5G has always been the cyber-cellular hybrid, and a push for Application Programming Interface (API) proliferation within 5G is set to blend these two worlds even further. It’s an uneasy path forward – the market revenues are unclear, and there is the threat of multiplicity and non-standardization of solutions – and security is by no means the least of the problems network operators and developers backing the API market will have to face. Recent forecasts by global technology intelligence firm ABI Research suggest that 5G security software revenues will more than triple in the next five years, reaching over US$4.6 billion. APIs won’t be the sole source, but they will form part of this massively expanding software ecosystem and will constitute one of the largest threat vectors.

“It’s critical that operators don’t rush this. API-based network exposure could be a viable counter to slow 5G network Return on Investment (ROI). Still, it also presents a major security risk and must be achieved in measured and comprehensively reviewed steps. APIs have already been the source of major telco breaches, and this will keep happening if good security design and policy isn’t included from the very beginning,” says Georgia Cooke, Digital Security Research Analyst at ABI Research.

APIs are not just a threat vector – the security-focused API market is predicted by ABI Research to grow to over US$5 billion in 2028, and in this sense, APIs will help to identify and protect against attack. APIs, therefore, present a balancing act. Cooke explains, “If well-implemented, APIs could be an invaluable source of data for threat identification systems, with network insight that could alert security analysts to attacks in the early stages and prevent successful breaches. However, simple misconfiguration or human error could leave networks exposed and vulnerable to attackers.”

Standardization is a key component to getting this right, and so various bodies have been created to guide operators through the process and ensure collaboration. The GSMA Open Gateway project is the largest, with 65% of worldwide mobile connections covered by Open Gateway-associated vendors. Rigorous best practice guidance, collaborative interoperable design, and effective intelligence sharing are key to successfully addressing API vulnerabilities.

“The ecosystem has diverse stakeholders, and the potential returns could be considerable – but there are key security concerns which must be addressed early in the process,” Cooke concludes.

These findings are from ABI Research’s API Security in 5G Networks report. This report is part of the company’s Telco Cybersecurity research service, which includes research, data, and ABI Insights.