Opinions

How can we protect our smart cities in the age of 5G?

5G is the foundation for many futuristic technologies that will connect our cities in ways we’ve never seen before. Here’s what that means for security.

Share article

5G security smart cities

1G, 2G, 3G, 4G – now 5G is here. And it’s got a lot going for it. But as the fifth generation of mobile networks is poised for a pivotal role in the future of business, society and technology, a recent report by Securing Smart Cities has warned what we might need to think carefully about how to protect our citadels. But first, what exactly is a smart city? And what does 5G have to do with it?

Smart cities are connected

Smart cities usually occupy six dimensions: people, technology, infrastructure, management, economy and government. Put simply; a smart city uses internet of things (IoT) sensors and technology to connect components across a city to make everyday life easier for its citizens.

Sounds complicated, but it’s reasonably simple: sensors and connected devices allow cities to manage and monitor infrastructure, transport and financial systems, postal services and more. Traffic could run more efficiently, payment transactions made more secure and remote emergency surgery (think advanced drones replacing paramedics) could become commonplace.

According to a report from the International Data Corporation (IDC), global smart city tech investment is set to reach $135bn by 2021. So what’s behind this rapid rise?

In short: 5G. This new network is estimated to be up to 100 times faster than the present 4G systems, with up to 25 times lower latency (lag time) and as many as one million devices supported per square km; that’s a staggering one thousand times what’s currently possible! This increased bandwidth brings many new possibilities, like autonomous driving, and better connectivity. But, with these possibilities come significant threats.

The far-reaching risks of 5G

As with every new technology, it’s essential to be aware of how it can affect IT security infrastructures. 5G will serve as the foundation for many future technologies; however, the security concerns are inescapable. It’s evolved from 4G, from which it will inevitably inherit vulnerabilities and misconfigurations. If 5G is to play a crucial role in smart cities, governments and industry leaders should promote secure 5G projects that enhance services but also ensure stability and quality of life for its citizens.
5G security smart citiesArt by Martin Widenka

So what are the specific risks and challenges to look out for? The 5G Security and Privacy for Smart Cities report, which I co-authored with David Jordan and Alan Seow, has an extensive explanation. Here are the key things you need to know.

From protocol weaknesses to DDoS attacks

As 5G and smart devices connect our cities, it will cover more areas than today’s telecommunications equipment, giving previously non-network devices connectivity and centralized management. This means better visibility, efficiency and performance, but also exposes the population to more risks as the entire system is connected. If one node is attacked, many more may be affected.

For example, 5G will increase the risk and potential damage of large-scale distributed denial-of-service (DDoS) attacks. This is when a hacker overloads a machine or network with traffic to render it useless. DDoS attacks are used to disable the online services of banks and e-commerce platforms, but the city’s critical infrastructure is a significant weak spot. In 2014, a DDoS attack on Boston Children’s Hospital meant staff couldn’t use medical devices, putting patients’ lives in danger and causing damages totaling an estimated US $600,000.

5G also presents some protocol weaknesses, for example in the authentication and key agreement (AKA) – the method of encrypting communication between devices and cellular networks, which has been previously utilized in 3G and 4G networks and is known to be vulnerable to international mobile subscriber identity (IMSI) catchers, interception of traffic and sensitive information.

With both of these threats on the horizon, regular security practices such as supply chain security, access control, patch management, threat hunting and configuration management should be carried out to secure against 5G threats.

But there’s more to do to keep our cities and societies safe.

How do we ensure 5G safety?

There are many solutions to protecting smart cities in the age of 5G, from full audits to anomaly detection. One I’d like to highlight is hybrid authentication.

In 2G to 4G, network authentication – a security process when a computer on a network tries to connect to a server – has previously been a straightforward process between service and network providers, and the user’s device. Network authentication liberates the user from having to authenticate for every service they need access to; a single network authentication is sufficient.

When it comes to an entire network of connected devices, authentication must be as safe and secure as possible. One security recommendation for this relies on network-based authentication.

5G network security will require flexibility for organizations to manage multiple unknown devices with various levels of security, moving away from previous authentication models. A new, unified hybrid framework is needed to coordinate different security methods for each security layer. If devices can’t be authenticated, are misbehaving or not adequately set, we need processes in place to isolate them.

Ultimately, 5G is a technology advancement that will help us combat many of the world’s problems. But we have to make sure we’re wholly certain about the threats that it could bring and help governing bodies and our civic leaders prepare so safer smart cities can benefit our lives.

Smart city security

Read the full 5G Security and Privacy for Smart Cities report.

About authors

Dr. Amin Hasbini is a researcher, malware analyst and head of Kaspersky’s research team in the Middle East and Africa. He hunts for threats to keep millions of users safe. He loves discovering new APTs (advanced persistent threats) and savoring French pastries.