Primer:
Stuart Madnick, who’s been professor of information technology at the Massachusetts Institute of Technology since 1972, tells Inverse that the FCC and ISPs are casting a double-edged sword in their rush to implement 5G.
“It’s like going from fireworks to dynamite sticks,” Madnick says. “5G encourages further evolution and expansion of Internet of Things related networks. All of the good news and bad news that comes along with this technology gets magnified.”
He’s especially concerned about the risk of denial of service attacks — or DDoS for short — becoming more powerful than ever before. One of the advertised benefits of 5G is that it will allow even more IoT devices, like refrigerators or light bulbs, to come online. This would allow users to remotely check the contents of their fridge or dim their bedroom lights using their phones, but these devices can also be harnessed for nefarious purposes.
One of the most notorious DDoS incidents in history — the 2016 Dyn cyberattack — was facilitated by unsecured IoT devices, like security cameras, printers, and baby monitors. Hacker groups Anonymous and New World Hackers allegedly took control of thousand of electronics that still had their default passwords to amass an army of zombie devices, known as a botnet.
This network was used to overwhelm the servers of internet performance management company, Dyn. Websites like Twitter, SoundCloud, Spotify, and Shopify were inaccessible for a day. Madnick believes this could happen again, to a degree that hasn’t even been imagined yet. Perhaps the biggest sites on the web will go down for days, including online blanks, or worse, the internet that controls a public utility like electricity. Perhaps the biggest sites on the web will go down for days, including online blanks, or worse, the internet that controls a public utility like electricity.
*** Related reading: Lessons Learned from WannaCry attack
Ex-security minister Admiral Lord West calls for urgent government action after Chinese firms are banned in Australia and the US.
Security threats from Chinese companies building 5G networks could end up “putting all of us at risk” if they are not tackled quickly, according to a former security minister.
Speaking to Sky News, Admiral Lord West, a former First Sea Lord who served under Gordon Brown as a security minister, urged the government to set up a unit reporting directly to the prime minister to monitor the risk posed by Chinese equipment in 5G.
5G has been hailed as the next great leap for mobile communications, enabling everything from smart cities to hologram calls.
However, the best 5G technology comes from Chinese companies, raising the fear that China’s government could have ground-level access to – even control of – the UK’s critical data infrastructure.
“We’ve got to see there’s a risk,” Lord West said. “Yes, we want 5G, but for goodness sake we need to do all of these things to make sure it’s not putting all of us at risk.”
In April, the United States banned Chinese multinationals Huawei and ZTE – both specialists in 5G – from selling equipment to the federal government.
In August, the Australian government banned the same two firms from supplying technology for its 5G network, a decision foreign minister Marise Payne described as necessary for “the protection of Australia’s national security”.
In a statement, Huawei called the decision “politically motivated, not the result of a fact-based, transparent, or equitable decision-making process,” adding that “there is no fundamental difference between 5G and 4G network architecture… 5G has stronger guarantees around privacy and security protection than 3G and 4G”.
Robert Hannigan, former director of GCHQ, told Sky News an outright ban in the UK would not make 5G safe.
“The best companies in 5G are probably the Chinese ones and there aren’t many alternatives,” he said, before warning that new measures were needed to test the security of the network.
“We do need to find a way of scrutinising what is being installed in our network, and how it is being overseen and how it is being controlled and how it’s being upgraded in the future. And we have to find a more effective way of doing that at scale.”
In April, GCHQ’s National Cyber Security Centre warned ZTE could pose a national security risk to the UK.
Two months later, the UK’s Huawei Cyber Security Evaluation Centre, a group set up by the government to monitor the Chinese firm, announced that it had “only limited assurance” that Huawei posed no threat to national security
“It was a bit of a warning to Huawei,” said Mr Hannigan. “They needed to get better at cooperating and take this more seriously.”
The difficulty for the Huawei Cyber Security Evaluation Centre is knowing for certain that the code it vets and approves is the same code that is going into networks.
“That’s been a persistent problem,” said Mr Hannigan. “That needs more work.”
The government has put £200m into the development of 5G. Last month, the first 5G pilot centre launched in the West Midlands, testing the technology before a national roll-out.
BT, which uses Huawei to supply parts for its network, told Sky News that it would “apply the same stringent security measures and controls to 5G when we start to roll it out, in line with continued guidance from government”.