The term 5G is the fifth-generation cellular network. It is capable of enabling download and upload speeds 10-100 times faster than what is possible on a 4G network. The time taken for wireless devices to communicate with wireless networks, known as latency, is also significantly reduced. Additionally, 5G has been designed to facilitate the exponential growth of the Internet of Things (IoT). This includes, for example, security systems, autonomous vehicles and ‘smart home’ devices like Amazon’s Alexa.
A distinguishing feature of 5G is network slicing. This allows segmentation of the network for industry (such as emergency services), business or specific use. Another feature is network function virtualisation. On 4G networks, these functions run on hardware located at a business premises. On a 5G network, these functions can operate through software on a virtual machine.
What are the cyber risks and current issues related to 5G?
The 5G network poses significant cyber threats to government defence and its related industries. Threats may stem, initially, from firms involved in the deployment of 5G and its requisite infrastructure. Presently, the most controversial telecommunications company is the Chinese giant Huawei.

Huawei maintains that it is not owned by any other organisations, nor is it in any way affiliated with the Chinese government. However, these claims have been widely disputed by top US officials and others. The fact that Huawei is not a publicly traded company (only Huawei employees can purchase shares) has led many to conclude that it is effectively state-owned. Furthermore, there are concerns that Huawei may be compelled to hand over sensitive user information at the request of the Chinese government pursuant to current legislation. Article 7 of China’s 2017 National Intelligence Law stipulates: “any organisation or citizen shall support, assist and cooperate with the state intelligence work in accordance with the law.”
Due to these security concerns, Australia and the United States have prohibited Huawei from contributing to its deployment of 5G infrastructure. Conversely, the UK government granted permission to Huawei in January of this year to play a role in building its 5G network. This decision, however, is now under scrutiny by many UK lawmakers as a result of China’s handling of the COVID-19 pandemic.

Rather than involve Huawei, The US Department of Defense is currently seeking US-based firms to launch a series of 5G prototype projects at military bases around the country. It is speculated that these projects are likely to incorporate virtual and augmented reality into mission planning, together with smart warehousing and spectrum-sharing experiments.
Of importance to the 5G network are the ‘mid-band’ frequencies capable of transferring large amounts of data. For instance, the US military utilises this mid-band frequency for many of its air defence systems. However, other frequencies remain unused. US companies wish to utilise these same frequencies for commercial purposes. If this were to occur, the military and civilian sectors would be sharing ranges of the spectrum.
In the event that foreign firms such as Huawei contribute to the development of 5G in the US, its equipment and services could be using the same frequencies as the US military. This creates a potential attack vector for a foreign power to exploit.
Although the US has taken steps to prevent this from happening within its borders, it is not the case with many other countries who have decided to utilise the subsidised Huawei technologies and services instead of developing their own or partnering with more trusted providers.
Australia
Australia has adopted a conservative approach in blocking Huawei’s involvement in the nation’s 5G rollout. This posture is good news from a security perspective. However, this in no way means the 5G network will be immune to cyber threats and defence industries will need to remain vigilant in protecting network security.
Currently, it is important to understand these risks within the scope of working with defence during COVID-19. It is no coincidence that the Australian Cyber Security Centre recently advised operators of critical infrastructure to double check security controls. If any migration to new 5G infrastructure is to occur, it is vital – particularly now – to understand how the new infrastructure operates, and which parties have access to that infrastructure. With many companies migrating to home environments, if you as a defence contractor are in a contractual arrangement with any third party, their cyber risk may become your cyber risk.
The Takeaway
Ultimately, the Australian government made a cautious decision to ban Huawei from participating in Australia’s 5G network development and deemed any involvement by Huawei to be a risk to the nation’s critical infrastructure. The government appreciates the risks of migrating to 5G. This cautious approach should extend to defence industries because their connection with government (including the Australian Defence Force) systems can serve as a gateway for incursions.
Migration to 5G systems requires preparation, caution and care. In addition to the normal duties carried out by defence contractors, such as compliance with the Defence Industry Security Program (DISP), we recommend the following:
- Ensure you know who has access to any part of the new system;
- When migrating to 5G, consider all contracts and new partnerships carefully – do the necessary background work to ascertain the reliability of the parties with whom you will be entering into agreements;
- Keep up to date with laws and regulations related to cyber security as it is a rapidly evolving landscape; and
- Keep a hard copy action plan in place related to the network you are using, so if anything goes wrong – such as a breach of a system – you know who should take charge, you know who to call, and you are not left wasting time thinking.
5G is just another step forward. Defence industry partners should remain cautious, but at the same time acknowledge and appreciate the exciting opportunities 5G can provide for their business.
Editor’s Note: James Dance and Gideon Stein are interns at cyber law firm WiseLaw. Opinions expressed in this essay are theirs.