Can 5G make organisations more vulnerable to cyber-attacks? asks Ronen Shpirer, Director of Solutions Marketing at the cyber company Fortinet.
The roll-out of the 5G mobile network will offer the potential for download speeds of up to ten times faster than today’s, promising to change how we communicate, work and stream video. Gartner predicts that 66 per cent of organisations will take advantage of these benefits and adopt 5G by 2020 — with 59% of them planning to use 5G to support the Internet of Things (IoT) across their business. However, 5G does present a unique opportunity for cybercriminals to target more devices and launch attacks on a larger scale.
From a threat actor perspective, mobile operators weren’t all that interesting of a target, due to the fact that previous mobile generations were aimed at consumers and it was far more effective to target the users themselves, the smartphone or the content provider. But 5G has changed that outlook. Mobile Network Operators (MNOs) can now offer a whole ecosystem of services, applications and content to enterprises and industries, becoming extremely critical for the economy and national infrastructure as well. Which is a far more financially enticing target for a cyber criminal. Therefore, MNOs must secure their infrastructure to maintain the service’s availability and continuity, but it’s security from an attack or even human error, as well.
If 5G is becoming an enabler for industries, these services are now an attack vector for criminals to bring down enterprises through financial means, espionage or activism. If MNOs and enterprises don’t take care of security today, it will become riskier and more complicated, if and when all critical infrastructure is run through 5G.
Take smart factories for example, all operations will eventually be supported through 5G and IIoT. Should an attacker successfully gain access to the 5G network that serves a factory, they can halt production or manipulate the application which manages robots on the factory floor, into doing things they aren’t supposed to. This becomes especially more sinister with autonomous transport and vehicles.
Securing the network
In order to secure 5G networks against these threats, both the MNO and enterprise need to understand the impact and risks associated. There is an element of trust that needs to be built between the MNO and the enterprise. More importantly private 5G networks are being developed at a rapid pace and there are a lot of question marks around how best to secure them.
Delivering and managing private cellular networks will vary based on their architecture, services and capabilities, complexity and the needs and requirements of the enterprise. Private networks can be delivered as a fully private and close environment at the enterprise premise (including Radio Access Network (RAN), Multi-access Edge Computing (MEC) and Core), as a shared environment between the enterprise and the MNO (shared RAN and control plane), or as an end-to-end network slice.
Securing a versatile, hybrid and highly scalable 4G and 5G RAN is more important than ever due to the evolving nature of radio technology. Securing the RAN mandates a new kind of security gateway (SecGW) infrastructure—one that is agile and hybrid, but also capable of supporting the mixed architectures and different performance, scalability, and QoS requirements LTE-A and 5G present. Physical and virtual firewalls can help here, offering a flexible and scalable platform.
MEC sites also require a level of security considerations. The deployment of these sites with networking, storage, and compute resources enables MNOs to deploy ultra-low latency applications, whether fully hosted in the MEC site or as part of a larger ecosystem deployment in the telco cloud and partner clouds/public cloud.
Whatever the architecture and the solution is, security must be integrated in different points of the implemented architecture to ensure the availability of the service and the user plane data integrity. The use of a common set of security tools enables operators to streamline their overall security onboarding and operational aspects across mobile infrastructure and services, reducing cost, eliminating gaps in trained security engineers, and increasing their overall agility and ability to deliver value to gain the trust and adoption of their customers.
