The US National Security Agency (NSA), together with the Government Security and Infrastructure Security Agency (CISA) and Principal's office of National Service Information (ODNI) analyze, in their report, the potential risks and weaknesses involved in the implementation of 5G networks. Representatives from the IT, communications and industrial defense bases also contributed to the report, entitled «Potential Threat Vectors to 5G Infrastructure».
Inadequate implementation of telecommunications standards, infrastructure weaknesses and supply chain threats could pose significant cyber security risks in networks 5G. The analysis provides a list of known and potential threats to these networks, scenarios for the adoption of 5G technologies, while also assessing the risks for key 5G technologies.
Improper definition and incorrect implementation of 5G policies could pose serious risks. For example, states contributing to their drafting could try to influence standards to the benefit of their own technologies. In other cases, States could not specify optional controls that are not applied by operators.
The report also highlights the risks to the 5G supply chain, such as the introduction of malicious software and hardware, counterfeits, bad designs, manufacturing and maintenance processes.
Specifically, the report notes the following: "Exposure to these risks is heightened by the widespread 'charm' of 5G technologies and the consequent rush for growth. "This can have negative consequences, such as data and copyright theft, loss of confidence in the integrity of the 5G network or exploitation that will damage the system and the network."
Experts also warn about weaknesses in the 5G architecture, which could be exploited by hackers as attackers. 5G architectures use a growing number of ICTs designed to meet the growing demands of data, capacity and communication. Both old and new vulnerabilities could be exploited by malicious agents to monitor, manipulate, disrupt, and destroy important data.
Finally, the report emphasizes the following: "These threats and vulnerabilities could be exploited by malicious agents, which would have a negative impact on organizations and users. Without a constant focus on 5G threat carriers and early detection of vulnerabilities in the system architecture, new vulnerabilities will increase the impact of cyber attacks. Organizations and communications providers who choose not to implement optional security checks are more likely to have more vulnerabilities and be at greater risk for cyber attacks. In these cases, government hackers, who have contributed to the development of security controls or are aware of vulnerabilities in systems that have not implemented them, can target these entities. "Malicious agents could therefore detect and use methods to take advantage of private networks that do not apply these optional controls."
Source of information: securityaffairs.co