Contact

Menu

Article

5G: A secure technology?

Around two thirds of the world’s population, or roughly 5 billion people, are mobile subscriber and use the third generation (3G) or the fourth-generation (4G) wireless networks1. It enables the consumer to capture the full potential of smartphones and other smart devices. Nowadays the next generation (5G) is attracting a lot of public interests.

October 10, 2019

Dr. Patrick Kolb

Fund Manager, Credit Suisse Asset Management

header image showing man looking at laptop in a data center

5G promises to transform the way people are using the internet. This technology has the ability to improve efficiencies at every level, increasing network bandwidth, speed and reach, while simultaneously lowering latency across almost in every area. Equipment makers and telecom operators are already rushing to test and roll out this next generation of wireless networks, which will be as much as 100 times faster than the today’s 4G standard. The new 5G networks are expected to enable the steering of driverless cars or doctors to perform complex surgeries remotely. Critical new services can emerge, such as remote health care, emergency response, and wide-ranging industry applications that will leverage the Internet of Things (IoT). All these novel services will depend on communication networks, and IT security is in our opinion the key enabler. We believe this will open up vast new possibilities for consumers, businesses as well as for governments. While the economics of 5G are still being worked out, proponents say the potential payoffs can be immense: Companies that own patents stand to make billions of dollars in royalties. Countries with the largest and most reliable networks will have a head start in developing these technologies, enabled by faster speeds. And the dominant equipment suppliers could give national intelligence agencies and militaries an advantage in spying on or disrupting rival countries’ networks.

Is 5G secure?

The most exciting part of 5G is how speed will change the internet. So far, it is simply about transporting data from point A to point B. Today’s internet-connected cars may be able to get driving directions sent to it, but it is essentially the same as getting an email, and that’s nothing else than the one-way transportation of pre-existing information. The autonomous car is vastly different: The 5G network allows computers to orchestrate a flood of information from multitudes of input sensors for real time decision-making. According to Richter (2017), connected cars can create up to 25 gigabytes of data per hour. As Fig. 1 shows, this amount of data is equivalent of nearly 30 hours of HD video streaming or more than a month’s worth of 24-hour music streaming.

data-usage-of-online-activities-en.jpg

Fig. 1: Data generated by connected cars compared to data usage of online activities (per hour)

Sources: Credit Suisse, Richter (2017): Big Data on Wheels, in: Statista, Feb. 9th. 2017, URL: https://www.statista.com/chart/8018/connected-car-data-generation/; last accessed on June 12, 2019

Interested in our Security funds?

   

Building 5G is not just simply building a network, but it is also about whether that network will be secure enough for the innovations it promises. Let’s take the example of autonomous vehicles again: When 5G enables autonomous driving, do we want those cars and trucks crashing into each other just because somebody has hacked the network? If 5G will be the backbone of breakthroughs such as remote surgery, should that network be vulnerable for somebody breaking into a surgical procedure?

In our opinion the evolving relationships between 5G networks, computing resources and end users will have a huge impact on IT security. The connective power of 5G means a greater number of network endpoints, resulting in more possible openings through which an attacker may penetrate the network. Once compromised, these openings can be exploited at a new speed and scale. 

Potential threats range from critical infrastructure connected to a 5G network, including the electrical grid, water systems and fuel pipelines, and a breakdown of communications and massive service outages to unauthorized access to sensitive and private data. As processing power migrates to the edge of networks (i.e. edge computing) to serve new mission critical business applications2, the number of intrusion points will expand massively. As a consequence the security stakes are rising: With today’s 4G networks a large botnet could be used to mount a large-scale Distributed Denial of Service attack (DDoS attack) on websites. But in tomorrow’s 5G world the same botnet could take out an entire network of self-driving cars. The vast number of remote sensors and smart devices connected to global supply chains will radically increase the complexity of security networks. This combined with the enormous amount of data created by 5G will make it even more difficult to spot anomalies3. Recent studies have identified potential vulnerabilities in 5G network architecture that threaten to undercut its promises to drive a new era of innovation. In this context we want to highlight three papers:

  • According to scientists from the ETH Zürich, the University of Lorraine/INRIA, and the University of Dundee, a new Authentication and Key Agreement (AKA) flaw was recently discovered that would allow cybercriminals to intercept 5G communications and to steal data. The AKA vulnerability could also cause a user to get wrongfully charged for a third party’s usage of the 5G network4.
  • Another study conducted by the European Union for Network and Information Security (ENISA) identified flaws with two signaling protocols in 2G, 3G and 4G networks (so-called SS7/Diameter), which could also appear in 5G networks. The signaling protocol’s vulnerabilities could allow the network traffic to be eavesdropped or spoofed, location intercepted, or used to disconnect a target’s phone from the network. Additionally, ENISA warns that the use of common internet protocols (such as HTTP) in 5G networks means that when vulnerabilities in those protocols are discovered, the software flaw could be transferable to mobile networks as well5
  • Finally, Positive Technologies Inc., a global provider of enterprise security solutions, examined the vulnerability of mobile networks. According to the authors currently no mobile network is secure, subscriber data is in jeopardy and no operator (either big or small) can guarantee a secure network. In their study the researcher launched several cyber attacks and managed successfully to execute 80% of Denial of Service attacks (these attacks lead to a disruption of operations), 77% of data leakage attacks and 67% of fraudulent actions6.

Thematic Investments

Our investment teams identify and aim to invest in exciting and attractively valued companies that are on the cutting edge of innovation. Join us and invest in tomorrow’s winners.

Implications and conclusion

5G could open up new security challenges. As this new mobile network begins to roll out, organizations are increasingly looking for service providers who are able to offer a resilient network with robust cybersecurity mechanisms in place to secure their connected customers and make sure applications and services that come across their networks are clean and secure. In a survey conducted by Ericsson, which included the Top 20 global mobile service providers, 90% of the respondents identified IT security as a key differentiator in 5G adoption7. 5G security vulnerability fuels operators’ business risk to offer reliable and secure availability of life-critical consumer applications and business-critical enterprise mobile services. Establishing a high reputation will be critical for mobile network operators. Therefore we think there are two implications for investors:

  • First, the growing awareness of novel 5G security vulnerabilities will surely accelerate the efforts to protect the communication networks. The current challenges are unspecified cybersecurity goals and there is a lack of precision in the definition of standards8. In our opinion key 5G security initiatives should include tools based on artificial intelligence (AI) with the aim of identifying threats quickly. Other open areas that need to be addressed are questions about access control and how an integrated security architecture can adapt to the changing network environment. 
  • Second, 5G security requires a new holistic and transformative approach: Prevention becomes more critical than ever. An increasing level of security automation is needed as well as the integration of big data analytics. As of today we believe the rollout of 5G is unchartered territory and unforeseen consequences might happen. Therefore we think new 5G security solutions will directly benefit specialized IT Security companies.

In our opinion IT security is a fundamental enabler for 5G. With its proliferation we think new companies with cutting edge technologies are well positioned to capture market share from established incumbents. We expect these trends highlight the need for a best of breed approach. Very often the providers of such products and services are young and innovative companies in the small and mid cap world. We think IT security-related issues are becoming increasingly omnipresent in our daily lives and the implications from the ongoing digitization of our society are becoming more critical.

As long-term oriented investors we think the theme security and safety in general are compelling long term secular growth themes for patient investors. Based on these convictions we are shareholders of a number of young and  innovative companies which are developing novel security solutions in 5G and IoT. Companies that delivers cloud-grade scalability, visibility and control with advanced protection for mobile networks as well as in the field of next-generation firewalls are in our opinion well positioned. 

Fund Facts
Credit Suisse (Lux) Security Equity Fund

Source: Credit Suisse, June 30, 2019

Fund management

Credit Suisse Fund Management S.A.

Portfolio manager

Credit Suisse Asset Management (Switzerland) Ltd, Zurich
Dr. Patrick Kolb

Portfolio manager since

March 1, 2007

Fund domicile

Luxembourg

Fund currency

USD, EUR, CHF

Inception date

October 19, 2006

Management fee p.a.

For unit class AH, B, BH and CB: 1.60%; for unit class EB and EBH: 0.90%
For unit class IB and IBH: 0.90%; for unit class UA, UB and UBH: 1.00%; for unt class MBH: 0.70%

TER (as of May 31, 2018)

Unit class B 2.01%, unit class IB 1.15%, unit class BH in CHF 2.02%, unit class BH in EUR 2.00%, unit class EB2 1.10%, unit class UA 1.29%, unit class UB 1.32%, unit class UBH in CHF 1.31%, unit class UBH in EUR 1.32%, unit class IBH in CHF 1.15%, unit class IBH in EUR: 1.15%, unit class MBH in EUR: 0.91%, unit class EBH2 in EUR:1.11%, unit class EBH** in CHF 1.14% (estimated), unit class AH in EUR 1.96%

Maximum Sales Charge

5% for all unit classes except unit classes IB, IBH, EB and EBH (max. 3%) and MBH (max. 1%)

Single Swinging Pricing (SSP)*

Yes

Benchmark

MSCI World (NR)

Unit classes

Unit class B, IB, UA, UB, EB in USD; unit class BH, IBH, EBH and UBH in CHF; unit class AH, BH, EBH, IBH, MBH and UBH in EUR

ISIN

USD unit class B: 

LU0909471251

USD unit class UA/UB***:

LU1557207195 / LU1144416432

 

USD unit class IB:

LU0971623524

EUR unit class UBH***:

LU1144416606

 

EUR unit class IBH:

LU1644458793

EUR unit class MBH***:

LU1692472852

 

CHF unit class IBH:

LU1457602594

USD unit class EB**:

LU1042675485

 

EUR unit class BH:

LU0909472069

CHF unit class BH:

LU0909471681

 

CHF unit class UBH***:

LU1144416515

EUR unit class EBH**:

LU1575200081

 

CHF unit class EBH**:

LU1886389292

EUR unit class AH:

LU1584043118

 

Please note that not all share classes may be available in your country.

* SSP is a method used to calculate the net asset value (NAV) of a fund, which aims to protect existing investors from bearing indirect transaction costs triggered by in- and outgoing investors. The NAV is adjusted up in case of net inflows and down in case of net outflows on the respective valuation date. The adjustment in NAV might be subject to a net flow threshold. For further information, please consult the Sales Prospectus.
** For Institutional clients only.
*** In Italy: For instituonal clients only.

Fund Risks
Credit Suisse (Lux) Security Equity Fund

  • No capital protection: investors may lose part or all of their investment in this product.
  • Focus on security and safety companies can lead to significant sector/regional exposures.
  • Exposure to small and mid caps can result in higher short-term volatility and may carry liquidity risk.
  • Due to the possibility of increased exposure to the emerging markets the fund may be affected by political and economic risks in these countries.
  • Equity markets can be volatile, especially in the short term.

Sources
1 Source: GSMA (2017): Global Mobile Trends 2017, URL: https://www.gsma.com/globalmobiletrends/; last accessed on June 12,2019
2 The idea behind edge computing is that compute/storage will increasingly occur closer to the end-device. It helps to reduce latency and transportation costs and pushes applications, data and computing power away from centralized points to locations closer to the end user. Reduced data volume, traffic and the distance the data must travel are the main advantages. 
3 Source: CPO Magazine (2019): 5G and the Future of Cybersecurity, in: CPO Magazine, April 4th 2019, URL: https://www.cpomagazine.com/cyber-security/5g-and-the-future-of-cybersecurity/; last accessed on June 12, 2019
4 Source: Basin et al. (2018): A Formal Analysis of 5G Authentication, Conference Paper, in: ETH Zürich Research Collection, Oct. 15th 2018, URL: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/300545/CCS18_finalcrc2_Fixed-Typo.pdf?sequence=1&isAllowed=y.; last accessed on June 12, 2019
5 Source: ENISA (2018): Signalling Security in Telecom SS7/Diameter/5G: EU level assessment of the current situation, March 2018, URL: https://www.enisa.europa.eu/publications/signalling-security-in-telecom-ss7-diameter-5g.; last accessed on June 12, 2019
6 Source: Positive Technologies (2016): Primary Security Threats for SS7 Cellular Networks, URL: https://www.ptsecurity.com/upload/ptcom/SS7-VULNERABILITY-2016-eng.pdf 
7 Source: Ericsson (2018): Exploring IoT Strategies, paper, URL: https://www.ericsson.com/en/internet-of-things/trending/exploring-iot-strategies.; last accessed on June 12, 2019
8 „… We find that some critical security goals are not met, except under additional assumptions missing from the standard”, source: Basin et al. (2018)., p.1.

Disclaimer
The information provided herein constitutes marketing material. It is not investment advice or otherwise based on a consideration of the personal circumstances of the addressee nor is it the result of objective or independent research. The information provided herein is not legally binding and it does not constitute an offer or invitation to enter into any type of financial transaction.

The information provided herein was produced by Credit Suisse Group AG and/or its affiliates (hereafter "CS") with the greatest of care and to the best of its knowledge and belief. The information and views expressed herein are those of CS at the time of writing and are subject to change at any time without notice. They are derived from sources believed to be reliable. CS provides no guarantee with regard to the content and completeness of the information and where legally possible does not accept any liability for losses that might arise from making use of the information. If nothing is indicated to the contrary, all figures are unaudited. The information provided herein is for the exclusive use of the recipient. Neither this information nor any copy thereof may be sent, taken into or distributed in the United States or to any U. S. person (within the meaning of Regulation S under the US Securities Act of 1933, as amended). It may not be reproduced, neither in part nor in full, without the written permission of CS. 

Credit Suisse (Lux) Digital Health Equity Fund, Credit Suisse (Lux) Robotics Equity Fund, Credit Suisse (Lux) Security Equity Fund, Credit Suisse (Lux) Infrastructure Equity Fund: These funds are domiciled in Luxembourg. The representative in Switzerland is Credit Suisse Funds AG, Zurich. The paying agent in Switzerland is Credit Suisse (Switzerland) Ltd, Zurich]. The prospectus, the simplified prospectus and/or the Key Investor Information Document (KIID) and the annual and half-yearly reports may be obtained free of charge from the representative or from any branch of Credit Suisse AG in Switzerland.

Your Personal Data will be processed in accordance with the Credit Suisse privacy statement accessible at your domicile through the official Credit Suisse website https://www.credit-suisse.com. In order to provide you with marketing materials concerning our products and services, Credit Suisse Group AG and its subsidiaries may process your basic Personal Data (i.e. contact details such as name, e-mail address) until you notify us that you no longer wish to receive them. You can opt-out from receiving these materials at any time by informing your Relationship Manager.

Important Information for Luxembourg (via CS Fund Management S.A.)
For prospective investors in Luxembourg: This document was produced by Credit Suisse Group AG and/or its affiliates (hereafter "CS") with the greatest of care and to the best of its knowledge and belief. However, CS provides no guarantee with regard to its content and completeness and does not accept any liability for losses which might arise from making use of this information. The opinions expressed in this document are those of CS at the time of writing and are subject to change at any time without notice. If nothing is indicated to the contrary, all figures are not audited. This document is provided on a confidential basis and for information purposes only and is for the exclusive use of the recipient. This document has not been reviewed or approved by any supervisory authority in Luxembourg or elsewhere. It does not constitute an offer or a recommendation to buy or sell financial instruments or banking services and does not release the recipient from exercising his/her own judgment. The recipient is in particular recommended to check that the information provided is in line with his/her own circumstances with regard to any legal, regulatory, tax or other consequences, if necessary with the help of a professional advisor. This document may not be reproduced either in part or in full without the written permission of CS. It is expressly not intended for persons who, due to their nationality or place of residence, are not permitted access to such information under local law. Neither this document nor any copy thereof may be sent, taken into or distributed in the United States or to any U.S. person*.  Every investment involves risk, especially with regard to fluctuations in value and return. Investments in foreign currencies involve the additional risk that the foreign currency might lose value against the investor's reference currency. Historical performance indications and financial market scenarios are not reliable indicators of current or future performance. Performance indications do not consider commissions levied at subscription/purchase and/or redemption/sale. No representation is made that the investment policy or strategy pursued by the investment fund will or is likely to be successful or achievable. Furthermore, no guarantee can be given that the performance of the benchmark will be reached or outperformed.

The attention of investors is specifically drawn to the “Risk Factors” section in the sales prospectus and although high priority is given to risk control and monitoring, it cannot be ruled out that in exceptional cases a significant loss on individual investments may occur.

The investment fund mentioned in this publication has been established under Luxembourg law and qualifies as an undertaking for collective investment in transferable securities (UCITS) subject to EU Directive 2009/65/EC, as amended. Subscriptions are only valid on the basis of the investment fund’s current legal documents, i.e. the sales prospectus, key investor information document (KIID) and the most recent annual report (or half-yearly report, if this is more recent). If there is an inconsistency between this marketing document and the above mentioned legal documents, the provisions in the legal documents shall prevail. Investors should read the legal documents carefully before investing in the investment fund. These legal documents and the investment fund’s constitutional documents may be obtained free of charge, in English, from Credit Suisse Fund Management S.A., P.O. Box 369, L-2013 Luxembourg.

* “US Person” shall be defined as and include (i) a “United States person" as described in section 7701(a)(30) of the U.S. Internal Revenue Code of 1986, as amended (the "Code"), (ii) a “U.S. person” as such term is defined in Regulation S of the Securities Act of 1933, as amended, (iii) a person that is “in the United States” as defined in Rule 202(a)(30)-1 under the U.S. Investment Advisers Act of 1940, as amended, or (iv) a person that does not qualify as a “Non-United States Person” as such term is defined in U.S. Commodities Futures Trading Commission Rule 4.7.

Copyright © 2019 Credit Suisse Group AG and/or its affiliates. All rights reserved.