David Masson is the Canada country manager for Darktrace, an artificial intelligence cybersecurity company.
Even when viewed through the most skeptical goggles, it’s difficult to envisage a future not affected by 5G innovations. The fifth generation of cellular networks, 5G, will deliver wireless connections up to 100 times faster than 4G can support. Put another way, that’s the difference between an ordinary adult running and an F-22 fighter jet at top speed.
The long-term effects of near-instant communication are truly unimaginable. Reducing delays from seconds to milliseconds is the key to unlocking life-saving technologies that cannot afford any lag, including autonomous vehicles and remote surgery robots that operate on patients a thousand kilometres away. 5G enables extensive smart city networks that unify surveillance cameras, traffic sensors, electricity meters and a near-infinite collection of other “internet of things” (IOT) devices – all sharing data in real time.
Fuelled by 5G advances, the IOT install base is expected to triple over the next six years. What exactly these new IOT devices will look like is anyone’s guess, and unfortunately, so too are the cyberthreats that will exploit them to steal lucrative data.
Nothing about 5G has garnered more attention than its potential to facilitate information theft and espionage. At the heart of the issue are 5G providers that could theoretically install secret “backdoors” in their products to spy on unencrypted conversations.
Should the Conservatives prevail in Canada’s federal election this fall, they intend to ban China’s Huawei from building Canada’s 5G infrastructure, following the lead of the United States and other Western governments. Most Canadians support the proposed ban, fearful that the Chinese government could compel the world’s largest telecom provider to hand over private data.
Rarely discussed but perhaps even more important, supply chain attacks against 5G hardware and software will render the conventional approach to cybersecurity obsolete. Supply chain attacks, which target organizations by infiltrating their partners and suppliers, are already one of the major risks confronting the modern enterprise. In a 2018 study, 56 per cent of organizations reported a breach caused by a supplier and the average firm entrusted 471 third parties with their sensitive data – any one of which could suffer a breach.
In a year when cybercrime is projected to cost the world upward of US$1-trillion, the conventional approach to cybersecurity is broken, independent of the switch to 5G. Protecting today’s supply chains demands that companies adapt their defence strategy, which currently revolves around predefining what constitutes a threat to secure the perimeter. Cyberthreats are inherently unpredictable, and hundreds of vulnerable third parties are already inside the perimeter walls.
If we fail to challenge traditional security standards, the arrival of 5G will render supply chains exponentially riskier. For one, the race to market for the 5G-powered internet of things is pushing security considerations to the side, providing low-hanging fruit for cybercriminals seeking to gain entry into larger networks. And for another, the heterogeneity of these novel devices will prevent us from anticipating their unique weaknesses.
Moreover, the cyber professionals who work to contain in-progress attacks will become even more outmatched by automated threats that strike too quickly for them to react. At 5G speeds, malware could download and spread throughout a victim’s network before they realize that anything is amiss.
Given the uncertainty as well as the rapidity of 5G attacks, we must replace the old model of guessing what future threats will look like and then expecting humans to respond in time.
Some of the latest security tools employ an entirely different approach: leveraging cyber artificial intelligence algorithms that learn while “on the job” to differentiate between normal and abnormal behaviour for any device, without predefining anything. Such AI tools may be our best chance at countering the machine-speed supply-chain attacks of tomorrow.
With 5G rollouts under way and billions invested in making the necessary infrastructure a reality, there is little doubt that fifth generation networks are about to transform the world. Whether that transformation is for the better will depend on rethinking not only these networks, but also the methods we use to keep them safe.