The 5G toolbox of defense
For the mobile communications industry, security has always held a prominent role. However, the onset of 5G – which introduces new network architectures, services and devices – raises the stakes and increases the challenge for network operators.
5G is set to affect almost every aspect of life through hosting more critical infrastructure and enabling the development of a digital environment. This makes any breach potentially catastrophic, and governments are taking note – it’s therefore imperative for security to be front-and-center in new 5G networks.
Countering emerging threats is no easy feat and requires concerted action. The European Union is one such organization taking the lead. It has analyzed numerous risk scenarios and has come up with a toolbox that outlines nine mitigating measures and supporting actions that member states and network operators can leverage to defend themselves.
The EU toolbox clearly distinguishes between strategic measures and technical measures. Strategic measures include regulatory powers, diversification of suppliers (including third parties), and maintaining a sustainable and divergent 5G supply chain. Technical measures include deploying specific and baseline network security solutions and processes, as well as ensuring resilience and continuity.
Traditionally, strategic considerations are the domain of governments and regulators. That being said, mobile operators and their suppliers have been leaders in deploying technology-based security solutions. As such, operators must be aware of three EU risk scenarios where technology will lead the way.
Misconfigured networks
To start, we need to look at the possibility of network misconfiguration. While the network components might have been initially configured with parameters in compliance with security policies, the network is a constantly evolving entity, and thus settings will need to adapt and change accordingly. A misconfigured network runs the risk of creating vulnerabilities that can only be deflected by an automated audit and mitigation process in place.
Looking from a broader perspective, 5G networks potentially comprise thousands of data centers distributed towards the network edge, each playing host to cloud-native virtual network functions. For operators to keep track of all of these functions manually is an impossible task. To combat this, an automated solution is put in place to verify network parameters and compare them to a gold standard to seamlessly correct any anomalies with minimal operator intervention.
Misconfiguration is a common and persistent threat, and the only way to counter it is through an automated audit and mitigation process. This is particularly relevant with the introduction of dynamic, distributed and complex network deployments. Here, an audit and compliance solution with automation capabilities is the key to building a strong network. It can automate the audit and analysis of all parameters in physical and virtual networks, by inspecting them against ideal versions.
It then indicates any mismatches to prevent service degradations and process inefficiencies. Automated audit and compliance solutions can also enhance service assurance methods by automating and accelerating parameter and configuration checking – ultimately, improving the customer experience.
Looking within to lower security risks
The second risk scenario considers the failure to control and monitor exactly who does what in the network, or simply put, the lack of access controls – all of which can lead to a plethora of security issues. A “zero trust” work basis is typically an operator’s go-to and recognizes that even employees and contractors pose a potential threat. Yet, such threats can still go undetected for months without the right solutions.
At the same time, the management of authentication, access control and authorization processes are dispersed and often done in a siloed way that creates an environment for increased security control, including multiple shared users on one account, a limited granularity of authorization, no centralized delegation capability, limited authentication policy, and so forth.
In an ideal world, all activities should be attributable to a specific user so that any abnormal behavior can be identified. This is because internal user attacks are often the hardest to find, which allows them to do the most damage. User management solutions are great to mitigate this as it defines user groups, complete with rights adapted to suit the role played by members of the group. Coupled with user behavior analytics, it creates a security module that can more swiftly spot anomalous behavior and terminate suspicious user sessions, as well as control business risks, improve decision making and manage costs.
Securing smart devices
In the information age, connectedness is both our strength and weakness. A GSMA Intelligence report forecasts that by 2025, IoT connections will reach almost 25 billion globally. This poses some big security risks for 5G networks and operators ought to ask: “How do I ensure the security of billions of devices and the network they are running on? How can I prevent a hacktivist group or state-backed actor from taking control of IoT devices to attack the network?”
Rather than scanning files for malware, a more efficient method is to monitor network traffic between user endpoint devices and the internet and look for evidence of interference or infection.
The key here is to use an endpoint security solution that acts as a consumer-facing malware detection, notification and remediation service. An end-to-end security solution provides real-time network-based detection and analytics for all devices, whether the device has an integrated anti-virus or another protection system.
For example, an endpoint security solution can identify the creation of a botnet in real-time and block or interfere with the communications to and from the command-and-control point coordinating the infected devices. It can then either inform users or IoT vendors to cleanse their devices or initiate processes within the mobile network operator’s organization to update the firmware of the affected devices.
Trust the experts
Many operators, as well as network hardware and software suppliers, have played a pivotal role in securing critical networks in the past decade – and they will continue to be important players in securing 5G networks across the globe.
Security requirements and considerations must be an inherent factor of all 5G architectures, not an afterthought. Therefore, it is imperative for operators, communications service providers, vendors and enterprises alike to invest in 5G security now, so that they can deliver new services with confidence, trust and privacy, while also avoiding unexpected costs as a consequence of leaving high-value data unprotected.