Threat Landscape: Securing the 5G environment

Securing the 5G environment

The next generation of wireless technology, 5G is more than just an incremental improvement in cellular networks. It holds the potential to be up to 100 times faster than 4G and offer ultra-reliable low latency communications. 5G is, therefore, poised to become the key en­abler of internet of things (IoT) and ma­chi­ne-to-machine communicatio­ns, which are finding wide application across en­terprises. 5G networks are expected to play a key role in facilitating digitisation and au­to­ma­tion in sectors such as healthcare, manufacturing and transport.

However, as 5G opens up new use ca­ses across industries, it also makes net­wor­ks more vulnerable to cyberattacks. With their limited bandwidth and speeds, the current generation of cellular networks has allowed telecom operators to monitor security threats in real time. However, the blazingly high bandwidth and the consequent increase in data traffic with 5G will mean that security teams will have to deploy additional workforce and solutions to guard the networks.

Some of the cybersecurity risks associa­ted with the deployment of 5G services stem from the nature of the network itself, while others involve the devices that would be connected through 5G. Given that 5G will soon form the digital backbone of several strategic sectors, it is imperative to look at the key security concerns that are likely to emanate with the proliferation of 5G services, and the possible solutions.

Inherent risks in 5G network architecture

The majority of the telecom operators have either rolled out or are rolling out their 5G services based on existing long term evolution (LTE) network cores. As a result, these networks in­herit all the vulnerabilities of LTE networks, according to a report by GSM Association. Since almost all LTE networks are vulnerable to denial of service (DoS) attacks, 5G non-stand-alone networks will also be vulnerable to DoS.

Further, the 5G network core will be based on software-defined networking (SDN) and network function virtualisation (NFV) technologies. While virtualisation will make the deployment of 5G networks simpler, faster and more flexible, replacing dedicated hardware with software-defined systems may make mobile networks more vulnerable to attacks. Both SDN and NFV rely extensively on the hypertext transfer and representational state transfer protocols. The fact that these protocols are well kn­own and widely used on the internet will probably make it be easier for hackers to accrue tools for finding and exploiting vulnerabilities in the 5G networks.

Moreover, compared to 3G and 4G, 5G has far more traffic routing points, ma­king it difficult to perform thorough security checks repeatedly. In order to make a network completely secure, all of these ro­u­ting points will have to be monitored, as even a single unsecured area might co­m­promise the entire network.

Lack of security standards in IoT devices

The bulk of 5G use cases will consist of IoT devices, such as those deployed in in­dus­trial monitoring systems, smart city and smart transportation infrastructure. The behaviour of IoT devices will be en­ti­rely different from that of human subscribers, as the network activity of the latter is more consistent. The behaviour of IoT devices varies greatly between devic­es. For instan­ce, sensors communicate and exchange data periodically regardless of the time of day, but they may remain entirely stationary. By contrast, devices in other segments such as driverless vehicles are co­ns­tantly moving. Operators will therefore have to devise new solutions to mitigate IoT-related risks as the existing models, developed for identification of suspicious activity in the context of a human subscri­ber, will not work in an IoT set-up.

Cybersecurity is not a priority area for most manufacturers of low-end smart devices, which may open up several breach points in the networks. There is likely to be a wide variation in the quality of the se­cu­rity standards of the billions of IoT de­vi­ces that will be connected through 5G. A lack of security standards for IoT de­vi­ces has therefore emerged as a major cause of worry. Another related area of concern is the lack of encryption standards in IoT de­vices, which will make it easier for hackers to acquire information on the type of devices connected to a network (smart­pho­nes, vehicle mo­dems, etc.) and the ass­o­ciated operating system. This will make the entire network and the co­nnected de­vi­ces vulnerable to device-specific IoT targeted attacks.

Possible solutions

Given that 5G will soon become the mainstay of cellular networks, it is extremely necessary for operators and equipment vendors to take suitable steps to protect 5G networks from cyberattacks. Telecom operators often skip the security aspects of networks during testing and even implementation, and deploy security solutions only once the network is in use. While this expedites network deployment and saves costs initially, operators eventually end up paying more to buy equipment that integrates well with their existing network infrastructure. Go­ing forward, operators should focus on insta­ll­ing suitable security solutions at the time of network deployment.

Since 5G networks will initially be ba­sed on the 4G network core, operators need to start by securing previous-generation networks. A careful analysis of all signalling information crossing the border of their existing network will help operators build adequate protection for 5G services.

As for the threat from the lack of standards in the IoT ecosystem, there is a need to establish product labelling standards for connected devices. This will help retail us­ers and enterprises ascertain how safe their IoT devices are. Also, greater awareness needs to be created regarding the importance of securing all internet devices with software updates. Operators and equipment vendors can also explore ma­chine learning models capable of detecting un­known threats in a 5G environment.

The way forward

5G aims to provide a reliable and trusted innovation platform for businesses and or­gani­sa­tions to build and deliver new value-added ser­vices while acting as a key en­ab­ler for digitising and modernising cri­tical national infrastructure such as energy and transport. The latter objective raises the bar for 5G systems with respect to providing extremely secure communication services. However, the very characteristics of 5G that make it fundamentally different from earlier generations also make it more prone to cyberattacks. Security risks are far grea­ter in a 5G ecosystem, as it has to grapple with threats stemming from a greater re­liance on cloud and IoT. Further, with 5G networks increasingly relying on virtualisations, there are potential risks related to major security flaws, such as poor software development processes within suppliers. The overdependence on software has also made it easy to maliciously insert backdoors into 5G products, making them harder to detect during security checks. The sheer number of devices that will be connected to 5G networks, with varying degrees of security standards, is another major challenge. Mo­re­over, because 5G networks are far mo­re decentralised than 3G and 4G networks, it may be difficult to carry out the same security checks as with earlier generation networks in a 5G ecosystem.

While the potential security breaches in a 5G set-up have become common kn­ow­led­ge now, operators are grappling with a lack of tools and a limited pool of security experts to identify and mitigate these threats. There is a need to expand the scale of current mobile network security performance and operations to meet the challenge of securing 5G networks. Further, since some of the elements in a 5G ecosystem, such as edge computing, distributed core and network slicing, will potentially ge­nerate new attack surfaces, service pro­viders must implement advanced security mea­sures capable of mitigating attacks fr­om a broader threat landscape.

Going forward, enterprises and service providers need to collaborate to devise so­lu­tions to ensure end-to-end security of thei­r networks, jointly. A highly secure and reliable 5G network will serve as a key differentiator and an essential revenue enabler for both operato­rs and enterprises.