Share This:

5G IoTInternet of Things (IoT) security has been a hot topic among cybersecurity professionals for some time now. However, cybersecurity is a moving target. Once someone figures out and secures a vulnerability, cybercriminals quickly move on or change their approach. One example of this is 5G, which is accelerating the adoption of IoT devices and forcing cybercriminals – and cybersecurity specialists – to adapt to the changes they bring.

According to IoT Analytics, as of 2024, there are 25.6 million 5G IoT connections worldwide. IoT Analytics forecasts the number of 5G IoT connections will grow at a CAGR of 59 percent from 2024 to 2030, reaching over 800 million connections. In comparison, analysts expect the overall cellular IoT market to grow at a CAGR of 15 percent during the same period.

Integration poses security challenges

This explosive 5G IoT growth comes with many security implications. To gain more insight, SmarterMSP.com caught up with Cybersecurity Solutions Architect, Jeremy Manual, to discuss 5G and IoT.

“Low-latency 5G networks are expanding globally, and they bring transformative potential to a large swath of industries, enabling faster and reliable connections to a vast array of IoT devices,” Manual explains, adding that if you look at projects such as smart cities, healthcare systems, or even industrial automation, the fusion between 5G and IoT is driving innovation and efficiency. But this integration also poses new security challenges.

“With the distributed nature of 5G networks, the continuous rise of private 5G, and the massive quantity of IoT devices being deployed – the need for comprehensive security has never been greater,” Manual says.

The 5G-enabled IoT ecosystem comes with an expanded attack surface, edge computing risks, and almost always legacy systems and driver supply chains, Manual says. “Unlike previous generations, 5G networks are designed to handle an extremely large number of devices. Even if the network core may be locked down, these distributed points can still become targets if they are not properly secured.”

Edge computing

According to Manual, many edge devices lack the security controls that are common in centralized data centers. This exposes them to threats because of their distributed nature. “Edge computing plays a pivotal role in processing the data closer to where it is generated, which helps to reduce latency and increase performance,” he says.

Legacy systems and diverse supply chains

Manual also points out that IoT devices, especially those used in OT environments, run on outdated operating systems. “These legacy devices often lack modern security controls, making them vulnerable to known attacks that are readily available,” he says. He goes on to explain that the whole IoT ecosystem has been somewhat of a “wild west” in terms of vendors, products, and security standards. With the rise of new vendors creating new devices all the time, enforcing uniform protection is even more difficult.

Securing the 5G RAN and the Core

Manual explains that the 5G Radio Access Network (RAN) facilitates connectivity between devices and the core network. He notes that this “distributed architecture” can also present security challenges.

“Unlike a centralized system, the 5G RAN uses a mix of edge devices and cells, increasing the number of potential attack vectors. Network providers must ensure that they are using modern encryption between devices and the RAN, as well as confirming device identities,” Manual recommends, adding that adopting a zero-trust model for securing the RAN tends to be an effective strategy.

Manual also emphasizes that the 5G Core is fundamentally different and built on cloud-native principles. “It leverages SDN (software-defined networking) and network virtualization for greater flexibility. This introduces new risks such as in the APIs that connect the network functions.” He then adds that securing the core requires effective network slicing, micro-segmentation, and visibility.

Opportunity for MSPs

Manual explains that MSPs managing private 5G deployments have a unique security challenge, but also an opportunity. They can enforce security measures at every layer, from the Radio Access Network to the 5G Core, and provide end-to-end encryption, monitoring, and device authentication. “This allows MSPs to create micro-segmented isolated network slices that limit exposure to external threats and offer flexibility and granular security,” he says.

Here are several actions MSPs can take to enhance the security of 5G IoT networks and devices:

  • Implement zero-trust architecture. The zero-trust model is critical in the IoT and 5G Landscape. “NIST 181-207 would be a valuable framework to follow to ensure that every device or user is continuously authenticated and monitored,” notes Manual.
  • Prioritize regular updates and patching. Keeping IoT devices up to date is essential to mitigate known vulnerabilities. “With those that can’t be patched and may be mission critical, consider heavy micro-segmentation or air-gapping of these systems,” states Manual.
  • Consider enterprise-grade network security at the edge and core networks. Organizations should secure their core networks with a next-generation network security device that can identify malware, Distributed Denial of Service (DDoS) attacks, and bot attacks.
  • Enhance monitoring of network traffic and utilize AI-based threat detection. Continuous monitoring of the network traffic and device behavior can help detect anomalies such as C2 traffic. “Organizations can analyze patterns and identify potential threats before they escalate. Having a well-deployed network detection and response tool can detect suspicious activities and can respond in real-time,” advises Manual.

Navigating the security landscape of 5G and IoT

The intersection of 5G and IoT presents both remarkable opportunities and significant security challenges for organizations across various sectors. The number of 5G IoT connections continues to soar. With this, so does the complexity of securing these devices against evolving cyber threats. Organizations can better protect their networks and sensitive data from potential exploits by embracing comprehensive security measures. These include adopting a zero-trust architecture, implementing regular updates, and ensuring proactive monitoring.

Photo: PeopleImages.com – Yuri A  / Shutterstock


Share This:
Kevin Williams

Posted by Kevin Williams

Kevin Williams is a journalist based in Ohio. Williams has written for a variety of publications including the Washington Post, New York Times, USA Today, Wall Street Journal, National Geographic and others. He first wrote about the online world in its nascent stages for the now defunct “Online Access” Magazine in the mid-90s.

All Posts

Leave a reply

Your email address will not be published. Required fields are marked *