We all know the phrase, “With great power comes great responsibility.” Made famous through Spiderman’s comics and feature films, this phrase is attributed to Peter Parker’s uncle, who wanted Peter to understand that he should use his new powers for good and to help others.
This same phrase applies to 5G networks. There is no doubt, they come with great power; that is, they promise to change our daily communication in ways we’ve yet to imagine by utilizing data speed, IoT growth, ultra-low latency and a dynamic user experience. 5G networks also, however, come with great responsibility. If not secured properly, what is intended for good, can quickly be used for evil by cyber criminals.
The 5G Difference
Yes, the 2G, 3G and 4G evolutions made game changing promises, too, but 5G is different. 5G is a real revolution created by three crucial technology advancements:
- Network topology has changed from one centralized gateway to a distributed network with multiple internet breakpoints.
- Core network has transformed to a cloud-native design approach and will use APIs to support the control and user plane separation.
- RAN can now support higher cell density, higher bandwidth, and ultra-low latency while enabling an open-hardware world with the Open RAN concept.
With this new infrastructure in place, services that previously could not be adopted on a large scale will now begin to emerge. Artificial intelligence (AI), virtual reality (VR), new Industry 4.0 applications, critical medical services, autonomous mobility and more will be able to use 5G’s ultra-low latency. Furthermore, lightning-fast data connection, improved cell density and network slicing will enhance common services such as over-the-top (OTT) services and online gaming for customers and operators.
Security Threats and 3GPP Specifications
The same technology advancements that allow service providers to deliver lightning-fast connectivity with ultra-low latency also allow hackers to execute larger, more sophisticated cyberattacks. On top of that, the virtual transformation of the core network adds not only complexity, but also dependency on APIs, which creates an added layer of security risk and exposure. Unprepared service providers can be overwhelmed by the next generation of security threats and must equip themselves with new and different security postures.
To help sort through the security implications, the 3rd Generation Partnership Project (3GPP) was formed. This standard body defines a complete system description and specifications for all known cellular telecommunications. 3GPP also defines security specifications for 5G. These specifications are the foundations on which all 5G security elements are built upon.
3GPP defines the security elements regarding software integrity, encrypted communication, registration and access management. These security concerns are crucial, and many network vendors embrace them. The problem is that network traffic and threats are dynamic. Without behavioral and intelligent protection, any component on the service provider’s network can be compromised, even when 5G network vendors are embracing 3GPP security elements.
Service providers transforming their networks for 5G must improve their security posture. They need to close 3GPP security gaps by adding behavioral machine learning and other intelligent algorithms that can enable anomaly awareness and automate mitigation.
The Most Important Elements Needed for a Sound 5G Security Solution
To build a secure solution for 5G, some vital elements are necessary:
- Alignment with 3GPP – This is the foundation of 5G security. Aligning and understanding 3GPP’s security guidelines are essential for any security vendor or service provider desiring to deploy and manage a robust and secure 5G network.
- Ability to be agnostic to low-latency requirements – Security elements for the RAN must be stateless and agnostic to latency requirements (sub-10-ms). A great 5G security solution will use behavioral algorithms to detect attacks within high-bandwidth traffic with a granularity that can be as specific as per user equipment. Accomplishing this in a stateless and air-gapped solution can enable both latency requirements and uncompromising protection.
- Multi-cloud environment – The 5G network revolution enables applications and core network elements to be deployed in a distributed and disaggregated cloud environment, in many cases also in public clouds. Public clouds create new threat surfaces that can be exploited. A sound 5G security solution must secure the cloud environment against identity and access abuse, protect against malicious user behavior, and safeguard the environment’s overall security posture.
- Highly distributed and scalable security, designed for service mesh architecture – The new core network design makes container orchestration an obvious choice for service providers. It will enable flexibility and scalability and will be an ideal solution for 5G network topology disaggregation.
A great 5G security solution must deliver state-of-the-art web application and API protection (WAAP) natively built for microservices running in orchestration ecosystems such as Kubernetes.
3GPP security specifications are a basic pre-requisite of any 5G network solution. Even then, service providers will not be able to adequately handle the dynamic security requirements of 5G networks. It’s time to move beyond the 3GPP security layout and close the gaps with intelligent algorithms that can enable anomaly awareness and automatic mitigation.
5G networks hold great power, and with great power comes great security responsibility.