Manufacturers who commit to digitizing and automating their factory floors will find that adopting 5G wireless technology improves speed and reliability while providing greater cybersecurity.
Yet new technologies mean new challenges. Bringing 5G interconnectivity into industrial environments creates some cybersecurity vulnerabilities even as it reduces others. So, it’s important for manufacturers to understand how to secure 5G networks and devices.
“The ability of 5G to connect a myriad and multitude of devices means each of those devices is potentially a weak link,” warned Michael Tanji, director of cybersecurity for MxD, the National Center for Cybersecurity in Manufacturing as designated by the U.S. Department of Defense. “There are numerous such points of vulnerability within a 5G system. For example, an unpatched sensor or a misconfigured camera could be a stepping stone for an attacker to get into your core network.”
This should not be seen as discouraging, experts say, because 5G is vital to the future of manufacturing in the United States. The high speed and low latency of 5G — and its abilities to connect to a wide variety of technology and devices — position factories to employ real-time automation and robotics. “A 5G network provides insights into the physical plant that can support things like predictive maintenance, long-term flexibility, and scalability for the future,” Tanji said.
But like all business investments, 5G needs to be managed correctly. In this Q&A, Tanji explains how to secure 5G networks and devices. (Answers have been edited for space.)
Describe how 5G introduces cyber vulnerabilities that can be exploited by bad actors.
MT: Primary among the risks is the increased attack surface 5G creates. There are more entry points for malicious actors to exploit. Unlike older cellular networks that relied on dedicated hardware, 5G is more reliant on software. This introduces the kinds of vulnerabilities we see in software, like coding errors or misconfigurations. Also, 5G enables edge computing, where data is processed closer to where it is generated, rather than in a centralized cloud. This approach makes edge devices potential targets, and they almost certainly do not have the same level of security as a server or cloud.
Can you give some specific scenarios or examples of what can go wrong?
MT: The vulnerabilities exist in multiple layers: in the devices themselves (the hardware and the software), in the network infrastructure, and in the data and applications running on top of them. Probably the most catastrophic problem would be a supply chain attack. A malicious actor could compromise the software installed on smart sensors or other devices before they are shipped to customers. The attacker is aware the device is in use once you’ve installed it, giving them unauthorized access.
What about vulnerabilities on the factory floor?
MT: A plant that uses 5G to connect and command a fleet of autonomous robots could have a vulnerability within the robot operating systems. An attacker who discovers the vulnerability could exploit it in a way that disrupts production or puts human workers in physical danger. A malicious actor also could exploit a vulnerability in 5G-connected quality control or surveillance systems, allowing them to exfiltrate proprietary design data or trade secrets being captured by the systems.
What must small and mid-sized manufacturers (SMMs) do to protect themselves and their supply chains?
MT: Protecting a 5G-enabled factory requires a multifaceted approach. You can’t just slap a firewall on your network and call it a day. I would start with network segmentation. Don’t put your entire factory floor on a flat network. Use network segmentation to create separate, isolated zones for different functions. For example, your production robots should be on a different network segment from your office computers. If one segment is compromised, the attacker can’t easily move to another.
Companies also should move toward a zero-trust architecture. A zero-trust approach means every device and user, regardless of whether they are inside or outside your network, must be verified before they can access resources. This is essential for 5G, where devices are constantly joining and leaving the network.
For devices that can be patched, implement a robust patch management process for all software and firmware. This can be difficult and introduce at least temporarily a new risk if you cannot test patches for effectiveness and unintended consequences in a test environment.
Additionally, vet your suppliers thoroughly. Ensure that they have implemented strong security practices and that you have a clear understanding of everyone’s responsibilities when it comes to security.
Does going to 5G mean SMMs must update or even overhaul their entire security approach?
Yes. Moving to 5G doesn’t just mean updating your technology; it means updating your security mindset. For SMMs, this is a chance to build security in from the ground up rather than trying to bolt it on later. The principles of good security — network segmentation, access control, and vulnerability management — remain the same. What’s new is the scale and the types of devices you need to apply them to. With 5G you must think beyond the traditional IT devices and consider every sensor, robot, and camera as a potential security risk.
It sounds like 5G is transformative not just to cybersecurity but operations overall. How should companies manage this kind of change?
When you’re planning your 5G implementation, involve cybersecurity experts from the very beginning. This is the idea of “secure by design.” By thinking about 5G as an opportunity to build a more resilient, efficient, and secure operation from the ground up, you can harness its power while protecting your business well into the future.
Technology is only one part of the solution. You need to train your employees on the new security risks and establish clear operational procedures for managing 5G devices. This includes things like managing access credentials and responding to security incidents.
One key piece of advice is don’t try to transform your entire factory at once. Start with a small pilot project — maybe automating one production line or implementing a new quality control system. This allows you to test the technology and your security controls in a contained environment before you scale it up.
