With every advance in communications technology comes a fresh vulnerability that opens the user to cyberattack.

So it goes with 5G, the so-called fifth generation of cellular connectivity, which has been touted as the new gold standard for network speed, bandwidth, availability and reliability.

5G has actually been with us in embryonic form since 2018, although it didn’t start rolling out widely across commercial and consumer mobile networks until 2020, and didn’t become ubiquitous until even more recently than that.

The advantages of 5G are compelling, linking mobile communications with the cloud, internet of things and artificial intelligence, among other innovations. But with its expanded bandwidth and menu of added capabilities, it also provides a new and easy target for cybercriminals.

Aspects of 5G technology present “more of a surface for an attack,” says Chris Gehlen, chief executive officer of Neutroon, provider of a platform for private 5G connectivity and edge computing. 5G increases the number of devices that can be connected, he notes, but the presence of multiple stakeholders in a tech stack “can open the door to more [illegal] access as well.” And its higher data speeds make possible the launching of more sophisticated attacks, such as a distributed denial-of-service (DDoS) incident. Such attacks grew in number in 2022 and 2023.

Gehlen acknowledges that his concerns are more theoretical than actual at this point, given the lack of a massive 5G-based attack across networks to date. But the potential is strong, especially since businesses don’t appear to be taking adequate measures to guard against a serious event. A 2023 report by the Department of Homeland Security found that many companies are “improvising” their approach to mobile network security in the age of 5G. “With the lack of investments in 5G preparation, there are insufficient security measures supporting it and few rules to follow when companies do start the investing process,” DHS said.

For the first time, 5G allows users to mix and match multiple vendors of telecom infrastructure, such as radios and base stations, further increasing the number of potential “threat vectors,” DHS said.

DHS quotes a report from the Cybersecurity & Infrastructure Security Agency (CISA), pointing out that the complexity of 5G networks — “with new features, services, and an anticipated massive increase in the number and types of devices they will serve, coupled with the use of virtualization and disaggregation of the Radio Access Network (RAN) and the 5G Core — expands the threat surface and can make defining the system boundary challenging.”

On the commercial side, Gehlen says, 5G is a boon for businesses looking to create private mobile networks that can link up with a host of cutting-edge applications, such as robots. That’s especially important at a time when companies are striving to automate processes across the supply chain. “In the enterprise world, 5G has the potential to unlock advanced digitization use cases,” he adds.

One way that 5G differs from its generational predecessors is that it’s more software-based in design and execution, providing greater flexibility, scalability and customization options for network users. “Instead of having a physical cabinet located at the base of each cell tower filled with proprietary hardware, operators can have many network functions virtualized, occurring in software throughout their networks,” CISA said.

While this “virtualization” carries with it many advantages, the existence of multiple open application programming interfaces (APIs) is “also potentially risky,” Gehlen says. “What was previously just one solution is now a composition of different microservices, each potentially becoming the source of an attack.”

In the end, Gehlen believes, the advantages of 5G outweigh the security disadvantages. But users need to step up and become more vigilant about how they operate their speedy new networks. Step one, he says, is finding a consultant or specialized vendor that can guide them through the process.

Step two is to avoid the organizational silos that bedevil so many large supply chains. Gehlen says it’s crucial to centralize management of the infrastructure and devices that are part of it. Multinational companies “need to find a way of bringing everything into one place, and assign the right workflow and cybersecurity.” 

At the same time, all employees in the network must be educated about basic security practices. Thieves can use the SIM card from a stolen smartphone to gain entry to an entire network. A similar breach can occur if a worker falls prey to a phishing scheme through a personal phone with access to the network. 

A truly secure 5G network — to the extent such a thing is possible — requires a cooperative effort well beyond the reach of individual companies. DHS calls for coordination among commercial markets, the Department of Defense and other government agencies, including the Department of State and U.S. Agency for International Development.

“A concerted effort to bring these three streams together in a more cohesive way is essential to achieve long-term global market resiliency,” DHS said.