What India needs to build a world-class 5G network!

5G services were launched in India in October 2022, and within a short span of time India has earned the distinction of the fastest 5G rollouts with over 100,000 5G BTSs deployed by March 2023, as per the latest Department of Telecommunications (DoT) data. Global telecom industry has acknowledged the pace of 5G rollouts in India, and GSMA conferred the Government Leadership Award 2023 to India for its telecom policy and reforms at the recently concluded MWC 2023 in Barcelona.

5G networks will serve as critical infrastructure to facilitate the digitization, automation, and connectivity to machines, robots, and transport solutions, financial systems, health solutions, etc. 5G networks are creating exciting new opportunities for businesses to innovate their products and services. Apart from transforming various sectors, 5G has the potential to change the socio-economic fabric of the country, transforming the society at large – it could potentially address some of the basic challenges due to lack of optimum infrastructure for healthcare, education, financial and technology inclusion, to name a few. Hence, safeguarding this crucial technology is of paramount importance as rolls-outs continue to happen more widely.

According to a recent report, India is the second most targeted country for cyber-attacks globally. In last one year alone, there have been a spate of cyber-attacks on government departments, public sector undertakings, (PSUs) and large corporations, causing significant disruptions to their operations, service, and reputational damage. Some recent examples include cyber-attack on Oil India’s Assam network in April 2022, disrupting its operations. Tata Power Company reported that some of its IT systems were impacted by a cyber-attack in October last year. In December 2022, five servers of All India Institute of Medical Sciences (AIIMS) were under attack, resulting in an estimated 1.3 terabytes of data being encrypted. As the 5G landscape expands in the country, cybercriminals are finding more opportunities to exploit vulnerabilities in the enterprise networks.

5G networks increase the attack surface; with more connected devices and data being transmitted over the network, the potential for cyber-attacks is significantly higher. IoT, being one the significant use-cases of 5G with connected devices and sensors, is one of the leading cyber-attack areas as it is harder to employ firewalls, antivirus, and other security applications to safeguard IoT devices. IoT devices include wearable fitness trackers, smart refrigerators, smartwatches, voice assistants, sensor-based devices in industrial set-up, etc.

5G networks rely heavily on cloud services, which offer a range of benefits, such as scalability, efficiency, and cost savings. But they are also a prime target for attacks – misconfigured cloud settings are cause of data breaches and unauthorized access, insecure interfaces, and account hijacking. According to Kaspersky, the average cost of a data breach alone is almost USD 4 million, which is significant for enterprises, apart from millions lost in reputational damage. Other cloud-related challenges include insufficient IT expertise to handle the cloud migration issues, dealing with multiple potential entry points, and ensuring regulatory compliance across jurisdictions.

5G networks pose additional challenge as they are more complex than previous generations of networks, and 5G architecture is comparatively new in the industry, requiring a lot more investment to make the systems secure from external attack. More importantly, there is a lack of uniform security standards for 5G networks across the telecom industry, making it extremely difficult for organizations to implement effective security measures. To address the lack of security standards for 5G networks, the telcos and the industry need to work together to develop and implement uniform security standards.

One cannot rule out human error, which is still one of the primary reasons for enterprise network data breaches. A report by a leading global telecom operator claims that 34 percent of total cyber-attacks were directly or indirectly made by the employees. Insider threats are a significant risk for 5G networks as employees with access to the network can inadvertently or intentionally compromise network security.

5G networks are fundamental to the vision of Digital India as laid out by the Government of India. It is a critical infrastructure to propel us to the next phase of growth. Hence, security of these networks and the services they deliver is critical. Securing 5G networks require new approaches, leveraging the latest security tools and techniques. A step-change is needed to understand the security requirements of the technologies making up 5G networks, and responding to the innovative use-cases that 5G networks will enable across industries.

Leveraging automation and AI have the potential to revolutionize the security landscape. Automating security processes will help improve the accuracy of threat detection and reduce the time it takes to respond to threats. Automation reduces the reliance on manual processes as well, which can be time-consuming and prone to human error. AI and machine learning have the potential to play a vital role in building automated security systems and automatic threat detection. AI also makes it possible to analyze massive quantities of data at a much faster pace to mitigate risks.

Cloud security solutions, which are designed to protect data stored in the cloud from unauthorized access as well as protect against data breaches and other cyber threats, are being developed at a rapid pace. There have been significant investment and collaborations between network equipment vendors and cloud providers to develop robust solutions. At MWC2023, Nokia demonstrated its threat-detection and response functions deployed on Microsoft Azure that enables SOCs to proactively cope and manage cybersecurity threats against 5G networks.

Laying down strong encryption protocols is essential for protecting data transmitted over 5G networks. Multi-factor authentication (MFA) is another security measure enterprise networks need to implement to reduce the risk of insider threats as it requires users to provide more than one form of authentication before they can access the network. Regular security assessments are a must in the dynamic 5G environment to help identify vulnerabilities in 5G networks. These assessments include penetration testing, vulnerability assessments, and social engineering tests, followed by training and awareness programs for employees on cybersecurity best practices.

Pan-India 5G rollout would transform India into a broadband super-highway with immense growth possibilities. To truly realize the transformative benefits of 5G, we need to fortify cybersecurity of networks, and collaborate with industry experts to enable cyber resilience. Speaking at a recent event, Saurabh Gupta, Joint Secretary, National Intelligence Grid, Union Ministry of Home, aptly put it that there is a growing need for a strong public-private partnership to secure the digital infrastructure from cyber threats. Network operators must work together to deal with the threats that could destroy network reliability. The key is to obtain timely intelligence and to mitigate threats quickly.