The emergence of Industrial 5G technology stands as a pivotal factor for the evolution towards Industry 4.0 and 5.0. Organized by WILCO in collaboration with its partner Cisco, a recent roundtable titled “Une révolution en marche: la 5G Industrielle” (A Revolution Underway: Industrial 5G) provided a platform to explore the transformative potential of 5G in the industrial sector. This event featured nine experts who brought diverse perspectives ranging from market specialists like Philippe Herbert, President of the 5G Mission, to engaged corporate voices from Cisco and Alcatel Submarine Networks Marine, and forward-thinking entrepreneurs and investors from various industry-focused firms. Including our CTO, Ronan Mouchoux, to talk about cyber risks and cybercrime related to 5G Technologies.
The discussion centered on how 5G can enhance real-time digital flow management, increase process flexibility, and improve environmental data handling, marking a significant advantage for businesses. With over 14,223 operational 5G antennas boosting France coverage, particularly targeting rural and industrial zones to ensure territorial balance, French industries are poised to achieve increased efficiency and economic performance. This gathering not only highlighted key insights but also addressed critical cybersecurity challenges and strategies, as explored in a detailed exchange between Guillaume Poultorak from WILCO Industry and Ronan Mouchoux’s expert perspective.
Guillaume Poultorak (WILCO): Ronan, you are well-versed in this topic, having co-founded XRator, which provides a platform for assessing attack surfaces based on business risks. A study published by Economist Impact (in partnership with NTT) reveals that more than half of global companies plan to deploy 5G networks within the next 6 to 24 months. We wonder about the cyberattack risk level. Could you discuss this with concrete examples?
Ronan Mouchoux (XRATOR): Certainly, Guillaume. 5G technology essentially functions as a new “pipe” of connectivity, much like ADSL or fiber optics. This increases accessibility and consequently, the potential attack surface for cybercriminals. In such a communication ecosystem, we consistently see three main components: connected fleets, fleet managers, and connectivity equipment.
With 5G, we can connect many more devices, expanding the attack surface. Each new connected IoT device represents a potential entry point for attacks or a host for malware. For example, the 2016 Mirai botnet compromised thousands of IoT devices using default manufacturer passwords to launch massive denial-of-service attacks, disrupting major web services like OVH with traffic reaching 1 Tbit/s.
These devices, whether they are data collectors or actuators receiving commands and sending telemetry, are linked to one or more management equipment, such as SCADA systems in the industrial world. A landmark case of cyber sabotage, the Stuxnet malware, targeted air-gapped SCADA systems between 2005 and 2010, damaging centrifuges at an Iranian nuclear facility and disrupting the country’s nuclear program.
Even telecom network equipment and protocols can become targets due to inadequate research and monitoring. For instance, the Regin malware infiltrated global telecom networks, including Belgacom, from 2003 to 2012. These examples, attributed to state-backed efforts, highlight the range of possible cyber threats.
Regardless of the type—telecom, IT, or industrial—these systems all share common elements: hardware, software, data, communication protocols, and human interaction. For skilled cyber adversaries, the type of system doesn’t significantly alter their approach.
The American organization MITRE, known for its threat matrices, published a 5G threat matrix – MITRE Fight ™ – in 2022 identifying 103 offensive tactics, from initial reconnaissance to persistent malware and security bypass to data exfiltration. This is actually good news as it means we defenders already have a framework to identify and protect against these vulnerabilities and attack patterns.
GP: With the increased use of the cloud, the rise of remote work, and the growth of industrial IoT, organizations have less control over their systems. Does 5G necessitate new defense strategies for industry? For example, the “Zero Trust” concept is popular in the USA. What’s France’s stance on this?
RM: “A secure system does only what it is designed to do,” as Saltzer and Schroeder, computer scientists from the 1970s, stated. We can’t directly translate IT security techniques to the industrial realm; new paradigms might need to be created or strengthened, such as the attack immunity concept or secure by design.
Changes in production lines, raw materials supply, equipment, or personnel in industry always undergo risk analysis and the implementation of organizational or technical measures to mitigate these risks. The same method applies here, just on a new topic: connecting industrial devices. On the vulnerable surface, if a cybersecurity risk is too great or the response from a provider is slow, tedious, or absent, switching suppliers is akin to managing third-party or vendor risks.
Security criteria differ between IT and operational technology (OT). IT prioritizes data and equipment integrity and confidentiality, whereas OT emphasizes the availability of data and equipment. Zero Trust, the current cybersecurity paradigm, deepens the defense-in-depth concept by verifying every access attempt, regardless of its origin within or outside the network. Although Zero Trust adoption in OT is still in its early stages, this approach is likely among the most compatible with industrial environments.
GP: Are there specific technological responses to 5G for protection, such as redundancy, network slicing, or millimeter wave bands?
RM: Yes, but it’s crucial to understand that these primarily concern the security of the “pipe” itself and data during transmission. Protection in Telecom historically centers around encryption, and in 5G, it’s end-to-end. This helps prevent attacks like the aLTEr attacks on 4G networks that could theoretically reroute data streams, intercept mobile communications, or geolocate users.
Another key feature is network slicing, which creates multiple independent virtual networks within a single physical infrastructure. This network compartmentalization means if one slice is compromised, it’s harder for the breach to spread to another. Network slicing also enhances service quality by allowing flexible resource allocation for specific uses, such as low latency or high transmission integrity.
However, 5G remains a radio wave and can be jammed as before. Without altering the laws of physics, there’s little we can do about this. Connected equipment will also have SIM cards, which can be cloned.
Often, it’s not the communication protocol’s security that’s the issue, but the surrounding ecosystem.
GP: Does the current and foreseeable geopolitical context increase the threat, suggesting new defense strategies?
RM: Paraphrasing Niccolò Machiavelli, “In wartime, you are plundered by your mercenaries; in peacetime, by your spies.” In terms of cyber, especially with clandestine state actions, the volume is increasing but the global volume is bound to the offensive workforce. Period. The numbers of attacks is bound to criminal and clandestine human ressources, and their level of automation. Like in any traditionnal activity. What changes based on the geopolitical climate is the distribution of these actions.
During social crises like COVID-19 or in peacetime, decision-makers need information, so cyber espionage predominates, discreetly with minimal disruption to the victims. When war plans are being drawn, efforts might shift towards state-organized cybercrime, as seen with North Korea. In wartime, sabotage takes precedence.
Communication is crucial in times of tension and even more so in war. The concept of “Command & Control”, the ability to exert authority and direction over armed forces, becomes vital. The first cyber war took place during the American Civil War, where specialized cavalry units spied on or sabotaged telegraph cables. During Russia’s 2014 Crimea invasion, key targets for control included city halls and telecom stations.
Lastly, never overlook indirect threat channels. Authoritarian regimes are adept at mobilizing “every citizen as a soldier,” using nationals or foreigners as proxy forces to increase the volume and angle of attack vectors, technologically, socially, and ideologically.
Cyberspace is merely a platform for human-machine communication and control. If geopolitics impacts our societies and increases the threat level, it mechanically escalates cyber threats.