Private Cellular Security in the Utilities Industry
In this article
For those that decide to pursue this path, one of the next steps is considering how to implement cellular cybersecurity features to meet the unique security requirements of the critical infrastructure these networks support.
Adopting customized network solutions can unleash enhanced capabilities and operational efficiencies. One of those capabilities is improved cybersecurity. Unlike public LTE, where security is largely unknown to the end user, pLTE allows utilities to customize security across the entire solution. Accordingly, pLTE shifts the responsibility of security onto the utility company.
This shift demonstrates why it is essential for companies to have informed internal resources that understand the telecommunications implications, the importance of what that security looks like, and how to take steps to implement it properly.
Carriers indeed secure their 4G/5G networks. But their primary focus is on maintaining the integrity of their public services. They predominantly offer public access to Internet-based services, and their customers expect a level of security, but not necessarily the level of security required to support critical infrastructure.
On the other hand, utilities using the same 4G/5G technology face a more critical battle — one that warrants more a holistic approach to security. Rather than accessing the Internet, utility applications monitor and control the electric grid, which we know supports the general economy, public safety and basic human needs. This elevates the security risks and necessitates an even more diligent awareness of threat to consider as they follow (and necessarily adjust) carriers' public security precedents.
The good news is that 3GPP provides a key set of capabilities that create a security baseline for utilities to follow as they build out their own cellular networks. For example, features like traffic separation, over-the-air encryption, and secure backhaul are all basic 3GPP capabilities.
With that said, some of these items are optional and may not be right for some public LTE networks. Over-the-air encryption, for instance, can hamper user experience and may not be a popular option with carriers. It is a helpful security feature for utilities (who are both the users and operators within their pLTE network), and they should make it clear to their LTE solution designers that they want over-the-air encryption activated on their network.
When building a pLTE network, utility companies also have the option to secure beyond the basic 3GPP guidelines. They can implement next-generation firewalls and utilize situational awareness to maintain a safer communications environment. The end result is a much more secure and hardened private cellular network for a utility.
Putting necessary security in place requires a well-planned approach. To be most useful, pLTE security should incorporate zero trust architecture (ZTA) along with artificial intelligence and machine learning (AI/ML) to detect threats on the edges of the network. As users become more experienced with ZTA, they will automatically start to reduce the attack surface and security will be tightened.
When you employ an identity-based security strategy or ZTA approach for identity and access management, the underlying principle is not to give anyone or anything the ability to perform an action until their identity is proven. To establish greater trust, each utility can use its own private SIM cards and certificates to validate devices used within its system. In contrast to using public LTE, you are making the trust decision using advanced security mechanisms.
In the meantime, AI/ML algorithms are working to detect external threats on the fringes of the network. For example, AI/ML can recognize when a device is being improperly used to upload content and then stop the feed before it becomes problematic. With visibility and awareness of all network devices, the pLTE system is much more beneficial to utilities.
By basing situational awareness on SIM cards along with device identifiers to create various categories of users, utilities can observe similar and predictable utilization patterns that AI/ML solutions can then monitor. AI/ML can recognize historical trends and inconsistencies to identify threats that require attention. Situational awareness facilitates problem isolation with minimal impact.
Security can be a challenge for utilities making a move to pLTE. Especially if it is presumed that the technology's inherent security mechanisms are sufficient in themselves.
It is better to design advanced security controls to protect critical infrastructure systems, which is why professional third-party support is essential to a healthy migration. You need the right people in place who understand critical infrastructure requirements as well as industry-specific telecommunication and security issues.
In the case of private cellular security in the electricity utilities industry, WWT brings a unique, mission-critical perspective to the table that is backed by deep industry knowledge as well as a current understanding of security threats and technologies. Our expertise starts at the design phase to help you build a pLTE network and maximize your communications. Once new infrastructures are implemented, our security experts can stage and identify protection points essential to preserving the integrity of your system's devices and applications.
Regular contact with our IT professionals will also help you maintain continued awareness of how evolutionary telecommunications changes might impact operations. As businesses grow and needs expand, pLTE is constantly being fine-tuned. Along with ongoing third-party support, security workshops can help your staff remain up-to-date with best practices after pLTE implementation.
We live in a time of unprecedented operational challenges for the utility industry. As operations become more complex and their solutions more sophisticated, private LTE is quickly becoming a leading network solution for the utility space. For your utility company to properly shift to pLTE, the conversion starts with education to make sure you have cybersecurity in place to ensure that your investment in pLTE pays off over time.