5G creates opportunity for users but also for cybercriminals, so how can organisations ensure 5G wireless network security?
One thing is clear about 5G and network security— it does not involve more of the same. Organisations can’t just scale-up existing practices and technologies; they need a new approach.
As Adrian Belcher, Solutions Architect at Gigamon, told me, organisations need “to treat 5G as a paradigm shift, and they will need an open mindset”.
>See also: Establishing a strong information security policy
5G wireless network security
New applications will emerge to take advantage of the faster speeds 5G offers — “It’s a massive opportunity,” says Belcher, but warns this is “no incremental step”.
With opportunity comes challenge. As Jake Moore, global cybersecurity advisor from ESET, told me: “Although 5G is paving the way in the future of technology for the next generations, it comes with a number of security concerns which need to be addressed before it is too late.”
He added: “5G networks will unleash high-speed servers enabling billions of devices to connect and work more efficiently, but this data will be extremely sought after, and the security must be issued in the design phase. Legacy approaches have taught us that older technology cannot withstand modern-day attacks, so adding many more devices to the network naturally increases the number of intrusion points.”
>See also: Combating common information security threats
Four considerations
For organisations securing 5G network security, there are four considerations:
- RAN
- Core
- Transport
- Network interconnects
Let’s drill down
Radio Access Network (RAN)
The RAN (Radio Access Network) is the actual antenna carrying the radio waves at the 5G spectrum. As Scott Goodwin from DigitalXRAID says: “They are the very edge of the whole ecosystem, on cell towers placed as close to end users as possible and act as a conduit from the radio world to packet-switched or IP-based digital network.”
The RAN presents unique challenges, not least the risk of physical damage to antennas — not necessarily deliberate, but potentially so. Consider, for example, how during the height of the Covid epidemic, some individuals blamed 5G for exacerbating Covid and tried to damage the masts.
For organisations trying to ensure 5G wireless network security, there isn’t much they can do to protect cell towers — these are outside their control. But they will need contingency plans; they will need to plan to ensure business continuity. In short, they will need to understand the risks and plan accordingly.
“I think that a lot of organisations and enterprises have got to start to think in new ways about business continuity,” says Belcher, “especially in light of what’s happened over the last couple of years.”
>See also: Mitigating common network management security issues
Core network
“The core network is at the heart of the system and provides all the required technology overlay of services; this is absolutely mission critical; any compromise here can disrupt the availability of mobile networks,” explained Goodwin.
For Moore, network technology brings up the thorny issue of foreign agents. “The use of equipment in networks supplied by foreign companies must be thoroughly checked before the infrastructure enables foreign states to effectively spy on the data. In addition, high-risk vendors need to be omitted from being able to analyse the data, and stricter rules are currently being pursued to make the infrastructure private.”
Transport and network interconnects
Finally, there are the transport and network interconnects; these determine how the entire system hooks into the core or other providers’ networks for roaming and moving from cell towers.
The disruption
5G also means disruption, a whole new way of providing security. For Adrian Belcher, disruption is a vital point.
He explained that 4G employed what one might call “proprietary architecture” but with late stage 4G and 5G it is different. “The architecture might use, for example, VMware or OpenStack, but whatever the software platform is, that’s a much more open environment.”
He added: “5G network security requires a different skill set … I’m a convert to the art of the possible with 5G, but organisations must be realistic about what they must face up to. I think they have to take a very strategic view of 5G. If you dabble a bit and dip your toe in it, you might find that you don’t realise enough value to warrant the disruption.
“It’s not going to be a question of doing more of the same and sticking with the tried and tested practices. But I would say they have got to come at it realistically and with an open mind that there might be quite hard decisions, and comfortable relationships with some vendors might have to end.”
But while Belcher doesn’t see what he calls a “homogeneous uptake of 5G” and says the traditional market won’t disappear overnight, he does think 5G will eat into the enterprise market.
Machine learning and the Cloud
5G will create multiple opportunities for applying AI and extensively using Cloud and Edge computing. But as Jake Moore said: “Cloud-based threat analysis and the introduction to machine learning on big data will be able to provide quick reactions to unknown threats and potential attacks.
“Although we can put measures in place to mitigate the current threat landscape, bad actors are very good at adapting to change and are often quicker than the antidote, so although 5G will put a stop to some current threats, it will also create further unknown gaps, and therefore the result will be a consistent adoption of new mitigation techniques fighting off increasingly heavier and more sophisticated attempts.”
Scott Goodwin suggests that “with all enterprise security, confidentiality, integrity and availability are key concerns and must be addressed especially by our telecommunications providers”.
He explained further: “They must follow adaptions of major frameworks such as NIST and CAS-T and implement clear cyber security strategies to protect their assets and the end, customers. These will include thorough external security testing, full security monitoring, well-defined security objectives and a robust risk management process.”
Opportunity and challenge revisited
5G is a massive business opportunity, but for organisations to ensure 5G wireless network security, they will have to apply a new mindset. Disruption creates winners and losers, and, to be a winner companies must commit to the challenge, embrace the opportunity and plan strategically. Above all, they must be ready for change, a lot of change.
More on cybersecurity
Top 10 most disastrous cyber hacks of the 2020s so far – This article takes a look at the top 10 most disastrous cyber hacks carried out on organisations in the 2020s, so far
Jake Moore – deepfake is the next weapon in cybercrime – ESET cybersecurity specialist Jake Moore on what safeguards every business should have to combat cybercriminals, how CTOs can make their job easier, and why deepfake video is the next front in the cyberwar
Spending on cyber security to hit $188bn next year – Cyber security spending will also enjoy double-digit growth in 2024 until cheaper solutions enter the market
