How 6G can help deal with cyberattacks

To realise the vision of 6G, researchers are developing novel approaches to spectrum regulation, antennas, machine learning (ML), artificial intelligence (AI), and digital twins — all of which will require robust cybersecurity elements to enable their widespread adoption by industry, academia, and consumers.

According to a report by Accenture, cyberattacks targeting companies grew 31% from 2020 to 2021. Organisations that have seen successful breaches through their supply chains increased from 44% to 61% over the period, demonstrating that the threat of third-party risks has become an increasingly worrying reality.

This scenario is likely to become more common as countries deploy 5G worldwide. 5G is the first technology to enable critical applications, and services like ultra-reliable low latencies or machine-to-machine communications.

5G marks the beginning of a revolution in network security design. 6G will continue the network cybersecurity enhancement efforts begun with 5G.

While 6G technology is still being defined by international standards bodies, research into ways to enhance cybersecurity in 6G has quickly become a priority, including research investigating ways to optimise cybersecurity in the Internet of Things (IoT), user data security, and ways to better leverage ML and AI to train cybersecurity systems and algorithms.

The IoT and the attack surface

Each network simultaneously supports a different number of connected devices within a given area. For example, the 4G network can connect up to 2,000 devices per square kilometre (0.38 square miles). This figure increases to one million connected devices in the same range with 5G and increases again with 6G expected to accommodate up to 10 million IoT devices in the same area. These devices represent the ‘attack surface’, or the possible points, known as attack vectors, that unauthorised users can access to extract data.

Every increase in connected devices has a corresponding increase in exposure to cybersecurity risk events. Beyond phones, devices under threat include healthcare equipment, industrial machines, and computers. In addition to connected devices, this attack surface also includes the network infrastructure itself.

As we move towards 5G and eventually 6G-powered networks, we are talking about billions of IoT machines. There will be the radio access network which connects users to the cloud, the core network, and a multi-vendor environment. It is critical to make sure that all components of the network infrastructure are reliable and secure against cyberattacks to support critical services.

As we move closer toward 6G technology, the concept of ‘cybersecurity by design’ is taking hold as a potential and promising answer to securing the growing attack surface. Underpinning the concept of cybersecurity by design is a paradigm shift away from reactionarily developing solutions for security threats, and instead being proactive and ensuring that cybersecurity is baked into 6G-capable items from the start. While this concept is still new, the cybersecurity-by-design mindset is one that companies should embrace as part of a larger action plan to prevent and manage cyberthreats.

Sometimes, the first time a security team sees a security incident is when it happens live, and that is a big issue. For device manufacturers, employing a solution like a threat simulator in that live environment gives customers the ability to run real-life scenarios with real-life malware, but in a safe environment.

Emulation is quickly becoming a critical element of cybersecurity planning. The ability to replicate risk events digitally enables security teams to identify and correct security gaps and misconfigurations, but also to put their cybersecurity strategies into practice in a realistic virtual environment. This ensures that security teams have experience recognising a wider range of security breaches and are able to identify threats so they can quickly take corrective actions when the threats present themselves in real life.

6G cybersecurity eliminates outdated approaches to securing user data

6G cybersecurity systems do away with once-ubiquitous security tactics. Passwords are definitely going away. The cyber environment will be certificate-based and encrypted. This means that 6G cybersecurity systems will verify whether users are authorised to access a given software, for instance.

6G will also benefit from novel security approaches. With microsegmentation, for example, systems will be able to isolate communications and create a virtual ‘bubble’ to increase security. These new approaches to cybersecurity solutions will enable the robust zero-trust network architecture required for the planned 6G cybersecurity infrastructure.

Zero-trust architecture assumes that no entity is implicitly safe — that the network cannot trust anyone unless they have the appropriate credentials. This architecture promises to make communication and data access points far more difficult to breach. You are not protecting just the service, but also the users’ data or a business’ critical trade secrets. With zero-trust, microsegmentation, and tight security controls combined, you can really protect your data.

Data goes far beyond the daily web browsing and financial data that is most thought of in the context of cybersecurity and privacy. The past five years have seen an explosion in the number of connected devices across verticals and sectors where cybersecurity plays a life-and-death role.

The internet of medical things (IoMT), for example, helps care teams to deliver more tailored care and is improving medical care and patient outcomes. This data is equally valuable to criminals who would hold this sensitive data hostage and release it for a price. Keysight Technologies’ 2021 Security Report suggested a dramatic increase in the deployment of ransomware attacks in 2020, with healthcare being the most attractive target for cyberattacks.

The deployment of 5G has improved cybersecurity but the exponential increase in devices and data that 6G promises will require robust real-time cybersecurity responses. Researchers at Keysight are investigating new cybersecurity testing techniques that leverage digital twin technology to flag potential threats and take corrective measures in real time. This process takes weeks under today’s 5G network, but 6G is anticipated to cut this to a few hours, resulting in a more resilient cybersecurity infrastructure for device users and manufacturers.

6G cybersecurity will be more complex with ML and AI

ML and AI are critical components of 6G — and vital to training cybersecurity systems and algorithms. They also offer additional layers of complexity that create more robust cybersecurity systems. However, as AI becomes more pervasive, so too do the number of bad actors with the skills and incentive to exploit the technology for nefarious purposes. Conquering the vulnerabilities within AI and ML training algorithms is critical to building a resilient, scalable, and secure 6G-powered future.

Cyberattacks can manipulate ML models during training or testing times, and will undermine the AI’s predictions. Just as worrying, these attacks can reverse-engineer the algorithm to extract proprietary information.

A second threat that researchers must account for is the creation of models built for nefarious purposes — either to commit cybercrimes or within a military or law enforcement context. An AI algorithm’s quality is determined by its reliability, accuracy, and consistency. Tactics that undermine any of these have cascading repercussions for any future developments that rely on AI. Thus, accelerating innovation across the spectrum of emerging technologies is dependent on ensuring that AI algorithms are trained to identify and block adversarial events.

For 6G cybersecurity, the long-term goal is an autonomous, self-preserving network that can respond independently to potential threats without causing disruption to normal use. While these cyber-resilient networks are still on the horizon, researchers are investigating adversarial ML approaches to train models to identify probable threats and determine an appropriate correlating response. This is a core responsibility of AI in the planned 6G cybersecurity architecture.

Google conducted experiments demonstrating real-world applications for adversarial ML. Their published findings demonstrated that by presenting intentionally manipulated examples to ML networks, the system could be trained to identify and mitigate incoming attacks that force the system to misclassify information.

Prepare today for a more secure, 6G enabled tomorrow

New technologies always bring new threats to light, which must be addressed alongside existing threats that accompany current technologies. The research focused on preventing cybercrimes particularly emphasises the development of 6G cybersecurity solutions that will scale and combat threats inherent in the growing multi-vendor marketplace. Already, 6G cybersecurity research is creating a paradigm shift in how we think about securing digital data today.