A Blog about the Internet of Things | Softeq

Three Examples of Where 5G Supply Chain Security Can Go Wrong and How to Avoid This

Written by Alex Makarevich | Mar 30, 2023 7:55:13 AM

Supply chain cybersecurity attacks are the most notorious. They cost companies and their suppliers millions of dollars and tarnish the victims’ reputations for years. This is what happened to the retail giant Target. In 2013, hackers stole customer records and their credit card details. Target had to pay an $18.5 million settlement and spend even more to restore its position in the market.

This didn’t happen because Target didn’t care about its supply chain security. In fact, they had invested a lot of money into state-of-the-art security software. However, there was still a tiny vulnerability. The retailer didn’t segregate their internal network from a portal for third-party vendors. Criminals obtained credentials from an inattentive vendor. Then, they entered the portal and jumped into the retailer’s internal system.

Right now, everyone is talking about the further adoption of 5G. But will 5G protect supply chains from cyber attacks like the one Target experienced? Industry experts believe it may do quite the opposite. 94% expect security challenges to rise.

In this blog post, we’ll discuss the roots of these fears. We’ll describe three 5G use cases that create real cyber threats that can affect any company in a supply chain. At the end, we’ll provide possible security solutions for 5G supply chain security based on the zero trust security model.

What Is Supply Chain Security in the Age of 5G?

Supply chain cybersecurity is an area in supply chain management that aims to prevent and mitigate cyber attacks. Here are the things hackers usually target:

  • Third-party suppliers. This is what happened to Target. You might take cybersecurity very seriously, but do all of your suppliers? Any overlooked error or omission in your suppliers’ security can harm you if your systems are not properly separated.
  • Hardware pieces. These include anything from drones and robots to QR scanners. Any of these insecure devices can become an easy target for a malware virus, unauthorized access, or another type of attack. Once infected, that one piece of hardware can bring down the whole system.
  • Communication channels. Data in motion is another popular target. Hackers try to get access to this information using malware, DoS attacks, and man-in-the-middle attacks.

To handle these risks, a company needs a solid cybersecurity strategy. The strategy depends on the type of connectivity technology used.

Cybersecurity in action: check out how we protected an Uber-like platform for logistics companies in Texas.

With the pre-5G connectivity protocols, we deal with a centralized network architecture. Let’s check out what that means in practical terms with 4G.

4G relies on large physical base stations (for example, an eNodeB). Devices connect to the core network via the closest base station. It implies the following characteristics:

  • A distinct physical perimeter. An eNodeB covers a certain geographic area and connects all devices within the territory to the network.
  • Monolithic type. Inside, applications and services run on top of the network and share common resources.
  • Integrated functions. The base station fulfills all the network functions. It includes user authentication, data transmission, and so on.

The main security risks, as well as security tools, stem from these characteristics. If we want to avoid risks, we need to prevent something dangerous from entering the network. At the same time, it’s hard to segregate applications inside the perimeter. This is why we have the hard shell and soft core cybersecurity model. This model means that the network is strictly controlled (a hard shell), but control within it is loose (a soft core).

The architecture determines the choice of tools. Pre-5G security is ensured by firewalls, tokens, cryptographic protocols, and so on. Such tools create a hard shell around the system and prevent illegal access to it.

5G is different. Its architecture isn’t physical, monolithic, or centralized. So, what is it? Let’s zoom in on 5G in more detail.

  • 5G is not physical; it’s virtualized. One of the distinct features of 5G is network functions virtualization (NFV). This technology allows a company to create a virtual copy of a function on the basis of any equipment. Let’s say you want to install a firewall. With 5G and NFV, you no longer need to invest in specialized hardware. Instead, you create a virtualized firewall on top of whatever devices you have.
  • 5G is not monolithic; it’s divided into network slices. Each network slice represents an isolated network with its own requirements. This means a supply chain can create dozens of separate networks on the basis of 5G. Every slice, or “network”, has the resources it needs and doesn’t share them with others.
  • 5G is not centralized; it’s distributed. 5G architecture doesn’t rely on a base station. Instead, the connectivity operates via user plane functions (UPFs). A UPF accomplishes data forwarding. Such virtual functions are distributed all over the network and communicate with each other. One function always knows where the nearest UPS is and sends data there. For a user, this means quick data transmission and low latency.

What does the 5G architecture mean for supply chain cyber security?

On the one hand, these characteristics protect 5G against risks typical of the other connectivity protocols. A 5G-based network is more software-based. That means that it can be more easily monitored and managed and is less prone to physical tampering. What’s more, every slice can be equipped with extra security tools.

But 5G architecture brings about new risks that require more advanced security tools. These risks include the following:

  • The number of connected devices is growing, so 5G has more targets for hackers, i.e., a larger attack surface. Each connected device can be compromised and infect the whole network.
  • More functions become virtualized. When they were physical entities, it was enough to protect them from tampering. Now, they also become exposed to cyberattacks.
  • A 5G network still communicates with 4G, 2G/3G, unlicensed wireless, and other networks. Each has a very different security design, and it’s often weaker than 5G. Once a 5G network communicates with a less protected network, it can become under attack.

Now, let’s check out an example of how these threats come about. Imagine a huge warehouse called X somewhere in East Texas. Its managers want to guarantee zero product loss and full tracking for suppliers and customers. To do this, they need more location sensors, video surveillance, and robots, so they’re switching to private 5G.

This changes the X warehouse’s network architecture. Now they have network slices for sensors, CCTV, and robots. They can add extra security tools to each slice. However, this doesn’t mean the warehouse’s system can’t be attacked.

Let’s see what can go wrong.

Use Case 1: Ensuring That Equipment Operates 24/7 

With 5G, the X warehouse has more capacity and bandwidth, so they’ve bought more devices. The warehouse now has 100 robots, dozens of CCTV cameras, and thousands of sensors. Every group has its own segregated network slice. That means that each of them has dedicated resources to operate well.

To ensure smooth operation, the X warehouse decides to put measures in place that will ensure that system overload is avoided. They want to reduce latencies, no matter how many more devices the warehouse connects in the future. So, they establish load balancers, which optimize traffic between the network slices. Before 5G, they would have had to buy hardware load balancers. Now, they create virtual versions.

This is a cheap and reliable way to reduce latencies. However, from a security perspective, a virtualized load balancer, like a virtualized copy of anything else, poses a risk.

Potential Supply Chain Security Threats

With 5G, the attack surface widens. Now, every slice and virtual function become targets. If they are not properly segregated, an attack on one element can damage the whole system.

A successful attack on any part of a new virtual load balancer can paralyze its work. And that’s not all. If an infected part continues to communicate with the rest of the system, it can bring down the whole network.

Use Case 2: Real-Time Parcel Tracking 

The X warehouse wanted to make each parcel’s journey visible to customers from the moment it left the warehouse. To do this, they equipped their robots with QR-scanning terminals. Now, a robot scans a QR code on a parcel and the information goes into a database from which it can be easily retrieved at any moment. 5G enables hundreds of robots to scan tens of thousands of parcels.

Now, everyone within the supply chain can track the status of the parcel in real time. It’s also easier to track it in the warehouse itself. As a result, the company is approaching zero undelivered parcels and same-day delivery.

But what about security?

Possible Supply Chain Security Threats

Like with virtualization, the biggest 5G strength—supporting more devices—is also its main challenge. Many of these devices are not secure by design. In most cases, it’s a trade-off made by vendors: they’re limited by the not-so-great computing and battery capacities of their devices. A vulnerable device is a soft target for hackers. Once a cyberattack happens, it impacts the overall network security.

QR terminals are usually very simple and lack effective security tools. This helps a hacker attack the system. For example, they can trick the terminal into downloading an infected program. After that, malware takes control of the terminal—and the robot too. Now, hackers can access mission-critical applications and services.

Use Case 3: Non-Stop Communication Between Suppliers

The warehouse doesn’t exist separately from the other companies in the supply chain. X communicates with delivery services and other suppliers. This communication helps keep the customer aware of the status of their order.

The X warehouse has put 5G and strong security tools in place to protect their network. However, other companies have a different approach to security. They use 3G and 4G with less advanced protocols. What’s more, some of them haven’t yet implemented strong security tools. 

What can go wrong in this use case?

Possible Supply Chain Security Threats

Negligence on the part of one supplier may affect the other partners. Attackers can find this weak link in the supply chain and exploit the vulnerability.

For example, imagine there’s a sorting center in the supply chain that still uses 3G. They haven’t updated their security practices in years. The hackers obtain their access credentials to the supply chain system—a database with QR codes. After they have accessed this, the hackers infect the whole supply chain, including the X warehouse’s network.

Newsletter
 

How to Ensure 5G Supply Chain Cybersecurity

Earlier, we mentioned that deploying 5G upgrades security policies. The software-based nature of 5G makes the physical perimeter disappear. Operators have to treat internal threats as seriously as external risks, so the hard shell and soft core doesn’t apply here. 

That’s why the new zero trust architecture (ZTA) model comes into the spotlight. ZTA treats every element as a potential target. If every element is threatened, then every element needs protection. No matter if it’s a third-party device, a physical endpoint, or a layer—nothing and no one can be trusted and everything should be verified.

We’ve prepared some recommendations to help you improve your 5G supply chain security risk management based on the ZTA security approach.

1. Use Trusted Hardware

IoT devices are often insecure by design. 5G has introduced many new connected devices, like terminals, headsets, glasses, and more. These may have even poorer security features and make for easy targets.

We recommend buying IoT devices with an integrated hardware root of trust. This is typically burnt into gadgets during the manufacturing stage. The root of trust ensures that only trusted nodes enter the network.

2. Put Authentication Mechanisms in Place

A root of trust isn’t sufficient for an IoT device to connect to a 5G network and its network slices. Supply chains need other authentication mechanisms for devices at the network entry level and within it. The most efficient mechanisms so far include the following:

  • Multi-factor authentication (MFA). 5G is based on slices, each with its own layers. Any endpoint should pass each layer with a separate authentication procedure. The process repeats itself over and over again inside the network.
  • Encryption. Generally speaking, 5G boasts stronger encryption than previous technologies. For example, it uses advanced cryptographic algorithms with 256 bits (unlike 4G, which uses 128 bits). Also, with 5G, users can encrypt an individual device, data set, or traffic flow. If a hacker attacks one part, the others remain protected.
  • Access control. This method grants access to authorized users only. 

3. Automate Traffic Monitoring

Further 5G deployment will lead to growing traffic volumes. Companies can no longer rely on humans to supervise it all. So, they can switch to automated and virtualized security controls. Businesses can also add machine learning and other forms of AI for more intelligent threat detection. This technology can replace humans and improve risk mitigation.

4. Ensure Continuous Logging and Filtering

Logging and filtering mechanisms would check the environment and changes within it. For example, such a mechanism may provide a detailed report or a high-level dashboard view. It will track trust status, network flows inside the system, and so on.

5. Deploy Isolation and Segmentation Best Practices

The detection of anomalous behavior can trigger various actions, including the following:

  • Terminating access credentials
  • Isolating a network slice that’s under attack
  • Restributing functions (when attacked, compromised services will be switched off and their functions will be re-distributed among other applications)

First, the mechanisms help the network to continue working even in the event of an attack. Second, they make sure that it won’t spread and take down the entire network.

The Bottom Line

5G presents many new opportunities for supply chains and upgrades user experience. Unfortunately, new opportunities come with new risks. 5G unlocks extra vulnerabilities that hackers can exploit to damage the whole supply chain. It’s essential to consider all the possible risks before switching to 5G.

If you want to secure your supply chain in the 5G era, contact Softeq.