The Top Three Challenges for Securing 5G
In our latest contribution Lakshmi Kandadai, Director, Palo Alto Networks, outlines the three major challenges for securing 5G.
5G promises enhanced mobile broadband experience, industrial digitalisation via customer value creation and countless other benefits. It has been over a year since the technology first launched in the UK, but there is still much more to be done to achieve widespread coverage across the country. In these early stages of development, there is naturally a focus on pace of rollout, improvements to latency, faster data speeds and functional mobile network redesign to enhance efficiency, agility and openness. However, it is vital that security is not left out of the equation. It is up to the many stakeholders across the industry, within government, and standards organisations to now build a strong foundation for security to mitigate risk as the vision for 5G is realised. It will be much more difficult, costly and time-consuming to protect 5G from those with malicious intent after it has been fully deployed, delaying cybersecurity gives cyber-criminals more time to act.
There are three key challenges for securing 5G. The first is the Internet of Things (IoT), the second is 5G cloud adoption, and the third is developing standards and best practices.
1. The challenge of securing IoT
Palo Alto Networks has conducted ‘proof of concept’ tests around the world and discovered that a high proportion of malicious software currently in mobile networks is made up of IoT botnets. Cyber-criminals often use command and control (C2) communication channels over the Domain Name Service (DNS) and have even used the DNS to extract data. What’s more, Unit 42, Palo Alto Networks’ threat intelligence arm found that over 50% of all IoT devices are vulnerable to medium or high severity cyber-attacks in its 2020 IoT Threat Report leaving both service providers and enterprises vulnerable.
Inadequate IoT security in operator networks means attacks are evolving alarmingly fast in terms of severity and frequency. Massive cyber-attacks can come from within operators’ own networks via a botnet made up of large-scale weaponised IoT devices in the tens of thousands. This could comprise non-standard computing devices such as microcontrollers and sensors which may run open source or proprietary operating systems and applications and use diverse cellular connectivity models to connect to the internet wirelessly. IoT devices that have been poorly configured represent an opportunity for hackers to build huge botnets, so it is no surprise malicious network attacks using vulnerable IoT devices are on the rise.
Other Unit 42 research shows the challenge of securing IoT is one faced by numerous critical industries including medical and government organisations as they continue supporting people through the COVID-19 pandemic. With breached IoT devices suffering anything from diminished usability to overall device performance and denial of service impacting not just intended targets but also overall network services, which greatly expands the number of people that could be affected, it is clear botnets are a massive threat. As IoT threats become more sophisticated, service providers need to make their detection and prevention methods more sophisticated too.
2. The challenge of filling security gaps in the cloud
As telecom operators embrace distributed, hybrid technology environments that are multi-vendor, multi-site cloud infrastructures, ‘physical’ network perimeters are disappearing, meaning the approach needed to secure telecom networks radically changes. This technological shift has been prompted in part by many operators’ preferences for a multi-cloud strategy with end-to-end automation for network operations and services to meet diverse 5G-enabled service offering performance and scalability needs.
Software-driven operational models do help drive agility, but also come with serious security flaws from the software platform, underlying OS and software stacks that make networks more vulnerable to attacks that must be addressed, such as Linux threats, host vulnerabilities, and container/hypervisor vulnerabilities. They may also be at risk of lateral threat movement between virtual network functions and applications. As the landscape becomes more distributed, risks are no longer confined to data centre assets – hackers are targeting devices outside traditional perimeters too.
3. The challenge of developing 5G security standards
Many stakeholders in telecoms understand security is fundamental to effectively launching and using 5G, and there is appetite for standards and best practices. There have already been an array of standards and best practices set up on spectrum allocation and use but there is definitely room for leading-edge 5G security practices. Fortunately, the industry association GSMA, which represents over 750 mobile operators around the world, has outlined best practices in mobile security and expanded its guidance, offering a good foundation to build on.
So, how can we overcome these challenges to secure 5G?
The right approach to securing 5G is multi-faceted and needs a collective effort from both industry and governments. Both businesses and the public sector have a vested interest in mitigating cybersecurity threats, preventing mobile network infrastructures falling victim to cyber-attacks and reducing the impact of cybercrime, so it is crucial to work together.
Industry and governments should cooperate to identify obstacles that are statutory, regulatory or policy that may hamper successful security of mobile network infrastructure and create new plans to ensure critical infrastructure that uses – or will use 5G – is appropriately secure. At the start of 2020 the European Commission took steps towards this by endorsing the joint ‘5G EU ‘toolbox’ – a series of measures for use by member states in the EU to address security risks as 5G is rolled out.
Governments should incorporate measures that mitigate security risks to network infrastructures, services, applications, operators’ customers (enterprises and end-user consumers) and more into their planning.
Industry associations should continue collaborating with service providers and vendors to develop new security guidelines and measures. The GSMA has already consulted with service providers to publish FS.37, a security reference document detailing best practices to secure 5G networks by detecting and preventing attacks against mobile networks, services and applications on the GPRS Tunnelling Protocol User (GTP-U) plane.
Service providers must have real-time visibility into their networks and hybrid cloud environments as well as granular control over traffic to spot and prevent cyber-attacks in the form of IoT botnets and other threats. Overcoming the major security challenges we face with the rollout of 5G will make protecting organisations and their data much easier and more successful.