CyberCompare

What does the 5G standard mean for cybersecurity in production?

The 5G Standard

The fifth generation of this mobile communications standard is currently finding its way onto factory floors and supply chains in the form of initial pilot projects and POCs. Above all, high data rates (up to 20 Gbit/s) and low latency times (<1 millisecond) compared to LTE technology open up new opportunities for further digitizing manufacturing processes where real-time requirements were previously barriers to networked approaches. The focus of 5G is the provision of an extremely flexible infrastructure that supports the following modes in parallel:

– EMBB: high data rates

– URLLC: low latency

– MMTC: energy saving communication

– LOC: localization.

In addition, 5G can provide guaranteed SLAs of >99.9 percent. Classic application examples are autonomous shuttles for provision; cable-free and, with that, flexible HMI devices; and machine maintenance via AR.

The following Bosch article clearly illustrates the advantages and potential areas of use for 5G: „5 Gründe für 5G in der Industrie 4.0 | Bosch Global | Bosch Global„

The impact of 5G on cybersecurity

At present, how do things look with regard to cybersecurity? Are there additional risk scenarios? What needs to be kept in mind?

Fundamental challenges posed by the introduction of 5G include, for example, new dependencies due to the additional infrastructure and handling requirements of ESIM/SIM cards. In addition, the use of wireless communication also comes with the risk of disruptions or a loss of a connection.

When it comes to security, there are, of course, advantages to manufacturing and supply chain digitization, in addition to those described above: One weighty argument is already listed in the article: independence from the public network through the local 5G “campus network”. In parallel, the development and, for example, the deployment of hardware for the local network is up to the user. It should be noted that the user must, of course, have appropriate capacity and know-how, and that third-party providers usually also require access for patching and operation. Furthermore, in Portugal and China, private networks are forbidden.

The risks are not very surprising:

  • 5G facilitates massive deployment of linked IOT devices in production. The newly generated data traffic can be non-transparent for the company if Wide Area Network (WAN) solutions such as SASE are used (on this topic, see our Artikel zu „Security Access Service Edge (SASE) und Zero Trust Network Access (ZTNA)„).
  • IOT devices are often not adequately secured, and they represent new and serious challenges to effective patch management ─ and this also applies to 5G.
  • The amount of software for 5G is increasing significantly due to the new opportunities compared to legacy telecom standards. The 5G network is described as being software based. Just as with IOT devices, with each new type of software, there are pitfalls and weak points.

How companies can manage the risks

So how should I proceed if I want to reap the benefits of 5G technology in systems but also want to keep cyber-related risks under control?

  • Network architecture and segmentation (SASE and the protection of interfaces with corporate IT (level 1) and external connections (cloud security). Relevant issues here:
    1. How is a third party guaranteed network access without having to make end devices externally available (ideally technically)?
    2. How can known processes be cleanly mapped in 5G networks (zones, segments, record keeping, authentication, etc.)
  • Inventory (a variety of new IOT devices such as autonomous shuttles)
  • Patch management with a new view of the dovetailing of software development with operations and security: development security operations
  • Continuous OT/IOT monitoring of log files and sensors with regard to availability, vulnerabilities, and attacks
  • Integrated and repeated analysis of weak points via penetration tests, etc.
  • The exchange of best practices within the industry and sectors.

Conclusion: in our view (internally), 5G is initially simply a building block of the infrastructure, and it should be viewed as just that. Far more added value is delivered via software applications. The described features of 5G (data rate, latency, energy-efficient communication, localization, and availability) thus enable new applications in automation, increased transparency over data and information, and new insights through AI and machine learning. These benefits go hand-in-hand with additional risks. Networks based on 5G can be manipulated, the IOT devices show vulnerabilities, and the software solutions open new attack vectors for external hackers.

A cybersecurity strategy is necessary and should be constantly updated, particularly with other industrial companies, specialized providers, and independent experts (with regard to country-specific “loopholes,” for example).

Are OT and IoT security issues for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.

Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.

And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.