The world of cellular is changing rapidly with the advent of 5G. 5G brings revolutionary performance and capabilities, but it also comes with new security challenges. In this article, we talk about the major security challenges affecting 5G networks and discuss five ways organizations can address such security challenges and reduce their networks’ attack surface.
5G is not just an upgrade to 4G. Instead, 5G was designed and built to provide secure, fast, and dynamic connectivity services. Because of this, the number of devices expected to connect to 5G networks is expected to explode. Ijaz Ahmed et al. writesOpens a new window that the 5G Public Private Partnership expects 5G to connect up to 7 trillion devices and things.
The art of managing a 5G network is also quite different from how a 4G network is managed. With 5G, carriers moved from provisioning customer networks with hardware to software-defined networking (SDN). This has shrunk the provisioning time from up to 90 hours to just 90 minutes. Organizations can include cellular services in their zero-trust network (ZTN) infrastructure as Network Function Virtualization (NFV) enables placing different network functionalities within appropriately managed network perimeters.
From an access control perspective, Theresa Lanowitz (AT&T) assertsOpens a new window that 5G provides strong encryption and subscriber identity protection. It also reduces the risk of traffic capture. This all looks perfect, but challenges exist.
Learn More: Wi-Fi 6 vs 5G: Which One Meets Your Connectivity Needs the Best?
Security Challenges Associated With 5G
Because 5G is managed mainly by the carrier, organizations must trust that their 5G carrier is doing all the right things. This new technology has created a foundation of trust, a necessary trust of carriers that we must understand to manage information resource risks.
Complexity is the enemy of security, and 5G is more complex than previous cellular technologies. Tech Data arguesOpens a new window that 5G uses more technology components, making implementation and management more difficult as the use of too many components expands the attack surface significantly.
Like any service or product offering, a risk of a supply chain attack exists. Malicious or unintentional introduction of malware, infected firmware, counterfeit components, and insecure designs contribute to this risk. Supply chain attacks are common, but they are likely to increase as more and more devices connect to expanding 5G networks rapidly.
Contributing to the supply chain challenges is the lack of 5G standards. The U.S. National Institute of Standards and Technology and the 3rd Generation Partnership Project are working on standards, but they are far from finished. In the absence of standards, it is difficult for an organization to understand what is needed and whether the carrier or vendor complies with best practices.
As 5G enables the increased implementation of IoT, the opportunities for botnet operators also increase. David Balaban reportsOpens a new window that Statista estimates up to 75 billion IoT devices will be connected by 2025, up from 30 billion in 2020. To keep their networks secure, organizations need to have visibility over built-in security controls in IoT devices connected to their networks.
One of the biggest challenges is the lack of training. Security and other IT teams are generally not ready for new 5G infrastructure vulnerabilities as the components making up the 5G foundation are new.Â
Learn More: 5G Security: Simplicity and Risk Management Are the Key Constructs for Growth
5 Steps To Prepare For and Manage 5G Networks
The first step is ensuring security and infrastructure teams understand how 5G will affect remote and local access. The training of these teams must include a firm understanding of the steps carriers and vendors take to ensure the correct service configuration. In addition, internal teams must understand how to interface with 5G connected networks securely. This training is required to develop organizational standards and guidelines for 5G service expectations. These standards must also address how these services will safely interface with existing infrastructure.
Second, organizations must be able to see carrier internal security and deployment processes. We expect transparency from our cloud service providers; carriers and device vendors must provide the same openness. With this transparency, organizations should create policies and procedures to assess the level of foundational trust initially. Over time, periodic assessments are also needed.
Organizations should consider moving to virtualization and software-defined networking because of the expanded and potentially more complex attack surfaces (SDN). Figure 1 shows how a 5G attack surface might look.Â
A Software-Defined Network enables organizations to apply security policies across their environments quickly. It also allows quick response when a vulnerability emerges somewhere on an organization’s attack surface. Trying to manage each physical device will no longer work well for larger organizations when they deploy 5G. Â
Figure 1: 5G Attack Surface (from Ijaz Ahmed et al.)
Related to SDN is the fourth recommendation: the use of machine learning and AI-infused with threat intelligence. Again, the number of logs aggregated and correlated will increase, increasing the number of alerts. AI triage of alerts will help sort out and prioritize possible incidents when managing a more significant number of connected devices.
Finally, organizations that have not begun moving to ZTNs should do so before moving to 5G. It is not necessary to move an entire infrastructure at the same time. Instead, moving high-risk resources to their network segments enables implementing zero trust segment by segment. In addition, interfaces between internal networks and 5G networks should also involve a zero-trust approach. The same is true when organizations ensure their cloud services providers properly manage 5G interfaces.
Learn More: 5G Networks Vulnerable to DoS Attacks, Report Finds
Final Thoughts
5G is set to change the way we collect, manage, and distribute information. It will also enable the increase in network-connected devices, thereby expanding each organization’s attack surface.Â
Security architecture design principles still apply to 5G technology. Once security teams are trained, they must work with management and other teams to develop policies, standards, guidelines, and baselines for integrating 5G networks. Finally, much of the trust element of risk assessments move to carrier networks. A partnership for risk management must exist between 5G-supported organizations, carriers, and device suppliers.
Do you think your security teams are adequately equipped to handle security challenges associated with 5G networks? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!