5G Security Vulnerabilities Are Raising Concerns for Mobile Operators
A Survey by GSMA and Trend Micro Is Showing a Concerning Lack of Security Capabilities for Private 5G Networks.
According to the study by GSMA and Trend Micro, 68 percent of operators are already selling private wireless networks to enterprise customers, and the rest of them are planning to by 2025.
Unfortunately, from a security standpoint, the operators in question may not be ready for prime time as 41 percent of the surveyed operators said they face challenges when it comes to solving 5G security vulnerabilities related to 5G’s network virtualization, and 48 percent declared they lack enough internal knowledge or tools needed to discover and solve security vulnerabilities at all.
What Changes With the 5G Networks?
5G networks represent a huge change from the prior wireless networks because they are largely software-defined and virtualized, as the network functions that were historically defined in hardware are now becoming virtual software capabilities with all of these components being orchestrated through a flexible software control plane in which even the air interfaces in the radio access network (RAN) is software-defined.
Because so much of the environment is virtualized, there will be a lot of software creating images and tearing them down – the volume of virtualization is unlike anything we have experienced so far. The risk there is that we do not know how well the software will perform under such huge loads. Every experience with distributed software under load suggests that things will fail, services will drop and any vulnerability will be wide open for exploitation.
When looking at 5G we are seeing its speed and the ability to support a wide range of next-gen applications, which includes smart-factory installations, smart cities, autonomous vehicles, telesurgery, advanced data analytics, and artificial intelligence among others.
5G private networks are to become the norm in a variety of settings where they’ll connect sensors and a range of industrial internet of things (IoT) devices.
These networks will manage complex factories, distribution centers, and logistics operations. Think about the traffic at a major port – much of the work is not done by individuals but by application software coordinated by scheduling and orchestration software. If you can take this over, you can dump containers into Long Beach Harbor, or ship 2,000 pounds of Cream O’ Wheat to your neighbor. In the port of Amsterdam, the bad guys took over the scheduling software and actually had containers full of guns, drugs, and in some cases, criminals delivered without inspection into the port then smuggled onwards throughout Europe.
This technology uses multi-access edge computing (MEC), in which the network edge analyzes, processes, and stores the data generated from endpoints as collecting and processing data closer to the customer reduces latency and brings real-time performance to high-bandwidth applications.
We’re focusing on corporate 5G implementations, generally called NPN – non-public networks. In these environments the 5G signal is restricted to a specific area – a port, a distribution center, a manufacturing facility – so we don’t have random devices connecting, and every application and device can be authenticated (note that this is not an architectural requirement but it is a really good idea).
Even with that, the 5G network will be a very efficient way to move data around the site, so if malware gets into something, it will spread fast.
The survey clearly showed that more than half of the operators have reported that MEC is a key part of their strategy for addressing enterprises’ private networks, but unfortunately only 18 percent of the surveyed operators offer security for both the edge and endpoints.
Best Practices for 5G Security
While it’s true that security capabilities are lagging at this moment, almost half (45 %) of the operators that participated in the survey are seeing as extremely important the investment in security in order to achieve long-term enterprise revenue goals.
In conclusion, it might be crucial to have a strong security strategy in place before adopting the 5G technology, as 5G will generate new use cases that will need appropriate cybersecurity measures.