How Security By Design will help you benefit from 5G in the UK

With the first 5G service due to go live in six UK cities today, we consider how a Security By Design approach to the 5G network will help businesses and consumers alike feel the benefits of this new technology.

5G

EE is switching on its 5G service in London, Cardiff, Edinburgh, Belfast, Birmingham and Manchester today, making it the first 5G network in the UK, with Vodafone expected to launch its service in July. This marks the start of the 5G journey “proper” in the UK with the hype turning into reality.

EE’s launch sees 5G in the UK going from a trials and testbeds phase to one in which consumers can purchase a 5G handset and contract, enjoying increased speed where coverage is provided. However the real benefits of 5G are still to come. They are not predicted to come from giving us all faster smartphones but from improved reliability and reduced lag (technically known as latency) of 5G – which will become part of 5G in the coming years. This will unlock applications in sectors like manufacturing, transport and health care, as part of the ‘Internet of Things’ – delivering benefits such as increased productivity, improved safety and better health outcomes.

To realise the potential socio-economic benefits of 5G, it needs to be widely adopted by “vertical” industry sectors such as those outlined above. A key enabler for this adoption is the reliability, resilience and security of 5G  - indeed it is one of the top three concerns in a recent survey for 5G adoption as evidenced by Amol Phadke from Accenture’s paper: The Disruptive Potential of 5G Technology: Insights from a Global Survey, presented at 5GRealised in April 2019. Through our 5G Security work with manufacturers Bosch and Mazak, as part of the Worcestershire 5G Consortium, QinetiQ has gained practical insight into these security concerns. More importantly we understand how to solve them, to enable the benefits to be realised.

The 5G networks from EE and (shortly) from Vodafone, plus later on from the other UK Mobile Network Operators (MNOs), will evolve into the 5G networks which will unlock the socio-economic benefits which the 5G hype have been touting. The current 5G networks will form the foundations which are built on to realise the future 5G technologies, networks and benefits. They must therefore provide a secure foundation for the future, when resilience and security will be more important due to the criticality of the 5G applications – think machines in factories, driverless cars and remote health care applications. The way to do this is a Security By Design approach, which considers security at the design stage using a risk based approach, rather than as a ‘bolt-on’ later. At QinetiQ we carried out a Security By Design approach with the Worcestershire 5G testbed network, so know it can work for 5G.

Design, however is not enough, and proving the security of the network design through testing is just as important as part of a risk based approach to security. Given the current concerns with the telecoms supply chain, independent testing of 5G network equipment as well as 5G networks themselves is important. There are moves towards independent testing regulated by an independent security inspector – for example by the GSMA. This should deliver independent testing which is transparent and can be trusted by all. QinetiQ have wide ranging security testing capabilities and have tailored these to 5G, demonstrating several of them as part of the Worcestershire 5G project.

Furthermore both consumer and future industry applications, especially ‘Internet of Things’ applications, designed for 5G should be subject to independent test. For industry applications the motivation is the same as for securely designing and testing the 5G network - the criticality of these applications to business and/or safety. For consumer applications – such as SmartPhone Apps –the current motivation for security testing is to find vulnerabilities before hackers do, to prevent them from stealing your data (for example the WhatsApp security flaw reported recently). The future 5G network will be dynamic in nature with the potential for applications to shape the network through technologies such as network slicing – therefore application and network security testing will converge, and application security issues could have a bigger impact on the network. QinetiQ’s Mobile Application Security Testing service offers security testing of SmartPhone Apps, and as part of the Worcestershire 5G project we have extended this to industrial applications, testing an “Internet of Things” device for Bosch.

The launch of 5G commercially in the UK gives the opportunity to build a secure foundation on which to build the socio-economic benefits of 5G such as increased productivity. This secure foundation should start at the design stage with Security By Design of the network, followed by security testing for verification. Applications (both consumer and industry) should be included in testing too, the importance of this will increase as industry adoptS 5G, and the divide between the network and application blurs. QinetiQ has services which cover 5G network Security By Design, network security testing and application testing, and has demonstrated them as part of our participation in the Worcestershire 5G project.

To find out more and discuss how we could enable your organisation to achieve the commercial advantages of a secure 5G solution, contact our 5G Business Development team.