5G networks: What are they, how are they different, and what are the security implications?

If you use a smartphone, you’ve probably heard of 3G and 4G – and you’re probably starting to hear about 5G. But what is 5G? What will it mean for you? And what will it mean for security?

“5G” is shorthand for a new 5th generation of cellular communications networks that promises many benefits, including:

• Much faster data transmission (so you get high-speed Internet in more places, and can do new kinds of things – for example, physical therapy via virtual reality)
• Lower latency (in other words, fewer delays) – crucial for applications such as game streaming
• Better support for sensor and Internet-of-Things (IoT) networks where huge numbers of devices are “talking” at the same time

“5G” is also shorthand for all the stuff that must be designed, built, deployed, and tested for a 5G network to work. For example:

• 5G compatible phones (or other devices) you’ll need in order to use 5G networks
• Sophisticated communications equipment (such as radio cell sites) service providers like Verizon and AT∧T must buy and deploy
• Standards to make everything (hopefully!) work together

Launching a new network

As you might suspect, it’s complicated to launch a new generation of wireless communications networks. Difficult technical problems must be solved. Plenty of R∧D and testing needs to happen. (For example, since most new 5G networks will operate at “millimeter wave” bandwidths that degrade rapidly over distance, they’ll need many more small local cell sites than older networks did.)

This is why it can take a decade from the earliest technical work to the time when billions of consumers are routinely using the new networks.

5G is partway through that decade, and it’s just beginning to appear in the real world.

In the spring of 2019, service providers are rolling out their first 5G systems in parts of a few cities, and the earliest 5G-compatible smartphones were starting to be introduced. (Since 5G users will need access to older 4G networks, these phones will also include 4G technology.)

Marketing happens faster than R∧D, so you’ll see plenty of 5G commercials designed to make your phone company look quite technically advanced – even if you probably won’t be able to buy 5G service until 2020, 2021, or maybe later, depending on where you are. It may also take a few years before really exciting 5G applications take hold, just as it took time for apps like Snapchat to fully leverage 4G’s power.

5G and cybersecurity

5G is definitely coming. What does that mean for security?

Each new generation of communications networks has had security problems, and they’ve all been attacked. Since 5G will handle highly sensitive applications – some with life-and-death implications -- security will be more important than ever. (You don’t want someone hacking your remote surgery!)

The good news: overall, the industry seems to recognize this. Stronger security was built into 5G. At a high level, delegates from 32 countries recently met to hash out overall principles for improving 5G network security. Independent researchers recently identified potential issues with 5G’s authentication protocols, but they quickly started working with the standards authorities to address those.

The bad news: given the huge number of devices that’ll be connected to 5G networks (and the complex mix of cloud and virtualized services that 5G applications will use), cybercriminals will have many opportunities to attack. Flaws in existing networks and IoT systems will likely be magnified in 5G environments. 5G security may also be a geopolitical issue: do countries place themselves at risk by relying on 5G equipment built in nations with potentially adversarial governments?

Individuals can’t guarantee the security of their 5G communications all by themselves. But most experts agree that good day-to-day security hygiene will help in 5G environments, too. For example: use the strongest access controls available to you; protect 5G Internet connections with firewalls wherever possible; avoid no-name IoT devices (and use strong passwords on the IoT devices you choose), and use advanced anti-malware software such as Sophos Home Premium that intelligently recognizes new attacks based on their behavior.