Connectivity has become a defining feature of the modern economy, and fifth-generation wireless technology, or 5G for short, is gathering pace to drive a new era of connectivity. Ian Smith, Security Operations Director, GSMA, shares how enterprise security could be enhanced with 5G networks.
According to recent figures published by the GSMA IntelligenceOpens a new window , by 2025, 5G will account for more than two billion, or a quarter of total mobile connections, and by 2030 there will be an estimated 5.3 billion mobile-connected IoT devices.Â
In addition to delivering high-bandwidth benefits to smartphone users, 5G provides enterprises and society with a more secure and capable communications network to enable bandwidth-heavy, low-latency and safety-critical services such as industrial automation, smart cities, autonomous vehicles, drones and smart homes. 5G also enables enterprises to exploit new technologies such as artificial intelligence (AI), machine learning (ML), and mobile edge compute (MEC) to develop new use cases that will unleash the value of connectivity.Â
There is no doubt that one day everything worth connecting will be connected. However, a critical challenge that many enterprises face when trying to realize a truly connected future is how to ensure the security of these new service offerings.Â
See More: 5G and Its Transformative Effect on Business and Cybersecurity
5G Security Enhancements and Challenges
For enterprises, 5G is an opportunity to enhance their operations, boost productivity and improve user experiences by implementing new network capabilities such as network slicing, edge computing and low-latency communication. This is supported by a range of different network deployment models for 5G, including utilizing multiple sub-3GHz spectrum bands, 5G standalone networks, 5G mmWave and Fixed Wireless Access (FWA).Â
Compared to previous generations of mobile networks, 5G enables advanced security controls, including enhanced mutual authentication capabilities, better subscriber identity protection and improved network interconnect security. 5G will also offer enterprises powerful new security enabling features such as network slicing, which allows the creation of wide-area secure private networks. These private networks not only allow for a customized set of protections but also help reduce the attack surface and, should there be a security breach, confine the potential threats to a single network ‘slice’.
To realize these security benefits, the deployment of 5G services raises several critical security challenges:
-
- Scale: 5G will enable thousands of highly scalable new services spread across virtually all market sectors. These services will become intrinsic to our everyday lives, connecting billions of people and things, including cyber-physical systems that could result in danger to human life if attacked. This massive growth in services results in a vastly increased attack surface and a heightened risk of an attack having severe consequences.
- Complexity: The 5G standards defined by 3GPPOpens a new window provide an uplift in network security capability, resolve legacy security issues, and offer network operators, greater flexibility in network implementation. Consequently, networks are also becoming more complex to implement, manage and operate. Put simply, because networks are becoming increasingly software-based and decentralized, the supply chain is becoming more complex and the attack surface has increased with more potential entry points for bad actors to exploit.Â
- End-to-end security: Even the most secure underlying 5G network connection cannot guarantee the end-to-end security of a poorly designed higher-layer service. Every component of an end-user service must follow a ‘secure by design’ approach, and correspondingly, the responsibility for achieving end-to-end security must be a shared goal between the network provider and enterprise customer.
When factored together with an ever-evolving security threat landscape, these specific challenges raise the question of how 5G services and the networks that support them can mitigate risks to ensure new threats and vulnerabilities are quickly discovered and resolved.
Addressing Security Challenges through Collaboration and Standardisation
In response to these security challenges, the mobile industry has been actively working to minimize cyber-risks by investing in the security of 5G networks, devices, and services and building solutions to enable speedy detection, response to and mitigation of malicious attacks. Network operators constantly strive to improve their preparedness and incidence response, participating in capacity building and collaborative sharing of best practices.Â
Mobile industry initiatives that support these endeavors include:
-
- The sharing of global cybersecurity information through GSMA’s Fraud and Security Group (FASG)Opens a new window , which actively drives the industry’s response to fraud and security matters and produces up-to-date guidelines to minimize the impact of security threats and to manage the industry and network operator response effectively.Â
- The implementation of global cybersecurity initiatives such as the GSMA’s Telecommunications Information Sharing and Analysis CentreOpens a new window and Coordinated Vulnerability Disclosure Programme (CVD)Opens a new window , which respectively serve as a hub of real-time threat information-sharing within the mobile industry and allow security researchers to responsibly disclose vulnerabilities to the industry before the details are published to afford industry the opportunity to respond to the vulnerabilities to protect network security.
The mobile industry also recognizes that building end-to-end security and resilience requires industry and regulatory coordination. Developing a predictable and stable regulatory environment that aligns with national and industry security objectives, encouraging and facilitating compliance, is essential to this goal. The industry actively supports regulatory initiatives, such as the European Commission’s Cybersecurity ActOpens a new window and the UK’s nascent Product Security and Telecommunications InfrastructureOpens a new window bill, often by developing candidate industry security schemes that act as a precursor to regulatory-led security initiatives. A great example of this is the GSMA Network Equipment Security Assurance Scheme (NESAS)Opens a new window , jointly defined by 3GPP and GSMA, which provides an industry-wide security assurance framework for 5G network equipment to facilitate improvements in security levels across the mobile industry.Â
See More: Three Keys to Unlocking Value from 5G
Ultimately, Security Is a Shared Responsibility
5G offers an unprecedented opportunity to uplift both network and service security levels, but it is dependent on industry collaboration and initiatives to ensure both networks and services remain resilient to security threats. Achieving the goal of end-to-end security is a shared responsibility – the most secure telecom network in the world cannot mitigate the risk from a poorly designed and insecure website or application.Â
The telecom industry is transparent about the threats facing mobile networks, as illustrated in the GSMA’s Mobile Telecommunications Security LandscapeOpens a new window report outlines the risks facing the industry and how to mitigate them. The GSMA’s Fraud and Security GroupOpens a new window also maintains up-to-date guidelines that inform members on protecting network assets, services and users from fraud and security threats.
Ultimately, cybersecurity is the shared responsibility of industries, enterprises, governments, regulators and end-users and every actor in the value chain needs to play its part. Now is a better time than any to work together because cybersecurity risks are dynamic and not confined to national borders. Only by working together will we open the doors to the full potential of a truly secure and interconnected world.Â
Do you think 5G would enable better enterprise security? Share with us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to know!