Why Security Should Be Baked into Your 5G Strategy from the Beginning
New security threats posed by 5G have the potential to impact individuals in ways never before seen under 4G and earlier generation connectivity.
The impact 5G will have on daily life is expected to be enormous, unleashing the promise of long-hyped services such as self-driving cars, augmented reality and millions of other connected-things offering their own plethora of services.
But at least one area of growing concern among experts is security.
The broad scope and reach of 5G, while exciting, comes with increased exposure to a wider spectrum of security threats. As service providers rely on a more disaggregated and virtualized network architecture to enable speed, the number of access points susceptible to attack will grow exponentially.
In fact, analyst firm Ovum forecasts more than 1.3 billion 5G connections by 2023.
Think of it like a house. Your existing 4G home has the typical entryways: a front door, back door and side door. In upgrading to a 5G model, construction crews have come in to build a delightful new interior but have also added six new exterior doors to improve access and flow.
Is the existing security program you had in place for your 4G home an adequate solution to secure your shiny new 5G model equipped with three times as many doors? The answer is no, of course not.
If 5G truly unlocks the potential of the Internet of Things (IoT), then security, resiliency, scalability and sustainability need to be incorporated into the foundation of any such rollout strategy.
5G is now a reality
In a 4G world, a majority of network connections came from smart phones. In the 5G world, millions, if not trillions, of access points will be added – everything from the connected cars, security cameras, refrigerators or any other device with smart capabilities.
The first movers in 5G are already providing commercial services in a few U.S. markets and initial use cases aimed at delivering familiar services such as fixed and mobile broadband. But the technology will soon go beyond simply connecting people to connecting anything and everything, allowing for new services that empower new experiences across all industry verticals.
To facilitate that level of speed and connectivity, service providers will need to rely on Network Function Virtualization and software-defined networks to add flexibility to the network. To deliver 5G, service providers will need to build more antennas closer to the user while placing data center functions and the data centers themselves closer to the edge to distribute important functions.
All of this creates an increased vulnerability.
Security as part of the recipe
Thinking of security frequently and making it part of the network architecture at the earliest of stages will be paramount.
The expected mass adoption of 5G across verticals – industries that need varying degrees of connectivity — is the biggest threat.
To illustrate, let’s explore one of 5G’s most promising use cases: autonomous cars and the transition from vehicle-to-everything (V2X) technology to cellular-vehicle-to-everything (C-V2X) capabilities. Equipped with C-V2X technology, the self-driving car can use the 5G network to communicate with nearby vehicles and infrastructure that’s out of its line of sight, allowing the car to gather more data from the network and improve its decision-making algorithm.
What happens if a bad actor hacks into that line of communication? Or a natural disaster elsewhere interrupts the network while such data is being collected by the car?
The U.S. government is just now beginning to solicit information on the use and integration of current and future communication technologies related to V2X and C-V2X deployment, along with the challenges associated with achieving such interoperability.
We already know cybersecurity attacks can have disastrous impacts on governments, companies and people in terms of loss of property, finances, brand and reputation. It’s clear from the autonomous vehicle use case that the security interface is critical, and a breach could have fatal consequences.
The new threats posed by 5G security vulnerabilities have the potential to impact individuals in ways never before seen under 4G and earlier generation connectivity.
WHAT’S THE BEST DEFENSE STRATEGY?
The most secure system is one that is disconnected from the network altogether. But that is not a realistic approach. Given the latitude of the threats landscape and the complexity of attack algorithms, the industry needs to maintain and increase its focus on 5G security.
The 3rd Generation Partnership Project (3GPP) set the standards for security all the way back in the 3G days, when security features such as network access, domain security and application security were first introduced. That same group has already issued some standards for 5G security, mostly as an evolution of the 4G security architecture.
Future security standards, which will encompass solutions for the massive Internet of Things (mIOT) and Ultra-Reliable Low Latency Communications (UR-LLC) are still being developed.
Meanwhile, service providers are being required to address security with a multi-layered approach. Cisco details five key requirements for a secure 5G network, which include threat prevention, detection and remediation, anomaly detection, DNS intelligence and threat intelligence. Incorporating each of these as a layer of an overall security strategy will be important.
For example, a multi-faceted approach would include a visibility and detection layer, a DNS protection layer, an application protection and policy enforcement layer, a New Generation Firewall (NGFW) and Distributed Denial of Service (DDoS) protection layer, a segmentation and isolation layer and, finally, a malware protection layer.
These layers should span the entire 5G network to ensure integrity of data and applications at every point of the network, from service providers on one side to the consumer of the service on the other.
Of course, this is easier said than done. As the industry moves toward a more disaggregated environment, what used to be a single box providing multiple functions from the same vendor has been broken into different pieces— including air interfaces, transport/xHaul, packet core — allowing for a wider attack surface.
Now, attackers do not have to figure out one master box, they just need to figure out one portion to gain access.
According to a scholarly analysis of 5G authentication from researchers at the Swiss Federal Institute of Technology, France’s University of Lorraine and University of Dundee in the UK, such disaggregation has “created critical security” gaps that could lead to a higher frequency of Man in the Middle breaches, in which attackers can hack into an access point somewhere along the end-to-end network spectrum and force web traffic to go to through them on its way to the actual destination.
For instance, a Man in the Middle attacker could access the data of a bank customer trying to access their account information by hacking into a single point in a disaggregated network. In this situation, the hacker could redirect traffic through their machine, encrypting or decrypting the customer’s information, before sending it along to the bank’s website. All the while the customer is none the wiser they’re information has been compromised.
Piece the puzzle together
As the industry begins to see new ways in which 5G can be utilized, new security considerations arise with it.
A partner that can glue all the pieces together, and test, validate and deploy effective solutions will be key.
World Wide Technology (WWT) is a full-stack 5G reseller that can enable service providers to accelerate time to revenue by validating with speed and integrating at scale complex, multi-source solutions as it relates to 5G.
WWT’s experienced solutions architects and subject matter experts can help recommend best practices and find the sweet spot between software and infrastructure in order to find the right starting point and identify cost saving opportunities where they exist.
WWT’s Advanced Technology Center (ATC) provides multiple Lab as a Service (LaaS) options that allow for testing and proofs of concepts (POCs) in a multi-vendor environment as well as continuous solution validation.
Customers can then leverage WWT’s Global Integration Centers to take the solution from the drawing board to deployment in a matter of weeks, instead of months.