Threat Landscape: Securing the 5G environment

Securing the 5G environment

The next generation of wireless technology, 5G, is more than just an incremental improvement in cellular networks. It holds the potential to be up to 100 times faster than 4G and offer ultra-reliable low latency communications. 5G is, therefore, poised to become the key en­abler of internet of things (IoT) and ma­chi­ne-to-machine communication, which are finding wide application across enterprises. 5G networks are expected to play a key role in facilitating digitisation and au­to­mation in sectors such as healthcare, manufacturing and transport.

However, as 5G opens up new use ca­ses across industries, it also makes net­wor­ks more vulnerable to cyberattacks. With their li­mited bandwidth and speeds, the current generation of cellular networks have allowed telecom op­erators to monitor security threats in real time. However, the blazingly high bandwidth and the consequent increase in data traffic with 5G will mean that security teams will have to deploy additional workforce and solutions to guard the networks.

Some of the cybersecurity risks associa­ted with the deployment of 5G services stem from the nature of the network itself, while others involve the devices that would be connected through 5G. Given that 5G will soon form the digital backbone of several strategic sectors, it is imperative to look at the key security concerns that are likely to emanate with the proliferation of 5G services, and the possible solutions.

Inherent risks in 5G network architecture

The majority of telecom operators have either rolled out or are rolling out their 5G services based on existing long term evolution (LTE) network cores. As a re­sult, these networks inherit all the vulnerabilities of LTE networks, according to a report by the GSM Association. Since al­most all LTE networks are vulnerable to denial of service (DoS) attacks, 5G non-stand-alone networks will also be vulnerable to DoS.

Further, the 5G network core will be based on software-defined networking (SDN) and network function virtualisation (NFV) technologies. While virtualisation will make the deployment of 5G networks simpler, faster and more flexible, replacing dedicated hardware with software-defined systems may make mobile networks more vulnerable to attacks. Both SDN and NFV rely extensively on the hypertext transfer and representational state transfer protocols. The fact that these protocols are well known and widely used on the internet will probably make it be easier for hackers to accrue tools for finding and exploiting vulnerabilities in 5G networks.

Moreover, compared to 3G and 4G, 5G has far more traffic routing points, ma­king it difficult to perform thorough security checks repeatedly. In order to make a network completely secure, all of these ro­u­ting points will have to be monitored, as even a single unsecured area might co­m­promise the entire network.

Lack of security standards in IoT devices

The bulk of 5G use cases will consist of IoT devices, such as those deployed in in­dus­trial monitoring systems, smart city and smart transportation infrastructure. The behaviour of IoT devices will be en­ti­rely different from that of human subscribers, as the network activity of the latter is more consistent. The behaviour of IoT devices varies greatly across devic­es. For in­s­tan­ce, sensors communicate and exchange data periodically regardless of the time of day, but they may remain entirely stationary. By contrast, devices in other segments such as driverless vehicles are co­ns­tantly moving. Operators will therefore have to devise new solutions to mitigate IoT-related risks as the existing models, developed for identification of suspicious activity in the context of a human subscri­ber, will not work in an IoT set-up.

Cybersecurity is not a priority area for most manufacturers of low-end smart devices, which may open up several breach points in the networks. There is likely to be a wide variation in the quality of the se­cu­rity standards of the billions of IoT de­vi­ces that will be connected through 5G. A lack of security standards for IoT de­vi­ces has therefore emerged as a major cause of worry. Another related area of concern is the lack of encryption standards in IoT devices, which will make it easier for hackers to acquire information on the type of devices connected to a network (smart­pho­nes, vehicle modems, etc.) and the ass­o­ciated operating system. This will make the entire network and the connected de­vi­ces vulnerable to device-specific IoT targeted attacks.

Possible solutions

Given that 5G will soon become the mainstay of cellular networks, it is extremely necessary for operators and equipment vendors to take suitable steps to protect 5G networks from cyberattacks. Telecom operators often skip the security aspects of networks during testing and even implementation, and deploy security solutions only once the network is in use. While this expedi­tes network deployment and saves costs initially, operators eventually end up paying more to buy equipment that integrates well with their existing network infrastructure. Go­ing forward, operators should focus on install­ing suitable security solutions at the time of network deployment.

Since 5G networks will initially be based on the 4G network core, operators need to start by securing previous-generation networks. A careful analysis of all signalling information crossing the border of their existing network will help operators build adequate protection for 5G services.

As for the threat from the lack of standards in the IoT ecosystem, there is a need to establish product labelling standards for connected devices. This will help retail us­ers and enterprises ascertain how safe their IoT devices are. Also, greater awareness needs to be created regarding the importance of securing all internet devices with software updates. Operators and equipment vendors can also explore machine learning models capable of detecting unknown th­reats in a 5G environment.

The way forward

5G aims to provide a reliable and trusted innovation platform for businesses and or­ganisations to build and deliver new value-added services while acting as a key en­ab­ler for digitising and modernising cri­tical na­tional in­­frastructure such as energy and transport. The latter objective raises the bar for 5G systems with respect to providing ex­tremely secure communication services.

However, the very characteristics of 5G that make it fundamentally different from earlier generations also make it more prone to cyberatta­cks. Security risks are far grea­ter in a 5G ecosystem, as it has to grapple with threats stemming from a greater re­liance on cloud and IoT. Further, with 5G networks increasingly relying on virtualisations, there are potential risks related to ma­jor security flaws, such as poor software development processes within suppliers. The overdependence on software has also made it easy to maliciously insert backdoors into 5G products, making them harder to detect during security checks. The sheer number of devices that will be connected to 5G networks, with varying degrees of security standards, is another major challenge. Mo­re­over, because 5G networks are far mo­­re decentralised than 3G and 4G networks, it may be difficult to carry out the sa­me security checks as those for earlier-generation networks in a 5G ecosystem.

While the potential security breaches in a 5G set-up have become common kn­ow­led­ge now, operators are grappling with a lack of tools and a limited pool of security experts to identify and mitigate these threats. There is a need to expand the scale of current mobile network sec­u­rity performance and operations to meet the challenge of securing 5G networks. Further, sin­ce some of the elements in a 5G ecosystem, such as edge computing, distributed core and net­work slicing, will potentially generate new att­ack surfaces, service pro­viders must implement advanced security measures capable of mitigating attacks fr­om a broader threat landscape.

Going forward, enterprises and service providers need to collaborate to devise so­lu­­tions to ensure end-to-end security of th­e­i­r networks, jointly. A highly secure and reliable 5G network will serve as a key differentiator and an essential revenue enabler for both operators and enterprises.