, multi-domain environments. A crucial difference between 5G and its predecessors is the distinct feature of network ‘slicing’. Slicing utilizes Software Defined Networking (SDN) and the complementary technology Network Function Virtualization (NFV). This allows many different virtual networks to be created on a shared infrastructure, each of which can be customized to different requirements. This flexibility delivers intrinsic security through segmentation. Slices depend on APIs – application programming interfaces – which are designed to communicate with each other, so the reliability of the overall software supply chain becomes hugely significant.
On the plus side, slicing enables segregation, which allows slices to be isolated in case of a security issue, but if those slices are misconfigured or there is no isolation mechanism, the network can be exploited.
As well as increasing the software attack surface, slicing means many different stakeholders will be using multiple virtual networks which run on common hardware resources, whether it’s for storage or processors. A hardware failure could have a mighty service impact.
A lack of standardization and a regulatory framework that is still evolving present further security risks. Larger telecoms businesses and their equipment suppliers embed best practice into new procedures and products, but there is a risk that others, with fewer resources or in jurisdictions with less robust regulation, might be tempted to cut corners. This could have widescale consequences in a world where the number of everyday devices that are connected could surge.
To mitigate against this new world of risk, AGCS recommends methods that are already good practice: standardization with all interfaces, proper configuration, authorization and authentication, encryption, protecting APIs (especially if they are from open sources), and system ‘hardening’ – configuring IT assets to reduce their vulnerability to attack. These should go hand in hand with a robust business continuity plan.
Unprecedented levels of collaboration
The global rollout of 5G will require widescale collaboration between businesses, the public sector and governments, as well as between nations across the world. High levels of investment will be needed to create the infrastructure required, agree standards, innovate new products and services, develop new business models, and educate users and providers about the risks and potential of 5G technologies.
Recent examples of collaborative innovation include the combined forces of Ericsson, TIM (formerly Telecoms Italia) and automations systems company Comau, which are developing 5G-enabled solutions for smart manufacturing based on the benefits of network slicing, as part of the EU-funded 5Growth project. Network slicing was also key to the recent completion of an end-to-end proof of concept with software and services provider Amdocs and A1 Telekom Austria Group, which aims to drive next-generation experiences and on-demand connectivity for consumers and businesses.
However, there is a disparity of technological advancements globally. With the high investment costs involved, there is a danger some poorer economies may not benefit from the positive impacts of 5G technologies, which could widen inequalities between nations. It could be beneficial for certain aspects of infrastructure to be regionalized in order to facilitate the rollout in regions that might otherwise be left behind.
As the 5G rollout advances, AGCS will maintain an intense risk dialogue with clients about the developing technologies involved. The dialogue will focus not so much on 5G itself, but rather on the implications of using so many connected devices in so many different industries, from autonomous cars to remote surgical operations to self-propelled tractors. As new issues emerge, we will support our clients by discussing the potential impacts on safety-related measures, how their risk management should be adapted, and what our policies are. We intend to be fully involved in these discussions as the risks and opportunities presented by 5G technologies emerge.
Allianz experts
Rishi Baviskar | [email protected]
Oliver Lauxmann | [email protected]
Jody Yee | [email protected]
COVER PHOTO: IT Chronicles