We have heard it before. Another generation of mobile architecture is upon us and we are euphoric for all the cool things we can do more of. And of course good marketers will swear that you can lasso the moon if you have enough money to pay for it.
Let’s inspect 5G for what it really is, save the hype. It is an upgrade in the mobile architecture that pushes new computing elements and services closer to the edge in order to scale and improve network performance. The 5G specifications rely on virtualized and distributed network functions that span across remote locations, and is heavily dependent on robust, secure interworking between remote and local virtualized network functions.
5G also opens the network to new services using IT protocols and Open APIs – the latter of which introduces significant additional liability on the responsibility of the carrier network security owner.
I’ll Take a Slice of That
The “Network Slicing” concept in 5G aims to isolate specific application traffic into a dedicated virtual network. Each slice carries the traffic originating from a specific application, such as IoT Telemetry and Autonomous Vehicles, Smart City and Smartphone. Each application has its unique network traffic pattern and requires specific security policies. Having an isolated virtual networks brings security benefit and limits security risk impact to the specific slice.
Sharpening the Edge
With this new network paradigm based on service-based architecture (SBA), the previous 3G and 4G network element boxes transformed into a cloud of micro-services functions, distributed and disaggregated based on the carrier coverage needs and specific applications deployed in the carrier network. The new architecture exposes many internet interfaces in various network segments from the core peering link up to the far-edge compute to address scale and low-latency requirements.
Such mass exposure of external internet interfaces significantly raises the cyber security threat level. IoT and its applications running at the far edge provides new services based on vast usage of open, published interfaces based on HTTP\2. On one hand, this enables openness and service agility, and on the other, extensive exposure to attacks tools and tactics using publicly available information to wreak havoc on network infrastructure and services.
In other words, the new 5G security perimeter has widened and expanded far beyond what we are familiar with in LTE and 3G world.
A Call to Arms
A typical network security solution will include various security elements such as firewalls, DDoS protection, web application firewall, etc. Each system may require its own domain expertise when it comes to proper configuration and tuning. When a carrier network is under attack, dedicated expertise is required for handling changes and setting the proper mitigation action.
With the new reality of network slicing and highly distributed network functions carrier security teams will be overburdened unless they employ an automated, self-learning defense mechanism. With the current telecom carriers, the economics of an increase in security staff is not an option when moving toward 5G – it just doesn’t scale from a cost-perspective and it puts human engineers at a disadvantage to ever-increasing machine-based bot attacks.
Automation as Table Stakes
A comprehensive security solution used across all network slices benefit from ease of management and required team expertise. Security vendors must design security products around the concept of self-learning, which is essentially threat detection not heavily dependent on pre-configured rules.
Minimal setup and configuration is required in 5G to lower carrier security team effort around system operation. An automated attack mitigation capability provides security teams with ‘peace of mind’ that all attack time actions taken care without manual intervention by security administrators, with strong visibility into network security threats across all network functions and slices.